Web Page Tracking

Mossess

I'm with Eircom, Any idea how to trace what pages I have visited? I can see the bandwidth usage alright, But I'm interested in the actual sites?

Or is it even possible?

pingoo

Well in all theory in order to track down the sites visited you'll need a Proxy server which applies with Internal network for example like Microsoft ISA Server. I wouldn't say they can, even if they did it might represent far too much data

beller b

I think EIRCOM are more interested on what YOU would be uploading/donwloading using file sharing etc...................

Snaga

Cant you use your browsers 'History' for that?

PixelTrawler

does the eircom guardian product track this for parents to keep an eye on their kids usage - if so maybe you could use this

Kristok

yea i think its the history button your looking for, eircoms servers keep track of what youve been to but its only for their records incase your doing dodgy crap.

Cabaal

Kristok wrote:

yea i think its the history button your looking for, eircoms servers keep track of what youve been to but its only for their records incase your doing dodgy crap.

...and the records are stored for 3 years...yipee!!

AdMMM

Well then surely you can get a copy of their records under the Freedom of Information act...

wheres me jumpa

just as a metter of interest, do eircom study everybodys history and report any dodgy dealings or is it a case of, if for example the guards, believe your up to no go, then your history will be consulted?

AdMMM

wheres me jumpa wrote:

just as a metter of interest, do eircom study everybodys history and report any dodgy dealings or is it a case of, if for example the guards, believe your up to no go, then your history will be consulted?

the latter

Mossess

to be honest I've noticed some activity while I know the PC has been off. think someone may be patching in. Not interested in tracking them down, as was my own fault for not being secure enough, but would be interested to see what was visited for the heck of it.

beller b

Mossess wrote:

to be honest I've noticed some activity while I know the PC has been off. think someone may be patching in. Not interested in tracking them down, as was my own fault for not being secure enough, but would be interested to see what was visited for the heck of it.

Silly question.....when you turn your computer off why would you leave your modem/router on?

Rew

beller b wrote:

Silly question.....when you turn your computer off why would you leave your modem/router on?

Most people do. Its a pain in the arse to be switiching them on and off they are designed for 24/7 on.

TimTim

beller b wrote:

Silly question.....when you turn your computer off why would you leave your modem/router on?

Because its a seperate device meant to be left on constantly? Isn't that the whole point of a router so your not reliant on one pc being on constantly on to use the internet?

Mossess

beller b wrote:

Silly question.....when you turn your computer off why would you leave your modem/router on?

It's wireless and is off in another part of the house, it's a pain in the behind having to first go turn on the router, then boot up the PC. then do the reverse each time I shut down. The router stays on to save me buying new shoes from all the running around the house.

Sparky

use your wireless security, and if you think someone has been patching in there should be some sort of log.

AFAIK, to be really secure aswell as using WEP you can restrict computers to the router by mac address

Mossess

Have WEP running now, but still curous about the other connections when I know for a fact the PC has been off.

rsynnott

|.Murderer.| wrote:

Well then surely you can get a copy of their records under the Freedom of Information act...

Well, assuming Eircom has become the government in a bloodless coup, then certainly. Otherwise no. It's a company.

Rew

rsynnott wrote:

Well, assuming Eircom has become the government in a bloodless coup, then certainly. Otherwise no. It's a company.

Data Protection Act still applies and gives you rights to the data. (I think)

Mossess

Not bothered going down the DPA route, just thought there might be an easy way to get the data back. :cool:

rsynnott

Rew wrote:

Data Protection Act still applies and gives you rights to the data. (I think)

I'm almost certain it doesn't; do you have a reference? The data protection act certainly applies, but that doesn't necessarily give you access (and in particular doesn't give you a right to ask for those records to be destroyed.)

Rew

Depends a bit on the definition of personal information...

http://www.dataprotection.ie/ViewDoc.asp?fn=/documents/rights/2.htm&CatID=16&m=r

Right of Access

The personal information to which you are entitled is that held on computer or in a manual filing system that facilitates access to information about you. You can make an access request to any organisation or any individual who has personal information about you. For example, you could make an access request to your doctor, your bank, a credit reference agency, a Government Department dealing with your affairs, or your employer. [view more...]

Right of rectification or erasure and blocking

If you find out that information kept about you by someone else is inaccurate, you have a right to have that information corrected (or "rectified"). In some circumstances, you may also have the information erased altogether from the database - for example, if the body keeping the information has no good reason to hold it (i.e. it is irrelevant or excessive for the purpose), or if the information has not been obtained fairly. You can exercise your right of rectification or erasure simply by writing to the body keeping your data.

