

I Know Where You are and What You are Sharing - programd
http://arxiv.org/abs/1109.4039

======
Jach
Juicy stuff is at section 5.3.

Apparently they're exploiting incremental/predictable IP-IDs sent in packets
to the same IP but possibly different machines in order to determine whether
it's the same machine or not. Linux seems to always do 0 (which makes it
predictable), except for a bug several years ago, if I'm reading this right:
<http://seclists.org/bugtraq/2006/Mar/258> Windows XP, Vista, and 7 all use
incremental IDs, so the difference of the return IDs should be small.

~~~
programd
You can do even better with some good network timing gear and extract the
physical distance from the NAT point based on time of flight. Another way to
differentiate between machines.

