A server log question

We had 4 computers in the same house between October 2006 and March 23 2007.
2 belonged to my son. One was connected to the Internet the other not.
He was playing Internet games but never posted in news groups.
I had 2 computers too.
The old being Windows 98 SE which I might have used 1-2 times during
that period to go to the Internet.
The other, the new one was the one I used to go to the Internet and post
in news groups on Usenet.
Now comes the question: Would my ISP know what computer of those 3 was
used to post on Usenet via a news reader?
Would it show in the server log?
I never used my old Windows 98 SE to post on Usenet between October 2006
and March 23 2007. This is the time period in question.
I know it's a bit late now but would it have shown back then that my old
Windows 98 SE was not used to post on Usenet but my Windows XP?

Mitsos***

On 2009-11-04, Mitsos*** <smyrna@is_greek.org> wrote:
> We had 4 computers in the same house between October 2006 and March 23 2007.
> 2 belonged to my son. One was connected to the Internet the other not.
> He was playing Internet games but never posted in news groups.
> I had 2 computers too.
> The old being Windows 98 SE which I might have used 1-2 times during
> that period to go to the Internet.
> The other, the new one was the one I used to go to the Internet and post
> in news groups on Usenet.
> Now comes the question: Would my ISP know what computer of those 3 was
> used to post on Usenet via a news reader?
> Would it show in the server log?
> I never used my old Windows 98 SE to post on Usenet between October 2006
> and March 23 2007. This is the time period in question.
> I know it's a bit late now but would it have shown back then that my old
> Windows 98 SE was not used to post on Usenet but my Windows XP?

If you connected all the machines using a router, an ISP will only know
which internet connection was used. I don't know if they log the MAC
number of the network interface card (NIC) used to make the connection, but
if they do and you connect a computer directly not via a router or other
computer, then they could identify the machine used - but MAC numbers can
be spoofed, and NICs can be interchanged, so that evidence wouldn't be
conclusive on its own.

Normally the best way to determine which computer was used to do a
particular thing, is to examine the hard discs of all the machines
concerned - but the traces may be difficult or impossible to identify,
particularly if someone knowledgable has made an effort to conceal or
remove the evidence or a long time has passed.

People might be able to offer more specific advice if you reveal more
about what you want to prove.

--
-- ^^^^^^^^^^
-- Whiskers
-- ~~~~~~~~~~

Whiskers

Mitsos*** wrote:
> We had 4 computers in the same house between October 2006 and March
> 23 2007. 2 belonged to my son. One was connected to the Internet the
> other not. He was playing Internet games but never posted in news groups.
> I had 2 computers too.
> The old being Windows 98 SE which I might have used 1-2 times during
> that period to go to the Internet.
> The other, the new one was the one I used to go to the Internet and
> post in news groups on Usenet.
> Now comes the question: Would my ISP know what computer of those 3 was
> used to post on Usenet via a news reader?
> Would it show in the server log?
> I never used my old Windows 98 SE to post on Usenet between October
> 2006 and March 23 2007. This is the time period in question.
> I know it's a bit late now but would it have shown back then that my
> old Windows 98 SE was not used to post on Usenet but my Windows XP?

Your ISP knows everything about you. Even which keys your son pressed on his
computer that was not connected to the internet. Even the scores he achieved
in the games he played, on the internet or even the football game he played
in your backyard.

Every key you or he have ever pressed on any computer you have ever owned or
even been near in say an airport internet cafe is recorded in your ISP's
logs. They even record the colour of the shirt you were wearing when you may
or may not have pressed those keys.

As to the time frame you mention, forget about it. Your ISP keeps logs way
back to the eighteen hundreds when electricity was first invented and will
have at that time recorded such important things as your grandmothers bra
size.


Why do you ask? Somebody hassling you?

rf

Mitsos*** wrote:
> We had 4 computers in the same house between October 2006 and March 23
> 2007.

You didn't describe whether the computers were on a local network
accessing the internet behind a router or if they were each accessing
the network independently via a dialup modem.

> Now comes the question: Would my ISP know what computer of those 3 was
> used to post on Usenet via a news reader?

I can't imagine why that question would be important.

Do you mean, 'if the provider were subpoenaed for the provider's logs,
and the FBI obtained a warrant to search and sieze from my home and its
computers, would the FBI be able to determine and prove from the logs
and the computer forensics which computer posted to usenet?' then the
answer is certainly 'Yes'.