In addition, you can request a data controller to block your data i.e. to prevent it from being used for certain purposes. For example, you might want your data blocked for research purposes where it held for other purposes.

rsynnott

Okay, on the face of it, that looks like it'd give you access, and possibly even right to delete. But, http://www.dataprotection.ie/viewdoc.asp?m=r&fn=/documents/rights/2di.htm

Point 1 could apply; the major reason this data is held in the first place is to leave a paper trail for fraud, child porn etc. investigations. Not sure about that one.

Point 3; similar to point 1; knowing exactly what had been recorded about their internet activity could potentially assist a criminal in establishing plausable deniability.

Point 7; a lot of data retained by ISPs falls under this category; it's there for the purpose of predicting usage patterns.

And finally, and I think this is the big one: the "Disproportionate effort" (an to an extent the Repeated Access Reqeusts; you could probably only do this once) section. Collating and sending all that data to everyone who made a request would be no joke.

In any case, do ISPs retain this sort of data habitually, in this country? They certainly retain IP-address to phone number over time mappings, but I'm not sure that they retain HTTP traffic details.

Red Alert

it's unlikely that they retain http traffic info. if they're not using a transparent proxy which IBB doesn't seem to anyway then there's nothing other than a traffic analyser which would need serious horsepower for a whole ISP.

Rew

The ISP's and Telcos (O2 etc) are retaining huge amounts of data. There stuck in that they don't know if they legally have to and they don't know if the legally can keep it. European law was going to insist on massive data retension but people pointed out how un-workable it would be. Its all a bit in limbo now AFAIK.

As for the current disscusion. Delation is not an issue, nobody said in any post they wanted to deleate data. As for criminal establishing plausable deniability, they are entitled to see any evidence against them when building a leagal defence so its not really an issue. Under the data protection act if you hold data on sombody you have to state the purpose. So if they hold it for predicting usage patterns they cannt use it for other things unless they add it to the list of reasons. This protects people who agree to allow their data to be used for one thing, thats the only thing it can be used for.

Rew

Red Alert wrote:

it's unlikely that they retain http traffic info. if they're not using a transparent proxy which IBB doesn't seem to anyway then there's nothing other than a traffic analyser which would need serious horsepower for a whole ISP.

How would you know if they were or weren't useing a transparent proxy if it were transparent?

There is plenty of industrial strenth telco kit out there for these types of application.

rsynnott

Rew wrote:

As for the current disscusion. Delation is not an issue, nobody said in any post they wanted to deleate data. As for criminal establishing plausable deniability, they are entitled to see any evidence against them when building a leagal defence so its not really an issue.

Really? "Oh, goodness, I'm accidentally clicking on the "no WEP" option on my wireless router. I CERTAINLY hope no-one does naughty illegal things on it!"

And unless there is a law requiring such data retention, they're probably not doing it; it would be horrifically expensive and it would certainly not cover HTTPS (where an SSL tunnel is established between the client and server).

Rew

rsynnott wrote:

Really? "Oh, goodness, I'm accidentally clicking on the "no WEP" option on my wireless router. I CERTAINLY hope no-one does naughty illegal things on it!"

Actually i suggested that as a defence against file sharing law suits and there hav been successfully cases else where, where sombodys PC was so Trojan/Virus riddled that offences committed using their PC/Net Connection couldn't be proved.

And unless there is a law requiring such data retention, they're probably not doing it; it would be horrifically expensive and it would certainly not cover HTTPS (where an SSL tunnel is established between the client and server).

I didn't saw there wasn't a law jsut that the situation is very unclear. They do retain data for security reasons. To what level I dont konw but id say its quite detailed.

rsynnott

Rew wrote:

I didn't saw there wasn't a law jsut that the situation is very unclear. They do retain data for security reasons. To what level I dont konw but id say its quite detailed.

I'd say the data is limited to matching phone numbers to IPs. (Which is perfectly reasonable, as it assists in tracing child porn users and such). There'd be no real POINT to recording HTTP requests; anything dodgy would generally be done over HTTPS anyway, and there's no way to see what's in a HTTP request short of a man in the middle attack (which is illegal). They'd be able to show that John Smith established an SSL connection of some sort to apossiblydodgywebsite.com, but that's it. And I really can't see how this could be done economically anyway; they do have a web monitoring thing in the US (Carnivore) but it's a very expensive federally funded project, and even it only considers certain types of traffic, on certain people; it's not a blanket monitoring system like you suggest.

