Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Tracking IP addresses and Usenet posts?

Thread Tools

Tracking IP addresses and Usenet posts?

Nico Kadel-Garcia
Posts: n/a
On Jan 3, 11:00*am, RayLopez99 <(E-Mail Removed)> wrote:
> This is more a privacy question but I could not figure out a forum for
> it.
> Given that one can track IP addresses of people that visit a website,
> and given that IP addresses of all mail, including Usenet posts, is in
> the header, is there an automated way of checking all Usenet posts by
> IP address? *To see if a particular poster who visited a particular
> website also posted certain messages on Usenet or elsewhere? *This
> would be done by the webmaster of the website visited. *Is there a
> program to do this? *Not manually, which anybody can do, but a
> software program.

Don't mix websites with email with Usnet. They are different protocols
with different characteristics.

Every modern NNTP server, or Usenet server if you wish, supports the
use of the "NNTP-Posting-Host" header, described in RFC 2980 and other
RFC's. This was finally implemented widely because of the history of
forged cancellation messages by the cult of scientology. (No, I'm not
kidding, loolk up the history of alt.religion.scientology and forged
cancel messages and Usenet spew by cult members trying to bury a

This is *NOT* the IP address of the sender. It is the IP address of
the NNTP posting hosting host, which may be connected by any client by
any means that server accepts and may display no record whatsoever of
the connecting client. But it is the host that first submitted it to
Usenet, accoriding to the handling by all other NNTP servers. But it
is enough to do a lot of backtracking to the site that is hosting the
abusing spammer or canceller or troll, and it's been helpful

> I recall years ago some stock forensic accounting firm working with
> the US SEC developed some kind of software--or was it off the shelf?

You can't backtrack material, even with voodoo tools, if the
intervening hosts didn't record the data in the message or in their
own system logs where you can access it. Few sites bother to keep such
logs, or react kindly to requests for such information, especially
without a warrant. Of course, if you're the NSA, you can just place
illegal but federally forgiven taps on the nation's fiber-optic
backbones. (Look up the AT&T fiber-optic tapping case: it was nasty.)

> that's my question--that allowed you to tell, by comparing IP
> addresses as well as sentence syntax (sentence syntax is difficult, so
> it was probably a custom program) who (by IP address) posted what on
> various penny stock bulletin boards and chat rooms. *Then they were

Bulletin boards are not NNTP. Like Wiki's, they typically have logs of
the incoming connections and their IP addresses which can be read, or
if necessaary their traffic can be sniffed. Once a Usenet message
message gets to you, though, those connections have been broken and
may be very awkard to track.

NNTP does suffer from header forgery, but the NNTP-Posting-Host has
been very helpful in reducing abuse: it allows tracking back to the
host that accepted the message, or at which the header was forged,
pretty effectively.

> able to subpoena the internet provider to find out the real world
> identity of the particular person who had that IP address assigned to
> them on a particular day of a certain posting (assuming it was not a
> permanent static address).

Getting such a subpoena is pretty awkard: I've tried, and was told not
to wast the time of the otherwise friendly law enforcement if I was
not the person suffering demonstrable monetary loss over a pretty
generous limit. (It was $30,000 over 10 years ago, I'm sure it's
increased since then.) They wouldn't be able to justify the manpower
and the subpoena.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Usenet abuse (addressed to Usenet admins) Mike Easter Computer Support 5 01-18-2010 09:18 AM
Re: Usenet abuse (addressed to Usenet admins) Tony Computer Support 0 01-17-2010 06:05 PM
tracking down old usenet posts john b hamilton Computer Support 4 09-26-2008 08:34 PM
How to implement a firewall for Windows platform that blocks based on Mac addresses instead of IP addresses C Programming 1 12-07-2006 04:30 AM
Tracking Someone Tracking Me Edw. Peach Computer Security 4 07-07-2005 05:50 PM