In some other country such as Greece, I suppose that subpoena and
warrant process would be the Hellenic Police Force

If you mean something else, then you should state more distinctly the
relative network topography of the computers in question and just
exactly and precisely what you are worried about the provider
determining for apparently no good reason.

> I know it's a bit late now but would it have shown back then that my
old
> Windows 98 SE was not used to post on Usenet but my Windows XP?

Depending on the adversarial relationship between you and your provider
or anyone else who can obtain your provider's logs and other
information, your provider or some other adversary has access to more
than just the server logs to research what you posted on usenet.


--
Mike Easter

Mike Easter

On Wed, 04 Nov 2009 13:31:02 +0200, Mitsos*** wrote:

> We had 4 computers in the same house between October 2006 and March 23 2007.
> 2 belonged to my son. One was connected to the Internet the other not.
> He was playing Internet games but never posted in news groups.
> I had 2 computers too.
> The old being Windows 98 SE which I might have used 1-2 times during
> that period to go to the Internet.
> The other, the new one was the one I used to go to the Internet and post
> in news groups on Usenet.
> Now comes the question: Would my ISP know what computer of those 3 was
> used to post on Usenet via a news reader?
> Would it show in the server log?
> I never used my old Windows 98 SE to post on Usenet between October 2006
> and March 23 2007. This is the time period in question.
> I know it's a bit late now but would it have shown back then that my old
> Windows 98 SE was not used to post on Usenet but my Windows XP?

Let me guess, you were watching a CSI show, or better, NCIS, where Jethro
Gibbs and team can instantly trace down any information and pinpoint the
precise computer used.

About the only thing the ISP really cares to know is, which IP is being
used and the customer has paid the bill.

Scammers are quick to say that you need this or that to prevent your ISP
from knowing what you do. Hell, if ISP's really did keep track of
everything you did, they'd need a lot more equipment than what they've got.
an ISP has 10,000 customers. Each and every one is online. Now who's gonna
be keeping watch on those customers? and when.

What ever it is you are worried about, forget it. Unless you've done
something blatantly wrong to attract their attention, the FBI ain't gonna
come knockin on your door just because you visited a website.

richard

Brian Cryer wrote:
> "Mitsos***" <smyrna@is_greek.org> wrote in message
> news:hcrolo$6a0$...
>> We had 4 computers in the same house between October 2006 and March 23
>> 2007.
>> 2 belonged to my son. One was connected to the Internet the other not.
>> He was playing Internet games but never posted in news groups.
>> I had 2 computers too.
>> The old being Windows 98 SE which I might have used 1-2 times during
>> that period to go to the Internet.
>> The other, the new one was the one I used to go to the Internet and
>> post in news groups on Usenet.
>> Now comes the question: Would my ISP know what computer of those 3 was
>> used to post on Usenet via a news reader?
>
> No.
>
>> Would it show in the server log?
>> I never used my old Windows 98 SE to post on Usenet between October
>> 2006 and March 23 2007. This is the time period in question.
>> I know it's a bit late now but would it have shown back then that my
>> old Windows 98 SE was not used to post on Usenet but my Windows XP?
>
> Any server logs will record the IP address and that is about it.
> Assuming that all the computers were behind the same firewall/router
> then there will only have been one IP address to log, so no way to tell
> which computer was used.
>
> That said it isn't just your ISP which logs things. With every usenet
> post there is additional information recorded. This doesn't say much
> about the poster but along with IP address (which is probably recorded
> although not always) its common that the headers will record that
> newsgroup reader that was used. For example your post had in the headers:
> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
> mine has:
> X-Newsreader: Microsoft Windows Mail 6.0.6002.18005
> showing that I'm using Windows Mail.

I was using Thunderbird to post and the troll used Firefox to post
through google groups but sometimes I posted through google groups but
through the tor network but I discovered something nice anyway.
It shows the trolls operation system to be English-UK while my is
English-US and since I have since January 2008 only one computer at
home...While he was using English-UK means that those posts didn't come
from my machine

>
> So from the headers recorded with each usenet posting it may be possible
> to tell what software was used to make the post, and from that you might
> be able to make an educated guess as to which computer was used.
> However, this is using information logged by newsgroup servers and isn't
> information that your ISP would log or even have available.
>
> Since newsgroup servers typically don't store postings beyond a few
> months, its very unlikely that you will be able to recover any header
> information from 2006/2007.
>
> Hope this helps.
Google groups is storing information for many years.

