[PLUG] Question on Zoombombin
Ben Koenig
techkoenig at gmail.com
Mon Apr 6 03:58:54 UTC 2020
My assumption here is that you are correct. I am not a Zoom employee or
legal authority on this matter so there are other factors I may not be
aware of. If I were considering taking legal action against individuals who
"zoombombed" my meeting, I would start by contacting their Support team to
see what resources they offer for this situation. The answer you get from
them would determine what your next steps would be, if needed.
https://support.zoom.us/hc/en-us/articles/201362003
You've got some excellent questions, and they do appear to have a support
team ready to receive them. As a support tech at a data security company,
I'm curious to know how willing they are to resolve these types of
problems.
-Ben
On Sun, Apr 5, 2020 at 7:31 PM Mark Allyn <allyn at well.com> wrote:
> Ben:
>
> Thanks. I was wondering about this. So if the server (zoom.com) were to
> field the IP
> addresses, than would it be Zoom who would have to trace Zoombombers and
> take action?
>
> I have been reading reports that the FBI is starting to take interest in
> this as
> apparently Zoombombing is a violation of the CFAA, Computer Fraud And
> Abuse Act and
> it would not be myself as a meeting host to try to turn over IP addresses
> to the
> authorities.
>
> Or does Zoom even care?
>
> Mark
>
> ----- Original Message -----
> From: "Ben Koenig" <techkoenig at gmail.com>
> To: "Portland Linux/Unix Group" <plug at pdxlinux.org>
> Sent: Sunday, April 5, 2020 7:17:06 PM
> Subject: Re: [PLUG] Question on Zoombombin
>
> Short answer: no.
>
> Long answer: My understanding is that services like Zoom provide a central
> server that allows clients to talk to each other. The only IP address you
> need is that of the server, the others are abstracted away from the client.
>
> instead,
> - each user sends their data to the server.
> - the server aggregates the incoming connections
> - server distributes data to clients as required
>
> Normally one or more of these clients would be dedicated as the "host" or
> moderator, who is able to change how the server functions on-the-fly. This
> includes things like kicking individual clients, and other functions. In
> order to do get the IP address of each client in a meeting, the service
> must expose that data to each client. This is normally considered a
> security flaw,
> however it would not be unheard of for a given piece of software to
> accidentally leak that kind of data.
>
> That said, if there are bugs in the software that allow unauthorized users
> to join meetings at will, then it's possible that a bug may exist that
> allows you to identify the IP address of your peers in a given meeting.
> This would be an interesting question for Zoom's customer service team,
> since allowing other users to see your IP opens up some severe privacy
> concerns. Personally I'd be interested just to know how they respond to
> such a question.
> -Ben
>
> On Sun, Apr 5, 2020 at 6:09 PM Mark Allyn <allyn at well.com> wrote:
>
> > Folks:
> >
> > I don't know if this is the right forum or not to ask this, but I am
> > curious about this so called Zoombombing that's been creeping up.
> >
> > I was as a zoom meeting that did get bombed with porn on Saturday.
> > Luckily, the host was able to kick them off very quickly.
> >
> > However, this leads me to a question.
> >
> > If I happen to have had another machine on my network running a sniffer;
> > something like Snort; would have I got the IP address of whomever
> > Zoombombed the meeting I was on?
> >
> > In a system like Zoom, do all of the videos come together to my desktop
> or
> > do they go to the host first and then out to the guests? Who would see
> the
> > source IP addresses of those who connect (including the zoombomber) if
> they
> > had a Snort or other sniffer running on their network?
> >
> > If this is not a good forum for something like this, would anyone know
> > what forum I could take this to? Would it be DorkbotPDX?
> >
> > Thank you
> >
> > Mark
> >
> > --
> > Mark Allyn
> > Bellingham, Washington
> > www.allyn.com
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> --
> Mark Allyn
> Bellingham, Washington
> www.allyn.com
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
More information about the PLUG
mailing list