Can my ISP see my NNTP traffic?

Discussion in 'Computer Security' started by Regal, Apr 7, 2004.

  1. Regal

    Regal Guest

    I want to take part in discussions which I don't want my ISP
    snooping around in.

    Can my ISP see my Usenet traffic to the extent that the ISP can see
    if I post to or download from a given newsgroup if I use a
    newsserver which is not operated by them?

    For example, I use BTopenworld as an ISP in the UK. If I post this
    Usenet message via the independent Astra newsserver then can
    BTopenworld see what I have read/posted by examining the traffic
    passing through their server. Can they tell which newsgroups I
    used to post or read?

    If they CAN do this they how EASY and how LIKELY is it for them to
    actually do it?

    ---

    And what about for protocols used by Kazaa and other file sharing
    prgrams?
    Regal, Apr 7, 2004
    #1
    1. Advertising

  2. In article <94C495766E51A628D1@64.62.191.200>, says...
    > I want to take part in discussions which I don't want my ISP
    > snooping around in.
    >
    > Can my ISP see my Usenet traffic to the extent that the ISP can see
    > if I post to or download from a given newsgroup if I use a
    > newsserver which is not operated by them?
    >
    > For example, I use BTopenworld as an ISP in the UK. If I post this
    > Usenet message via the independent Astra newsserver then can
    > BTopenworld see what I have read/posted by examining the traffic
    > passing through their server. Can they tell which newsgroups I
    > used to post or read?
    >
    > If they CAN do this they how EASY and how LIKELY is it for them to
    > actually do it?


    Yes, your ISP can easily see traffic going across their network. They
    can easily see and save the contents of said traffic when it is
    unencrypted. If you want your ISP to be unable to see the contents of
    your usenet traffic, find a service that offers SSL with their usenet.

    /steve
    --
    Protect yourself on-line. Hide your identifying details in e-mail,
    usenet, and more. A privacy service like no other.
    No one gives you more control over your e-mail than we do!
    http://www.cotse.net/servicedetails.html
    Stephen K. Gielda, Apr 7, 2004
    #2
    1. Advertising

  3. Regal

    kulm_nd Guest

    They have every packet going through their servers so of course they could
    see what you are doing. The odds are slim, most ISP's could care less where
    you go or what you post until they get a subpoena. It can be done easily as
    the Feds have shown but must be targeted by IP or username.
    --

    ************************************************

    g-w


    "Regal" <> wrote in message
    news:94C495766E51A628D1@64.62.191.200...
    > I want to take part in discussions which I don't want my ISP
    > snooping around in.
    >
    > Can my ISP see my Usenet traffic to the extent that the ISP can see
    > if I post to or download from a given newsgroup if I use a
    > newsserver which is not operated by them?
    >
    > For example, I use BTopenworld as an ISP in the UK. If I post this
    > Usenet message via the independent Astra newsserver then can
    > BTopenworld see what I have read/posted by examining the traffic
    > passing through their server. Can they tell which newsgroups I
    > used to post or read?
    >
    > If they CAN do this they how EASY and how LIKELY is it for them to
    > actually do it?
    >
    > ---
    >
    > And what about for protocols used by Kazaa and other file sharing
    > prgrams?
    kulm_nd, Apr 7, 2004
    #3
  4. Regal <> wrote:
    [deleted]
    > For example, I use BTopenworld as an ISP in the UK. If I post this
    > Usenet message via the independent Astra newsserver then can
    > BTopenworld see what I have read/posted by examining the traffic
    > passing through their server.


    It (the traffic) does not "pass through their server", or or least not
    through a "server" in the normal meaning of that term. Your system (PC)
    does have a 'direct' TCP/IP connection to the Astra newsserver, i.e.
    there are no intermediate servers (as there for example *might* be for a
    web-browser connection).

    > Can they tell which newsgroups I
    > used to post or read?
    >
    > If they CAN do this they how EASY and how LIKELY is it for them to
    > actually do it?


    Yes, I'm sure they can monitor the TCP/IP traffic and hence the NNTP
    traffic which travels on top of that. Whether they do it and whether
    they are *allowed* to do it, is probably a matter of their ToS (Terms
    of Service) or/and UK law.

    [deleted]
    Frank Slootweg, Apr 7, 2004
    #4
  5. sorry to bother you kulm_nd but is subpoena?
    allan
    "kulm_nd" <> skrev i en meddelelse
    news:0LTcc.9163$...
    > They have every packet going through their servers so of course they could
    > see what you are doing. The odds are slim, most ISP's could care less

    where
    > you go or what you post until they get a subpoena. It can be done easily

    as
    > the Feds have shown but must be targeted by IP or username.
    > --
    >
    > ************************************************
    >
    > g-w
    >
    >
    > "Regal" <> wrote in message
    > news:94C495766E51A628D1@64.62.191.200...
    > > I want to take part in discussions which I don't want my ISP
    > > snooping around in.
    > >
    > > Can my ISP see my Usenet traffic to the extent that the ISP can see
    > > if I post to or download from a given newsgroup if I use a
    > > newsserver which is not operated by them?
    > >
    > > For example, I use BTopenworld as an ISP in the UK. If I post this
    > > Usenet message via the independent Astra newsserver then can
    > > BTopenworld see what I have read/posted by examining the traffic
    > > passing through their server. Can they tell which newsgroups I
    > > used to post or read?
    > >
    > > If they CAN do this they how EASY and how LIKELY is it for them to
    > > actually do it?
    > >
    > > ---
    > >
    > > And what about for protocols used by Kazaa and other file sharing
    > > prgrams?