Mitsos***

Mike Easter wrote:
> Mitsos*** wrote:
>> We had 4 computers in the same house between October 2006 and March 23
>> 2007.
>
> You didn't describe whether the computers were on a local network
> accessing the internet behind a router or if they were each accessing
> the network independently via a dialup modem.
I have a modem router? With 4 places to plugin a cable. TeleWell ADSL modem
>
>> Now comes the question: Would my ISP know what computer of those 3 was
>> used to post on Usenet via a news reader?
>
> I can't imagine why that question would be important.

I broke that computer but I only used 1-2 times during that period and
didn't post during that time on Usenet.
I am accused that I have been insulting messages through that broken
computer so if the my ISP could know what of our computers went to
Usenet and which not it would be of great help.
My son didn't use Usenet. My very old computer I didn't use for Usenet.
>
> Do you mean, 'if the provider were subpoenaed for the provider's logs,
> and the FBI obtained a warrant to search and sieze from my home and its
> computers, would the FBI be able to determine and prove from the logs
> and the computer forensics which computer posted to usenet?' then the
> answer is certainly 'Yes'.

So if you had 3 computers (my son had his, my old windows 98 and my new
XP ) the police would know that it come from your XP computer and not
the old win 98?
>
> In some other country such as Greece, I suppose that subpoena and
> warrant process would be the Hellenic Police Force

I live in Finland. They had no search warrant and come 3 times.
Took our 3 computers and 10 months later come again and took my new
computer and 8 months later come again looking for a new computer but I
had non.
Now I was convicted of posting via AOL IP 172 and we don't have AOL IP
172 in Finland nor did I ever had the AOL client installed.
I was even in jail when the AOL poster posted and yet the worlds best
alibi was of no help.
The prosecutors argument was that " I could have used AOL ".
The next argument was that they "found those messages " on my computer
which were downloads from google group I saved to have evidence against
the troll to report him to the police. Which I did together with 3 other
people. He was arrested on November 30 2007 but set free and got his
computers back. He lives in London.
I was convicted of his postings on Usenet and even voice forensic didn't
help to get me of the case. The troll recorded his voice, he is good
with accents, claimed to be me and threaten to kill a person I know who
reported me to the police. Finnish voice forensics said it's my voice.
The troll had only a clip of 13 seconds of my voice.
He posted through google groups and used his domains email accounts.
seanie.eu and telex.co.uk Both registred under his name and yet I was
found guilty. I appealed but expect to be found guilty again for
something I didn't do based on assumptions and circumstantial evidence.
The last place I can go is the European Court of Human Rights and I will
>
> If you mean something else, then you should state more distinctly the
> relative network topography of the computers in question and just
> exactly and precisely what you are worried about the provider
> determining for apparently no good reason.
The police never contacted the AOL server or they would have known where
the posts come from claiming it was a proxy. It was no proxy and even
proxies have to keep server logs
>
>> I know it's a bit late now but would it have shown back then that my
> old
>> Windows 98 SE was not used to post on Usenet but my Windows XP?
>
> Depending on the adversarial relationship between you and your provider
> or anyone else who can obtain your provider's logs and other
> information, your provider or some other adversary has access to more
> than just the server logs to research what you posted on usenet.

So my ISP would have known if I used AOL????
This is very important to know for me
>
>

Mitsos***

Mitsos*** wrote:

> I live in Finland. They had no search warrant and come 3 times.
> Took our 3 computers and 10 months later come again and took my new
> computer and 8 months later come again looking for a new computer but I
> had non.
> Now I was convicted of posting via AOL IP 172 and we don't have AOL IP
> 172 in Finland nor did I ever had the AOL client installed.
> I was even in jail when the AOL poster posted and yet the worlds best
> alibi was of no help.
> The prosecutors argument was that " I could have used AOL ".
> The next argument was that they "found those messages " on my computer
> which were downloads from google group I saved to have evidence against
> the troll to report him to the police. Which I did together with 3 other
> people. He was arrested on November 30 2007 but set free and got his
> computers back. He lives in London.
> I was convicted of his postings on Usenet and even voice forensic didn't
> help to get me of the case. The troll recorded his voice, he is good
> with accents, claimed to be me and threaten to kill a person I know who
> reported me to the police. Finnish voice forensics said it's my voice.
> The troll had only a clip of 13 seconds of my voice.
> He posted through google groups and used his domains email accounts.
> seanie.eu and telex.co.uk Both registred under his name and yet I was
> found guilty. I appealed but expect to be found guilty again for
> something I didn't do based on assumptions and circumstantial evidence.
> The last place I can go is the European Court of Human Rights and I will
> So my ISP would have known if I used AOL????
> This is very important to know for me

Sounds like the prosecutor doesn't know his ****. The judge
doesn't know his ****. And you can't prove your **** without
an attorney that knows his ****.

