Ben: Thanks. I was wondering about this. So if the server (zoom.com) were to field the IP addresses, than would it be Zoom who would have to trace Zoombombers and take action?
I have been reading reports that the FBI is starting to take interest in this as apparently Zoombombing is a violation of the CFAA, Computer Fraud And Abuse Act and it would not be myself as a meeting host to try to turn over IP addresses to the authorities. Or does Zoom even care? Mark ----- Original Message ----- From: "Ben Koenig" <[email protected]> To: "Portland Linux/Unix Group" <[email protected]> Sent: Sunday, April 5, 2020 7:17:06 PM Subject: Re: [PLUG] Question on Zoombombin Short answer: no. Long answer: My understanding is that services like Zoom provide a central server that allows clients to talk to each other. The only IP address you need is that of the server, the others are abstracted away from the client. instead, - each user sends their data to the server. - the server aggregates the incoming connections - server distributes data to clients as required Normally one or more of these clients would be dedicated as the "host" or moderator, who is able to change how the server functions on-the-fly. This includes things like kicking individual clients, and other functions. In order to do get the IP address of each client in a meeting, the service must expose that data to each client. This is normally considered a security flaw, however it would not be unheard of for a given piece of software to accidentally leak that kind of data. That said, if there are bugs in the software that allow unauthorized users to join meetings at will, then it's possible that a bug may exist that allows you to identify the IP address of your peers in a given meeting. This would be an interesting question for Zoom's customer service team, since allowing other users to see your IP opens up some severe privacy concerns. Personally I'd be interested just to know how they respond to such a question. -Ben On Sun, Apr 5, 2020 at 6:09 PM Mark Allyn <[email protected]> wrote: > Folks: > > I don't know if this is the right forum or not to ask this, but I am > curious about this so called Zoombombing that's been creeping up. > > I was as a zoom meeting that did get bombed with porn on Saturday. > Luckily, the host was able to kick them off very quickly. > > However, this leads me to a question. > > If I happen to have had another machine on my network running a sniffer; > something like Snort; would have I got the IP address of whomever > Zoombombed the meeting I was on? > > In a system like Zoom, do all of the videos come together to my desktop or > do they go to the host first and then out to the guests? Who would see the > source IP addresses of those who connect (including the zoombomber) if they > had a Snort or other sniffer running on their network? > > If this is not a good forum for something like this, would anyone know > what forum I could take this to? Would it be DorkbotPDX? > > Thank you > > Mark > > -- > Mark Allyn > Bellingham, Washington > www.allyn.com > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug -- Mark Allyn Bellingham, Washington www.allyn.com _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