Red Alert

À transparent proxy is generally a giveaway when you enter a dud site - in it's default config both Squid and Microsoft ISA make up their own error messages for invalid URLS. Which means if they are using one, why hide it?

That amount of data seems dodgy - i really don't like the idea of big brother eircom (who'd probably sell it for marketing purposes) if they could or IBB (who are just downright incompetent they'd probably leave it lying in a street or something) having all that.

Rew

rsynnott wrote:

I'd say the data is limited to matching phone numbers to IPs. (Which is perfectly reasonable, as it assists in tracing child porn users and such). There'd be no real POINT to recording HTTP requests; anything dodgy would generally be done over HTTPS anyway, and there's no way to see what's in a HTTP request short of a man in the middle attack (which is illegal). They'd be able to show that John Smith established an SSL connection of some sort to apossiblydodgywebsite.com, but that's it. And I really can't see how this could be done economically anyway; they do have a web monitoring thing in the US (Carnivore) but it's a very expensive federally funded project, and even it only considers certain types of traffic, on certain people; it's not a blanket monitoring system like you suggest.

They are in the middle so can sniff data no problem. Carnivore monitered alot more then the web. I didn't suggest it was blanket monitoring its up to indvidual telcos to do the logging they see fit.

rsynnott

Red Alert wrote:

À transparent proxy is generally a giveaway when you enter a dud site - in it's default config both Squid and Microsoft ISA make up their own error messages for invalid URLS. Which means if they are using one, why hide it?

That amount of data seems dodgy - i really don't like the idea of big brother eircom (who'd probably sell it for marketing purposes) if they could or IBB (who are just downright incompetent they'd probably leave it lying in a street or something) having all that.

It's certainly possible to have a very transparent transparent proxy, and then there are HTTP packet analysers. But all this would take a LOT of machines. And it would miss out HTTPS and such.

Rew

Red Alert wrote:

À transparent proxy is generally a giveaway when you enter a dud site - in it's default config both Squid and Microsoft ISA make up their own error messages for invalid URLS. Which means if they are using one, why hide it?

Only if its configured to give you the error message. Anyway they dont have to actually proxy the connection all they have to do is sniff it as it passes though their network.

Rew

rsynnott wrote:

But all this would take a LOT of machines.

Or one big dedicated bit of hardware. With telco stuff u cannt think in terms of PC's.

rsynnott

Rew wrote:

They are in the middle so can sniff data no problem. Carnivore monitered alot more then the web. I did suggest it was blanket monitoring its up to indvidual telcos to do the logging they see fit.

Yep, Carnivore does (it still exists, you know), most interesting non-encrypted services. As I mentioned previously, it's impossible for it to do SSL services. And I really can't see why telecoms would spend so much (and it would be a LOT) monitoring their customers when no legal requirement exists to do so and they'd miss most interesting stuff anyway

Rew

rsynnott wrote:

Yep, Carnivore does (it still exists, you know), most interesting non-encrypted services. As I mentioned previously, it's impossible for it to do SSL services. And I really can't see why telecoms would spend so much (and it would be a LOT) monitoring their customers when no legal requirement exists to do so and they'd miss most interesting stuff anyway

FBI claim to have discontnuted Carnivore. I didn't say there was no legal requirement just that its unclear. The intresting stuff isn't always encrypted btw. Google searches can be very intresting.

rsynnott

Rew wrote:

Or one big dedicated bit of hardware. With telco stuff u cannt think in terms of PC's.

This is one big machine which can process tens of gigabits per second, yes? Know you of such a machine?

Rew

One of these will do firewall and IDS at 1-2 Gbps with up to 1/2 mil concurent sessions.

http://www.juniper.net/products/integrated/dsheet/110035.pdf

Rew

Anyway, the big problem isn't the tracking/logging of data its the storage of the logs. That would be the big limiting factor in any setup.

rsynnott

Rew wrote:

One of these will do firewall and IDS at 1-2 Gbps with up to 1/2 mil concurent sessions.

http://www.juniper.net/products/integrated/dsheet/110035.pdf

Hmm, nice, but I don't think it does what you want. As far as I can see it simply does deep inspection of a few protocols looking for attacks; that's a far cry from logging them all.