    >
    >
    Allan Birnbaum Ditlevsen, Apr 7, 2004
    #5
  6. "Stephen K. Gielda" wrote:

    >... find a service that offers SSL with their usenet.


    If the messages appear on a public newsgroup anyway, what's the purpose
    of encrypting it in flight?

    SSL doesn't make sense, unless it goes via an anonymizer. Even then the
    really paranoid would want a random-delayed anonymizer to prevent
    identification by timing.

    -- Lassi
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, Apr 7, 2004
    #6
  7. Regal

    kulm_nd Guest

    A subpoena is a court issued order to turn over certain information such as
    who the person behind the username really is and their address etc. There
    needs to be probable cause to believe a law has been violated or there is
    evidence of a crime before the court issues a subpoena (except under the
    Patriot Act which can use a special secret court). The Feds can get a
    subpoena to attach what used to be called Carnivor (hardware and software
    attachment) to watch the traffic of a single user.

    The RIAA has tried them to find out who is downloading and uploading music
    files through civil not criminal proceedings.
    --

    ************************************************

    g-w


    "Allan Birnbaum Ditlevsen" <> wrote in message
    news:40740c6e$0$252$...
    > sorry to bother you kulm_nd but is subpoena?
    > allan
    > "kulm_nd" <> skrev i en meddelelse
    > news:0LTcc.9163$...
    > > They have every packet going through their servers so of course they

    could
    > > see what you are doing. The odds are slim, most ISP's could care less

    > where
    > > you go or what you post until they get a subpoena. It can be done easily

    > as
    > > the Feds have shown but must be targeted by IP or username.
    > > --
    > >
    > > ************************************************
    > >
    > > g-w
    > >
    > >
    > > "Regal" <> wrote in message
    > > news:94C495766E51A628D1@64.62.191.200...
    > > > I want to take part in discussions which I don't want my ISP
    > > > snooping around in.
    > > >
    > > > Can my ISP see my Usenet traffic to the extent that the ISP can see
    > > > if I post to or download from a given newsgroup if I use a
    > > > newsserver which is not operated by them?
    > > >
    > > > For example, I use BTopenworld as an ISP in the UK. If I post this
    > > > Usenet message via the independent Astra newsserver then can
    > > > BTopenworld see what I have read/posted by examining the traffic
    > > > passing through their server. Can they tell which newsgroups I
    > > > used to post or read?
    > > >
    > > > If they CAN do this they how EASY and how LIKELY is it for them to
    > > > actually do it?
    > > >
    > > > ---
    > > >
    > > > And what about for protocols used by Kazaa and other file sharing
    > > > prgrams?

    > >
    > >

    >
    >
    kulm_nd, Apr 7, 2004
    #7
  8. In article <>,
    lid says...
    > "Stephen K. Gielda" wrote:
    >
    > >... find a service that offers SSL with their usenet.

    >
    > If the messages appear on a public newsgroup anyway, what's the purpose
    > of encrypting it in flight?
    >
    > SSL doesn't make sense, unless it goes via an anonymizer. Even then the
    > really paranoid would want a random-delayed anonymizer to prevent
    > identification by timing.


    It certainly does make sense, your downloads aren't ending up on a
    public newsgroup. Most people who ask about this are more concerned
    with what they download or read and not what they post.

    /steve
    --
    Check out Cotse's Privacy Watch.
    A comprehensive information resource.
    http://www.cotse.net/privacy/
    Stephen K. Gielda, Apr 7, 2004
    #8
  9. Regal

    James Guest

    "Frank Slootweg" <> wrote in message
    news:40740ade$0$64611$...
    > Regal <> wrote:
    > they are *allowed* to do it, is probably a matter of their ToS (Terms
    > of Service) or/and UK law.


    It is UK law to require traffic data to be retained for a lengthy period -
    this is the reason why times of downloads in UK have increased markedly in
    recent years. Some interpretations of the law include content data as well
    and it is still undecided whether this offends against any rights of privacy
    introduced by the Human Rights convention. As you may know there is no real
    concept of privacy in the UK other than that imposed by EU directives and
    the UK government is widely known as the most nosey and paranoid in the
    world.