Wait wait wait. You said this person posted your voice recording
on the usenet via google groups?

Google doesn't do binaries.

--
Jordon

Jordon

On Wed, 04 Nov 2009 21:21:04 +0200, Mitsos*** wrote:

> Mike Easter wrote:
>> Mitsos*** wrote:
>>> We had 4 computers in the same house between October 2006 and March 23
>>> 2007.
>>
>> You didn't describe whether the computers were on a local network
>> accessing the internet behind a router or if they were each accessing
>> the network independently via a dialup modem.
> I have a modem router? With 4 places to plugin a cable. TeleWell ADSL modem
>>
>>> Now comes the question: Would my ISP know what computer of those 3 was
>>> used to post on Usenet via a news reader?
>>
>> I can't imagine why that question would be important.
>
> I broke that computer but I only used 1-2 times during that period and
> didn't post during that time on Usenet.
> I am accused that I have been insulting messages through that broken
> computer so if the my ISP could know what of our computers went to
> Usenet and which not it would be of great help.
> My son didn't use Usenet. My very old computer I didn't use for Usenet.
>>
>> Do you mean, 'if the provider were subpoenaed for the provider's logs,
>> and the FBI obtained a warrant to search and sieze from my home and its
>> computers, would the FBI be able to determine and prove from the logs
>> and the computer forensics which computer posted to usenet?' then the
>> answer is certainly 'Yes'.
>
> So if you had 3 computers (my son had his, my old windows 98 and my new
> XP ) the police would know that it come from your XP computer and not
> the old win 98?
>>
>> In some other country such as Greece, I suppose that subpoena and
>> warrant process would be the Hellenic Police Force
>
> I live in Finland. They had no search warrant and come 3 times.
> Took our 3 computers and 10 months later come again and took my new
> computer and 8 months later come again looking for a new computer but I
> had non.
> Now I was convicted of posting via AOL IP 172 and we don't have AOL IP
> 172 in Finland nor did I ever had the AOL client installed.
> I was even in jail when the AOL poster posted and yet the worlds best
> alibi was of no help.
> The prosecutors argument was that " I could have used AOL ".
> The next argument was that they "found those messages " on my computer
> which were downloads from google group I saved to have evidence against
> the troll to report him to the police. Which I did together with 3 other
> people. He was arrested on November 30 2007 but set free and got his
> computers back. He lives in London.
> I was convicted of his postings on Usenet and even voice forensic didn't
> help to get me of the case. The troll recorded his voice, he is good
> with accents, claimed to be me and threaten to kill a person I know who
> reported me to the police. Finnish voice forensics said it's my voice.
> The troll had only a clip of 13 seconds of my voice.
> He posted through google groups and used his domains email accounts.
> seanie.eu and telex.co.uk Both registred under his name and yet I was
> found guilty. I appealed but expect to be found guilty again for
> something I didn't do based on assumptions and circumstantial evidence.
> The last place I can go is the European Court of Human Rights and I will
>>
>> If you mean something else, then you should state more distinctly the
>> relative network topography of the computers in question and just
>> exactly and precisely what you are worried about the provider
>> determining for apparently no good reason.
> The police never contacted the AOL server or they would have known where
> the posts come from claiming it was a proxy. It was no proxy and even
> proxies have to keep server logs
>>
>>> I know it's a bit late now but would it have shown back then that my
>> old
>>> Windows 98 SE was not used to post on Usenet but my Windows XP?
>>
>> Depending on the adversarial relationship between you and your provider
>> or anyone else who can obtain your provider's logs and other
>> information, your provider or some other adversary has access to more
>> than just the server logs to research what you posted on usenet.
>
> So my ISP would have known if I used AOL????
> This is very important to know for me
>>
>>

An interesting legal case you have for sure.
FYI, and perhaps defense, is the fact that every single post to usenet has
a unique identifier known as the "message ID".

For this post, yours is:
Message-ID: <hcsk72$tb3$>
For your original post it is:
Message-ID: <hcrolo$6a0$>

With that information, anyone who knows the coding scheme can identify
exactly where that post originated. It will prove that his posts are from
an entirely different location than yours.

You say that the police claim that a post was made through a computer that
even't wasn't working, let alone online. Trust me, if the cops have your
computer, they can put on it any damn thing they want.

I have read of a few cases here in the USA, where the so called evidence
was a paper log allegedly from the ISP's computer. The very knowledgable
attorney demonstrated right before the jury exactly how any one could
create such evidence using a computer and printer.

Furthermore, IP's are assigned to a specific country. I seriously doubt
that as a resident of the netherlands, you could even log into AOL. So by
them claiming that you have an AOL account is totally absurd. Just for fun,
write to AOL and ask them if they have any customers from the netherlands
and in particular your city. I'll bet they say no.

Practically any computer savvy tech will tell you that the IP of 172.x.x.x
is an IP that is designated for internal use by YOUR computer and other
devices, like routers. Had they said "Well your IP is 127.x.x.x.....", I'd
have laughed my ass off royally and told them they better find out what a
reserved IP is.

Do yourself a favor and google that IP. You'll find tons of reading
material about it.

Obviously these cops know very little about computers.

Good luck.

richard

On Wed, 04 Nov 2009 13:28:29 -0600, philo wrote:

> Mitsos*** wrote:
>> Mike Easter wrote:
>>> Mitsos*** wrote:
>>>> We had 4 computers in the same house between October 2006 and March 23
>>>> 2007.
>>>
>>> You didn't describe whether the computers were on a local network
>>> accessing the internet behind a router or if they were each accessing
>>> the network independently via a dialup modem.
>> I have a modem router? With 4 places to plugin a cable. TeleWell ADSL modem
>>>
>>>> Now comes the question: Would my ISP know what computer of those 3 was
>>>> used to post on Usenet via a news reader?
>>>
>>> I can't imagine why that question would be important.
>>
>> I broke that computer but I only used 1-2 times during that period and
>> didn't post during that time on Usenet.
>> I am accused that I have been insulting messages through that broken
>> computer so if the my ISP could know what of our computers went to
>> Usenet and which not it would be of great help.
>> My son didn't use Usenet. My very old computer I didn't use for Usenet.
>>>
>>> Do you mean, 'if the provider were subpoenaed for the provider's logs,
>>> and the FBI obtained a warrant to search and sieze from my home and its
>>> computers, would the FBI be able to determine and prove from the logs
>>> and the computer forensics which computer posted to usenet?' then the
>>> answer is certainly 'Yes'.
>>
>> So if you had 3 computers (my son had his, my old windows 98 and my new
>> XP ) the police would know that it come from your XP computer and not
>> the old win 98?
>>>
>>> In some other country such as Greece, I suppose that subpoena and
>>> warrant process would be the Hellenic Police Force
>>
>> I live in Finland. They had no search warrant and come 3 times.
>> Took our 3 computers and 10 months later come again and took my new
>> computer and 8 months later come again looking for a new computer but I
>> had non.
>> Now I was convicted of posting via AOL IP 172 and we don't have AOL IP
>> 172 in Finland nor did I ever had the AOL client installed.
>> I was even in jail when the AOL poster posted and yet the worlds best
>> alibi was of no help.
>> The prosecutors argument was that " I could have used AOL ".
>> The next argument was that they "found those messages " on my computer
>> which were downloads from google group I saved to have evidence against
>> the troll to report him to the police. Which I did together with 3 other
>> people. He was arrested on November 30 2007 but set free and got his
>> computers back. He lives in London.
>> I was convicted of his postings on Usenet and even voice forensic didn't
>> help to get me of the case. The troll recorded his voice, he is good
>> with accents, claimed to be me and threaten to kill a person I know who
>> reported me to the police. Finnish voice forensics said it's my voice.
>> The troll had only a clip of 13 seconds of my voice.
>
>
> Nope...can't tell by listening
>
> need to use voiceprints
>
> if your lawyer did not know that you better get another one!!!!
>

What? You've never seen the crack team led by Jethro Gibbs perform their
magic tricks on NCIS? Hey the gal can take a highly garbled 2 second clip
and identify the voice in seconds.

richard