    James
    James, Apr 7, 2004
    #9
  10. Regal

    Rowdy Yates Guest

    "kulm_nd" <> wrote in
    news:7vVcc.9208$:

    > A subpoena is a court issued order to turn over certain information
    > such as who the person behind the username really is and their address
    > etc. There needs to be probable cause to believe a law has been
    > violated or there is evidence of a crime before the court issues a
    > subpoena (except under the Patriot Act which can use a special secret
    > court). The Feds can get a subpoena to attach what used to be called
    > Carnivor (hardware and software attachment) to watch the traffic of a
    > single user.
    >
    > The RIAA has tried them to find out who is downloading and uploading
    > music files through civil not criminal proceedings.


    there is NO anonymity on the internet. subpoena or no subpoena. just about
    every single system/hw device/whatever on the net logs. have you any idea
    how many for those things your traffic goes through?

    a hacker may escape detection. if you are posting your question on public
    ng's, you have no chance. so whatever you are doing online, if it's
    illegal, just don't do it. don't be stupid.
    --
    Rowdy Yates
    -------------------------------
    "the man who tried and failed"
    Rowdy Yates, Apr 8, 2004
    #10
  11. In article <Xns94C4DFDAEF900rowdyyates2lycoscom@66.185.95.104>,
    Rowdy Yates <> wrote:

    > there is NO anonymity on the internet. subpoena or no subpoena. just about
    > every single system/hw device/whatever on the net logs. have you any idea
    > how many for those things your traffic goes through?


    While it's normal for servers to log their activity, it's very unusual
    for routers to keep detailed traffic logs. Most ISP routers have the
    ability to log these details, but the overhead makes it prohibitive to
    use it except when there's something specific you're looking for
    (typically when you're trying to troubleshoot network problems).

    --
    Barry Margolin,
    Arlington, MA
    Barry Margolin, Apr 8, 2004
    #11
  12. James <> wrote:
    > "Frank Slootweg" <> wrote in message
    > news:40740ade$0$64611$...
    >> Regal <> wrote:
    >> they are *allowed* to do it, is probably a matter of their ToS (Terms
    >> of Service) or/and UK law.

    >
    > It is UK law to require traffic data to be retained for a lengthy period -
    > this is the reason why times of downloads in UK have increased markedly in
    > recent years. Some interpretations of the law include content data as well
    > and it is still undecided whether this offends against any rights of privacy
    > introduced by the Human Rights convention. As you may know there is no real
    > concept of privacy in the UK other than that imposed by EU directives and
    > the UK government is widely known as the most nosey and paranoid in the
    > world.
    >
    > James


    I am not an UK-resident [1], but I think you are mistaken. What is
    retained is traffic *related* data, not (all) traffic itself. With
    broadband services it is (effectively) *impossible* to log all traffic,
    especially all download traffic and all 'foreign' traffic (i.e. traffic
    from/to servers outside the ISPs domain). So an ISP (i.e. BTopenworld in
    this case) might log things like "*My* customer A has downloaded/posted
    articles X/Y/Z from/to *my* server B.", but it will not log things like
    "*My* customer A has downloaded/posted articles X/Y/Z from/to *ISP_B's*
    (i.e. Astra in this case) server B.". Of course these things can change
    when there is a (founded) suspicion of a crime (and associated court
    order), but that is other than regular/default monitoring, which is what
    the OP is referring to. I think an (UK) ISP will get into trouble if it
    retains/views/snoops_in foreign traffic (for other than technical/
    diagnostic purposes).

    [1] I live in The Netherlands and AFAIK our (ISP etc. related) laws are
    similar to the UK ones.
    Frank Slootweg, Apr 8, 2004
    #12
  13. Regal

    James Guest

    "Frank Slootweg" <> wrote in message
    news:407516ba$0$64619$...

    > I am not an UK-resident [1], but I think you are mistaken. What is
    > retained is traffic *related* data, not (all) traffic itself. With
    > broadband services it is (effectively) *impossible* to log all traffic,
    > especially all download traffic and all 'foreign' traffic (i.e. traffic
    > from/to servers outside the ISPs domain). So an ISP (i.e. BTopenworld in
    > this case) might log things like "*My* customer A has downloaded/posted
    > articles X/Y/Z from/to *my* server B.", but it will not log things like
    > "*My* customer A has downloaded/posted articles X/Y/Z from/to *ISP_B's*
    > (i.e. Astra in this case) server B.". Of course these things can change
    > when there is a (founded) suspicion of a crime (and associated court
    > order), but that is other than regular/default monitoring, which is what
    > the OP is referring to. I think an (UK) ISP will get into trouble if it
    > retains/views/snoops_in foreign traffic (for other than technical/
    > diagnostic purposes).
    >
    > [1] I live in The Netherlands and AFAIK our (ISP etc. related) laws are
    > similar to the UK ones.


    I would like to agree with you, but I have actually examined some of the
    logs which are kept in UK and there is plenty (!) of content - most recently
    I saw some interesting chat room conversations retained in network logs. UK
    ISPs are aware that they are required as part of their good practice
    policies to maintain such records as will "facilitate investigation" by the
    boys in blue. Keeping the info is not difficult just expensive.

    But the principal point I'm making is that despite the beneficent impetus
    from EU Directives to protect the privacy of the individual and his/her
    communications, the UK goes much, much, much further than necessary in
    pursuit of the qualificatino of "preventing crime" and has little if any
    regard for rights of individual privacy at all. The Netherlands, on the
    other hand, has a long tradition of protection of individual rights and
    freedoms. There is a huge gulf between the attitudes of both nations.

    regards
    James
    James, Apr 8, 2004
    #13
  14. On Thu, 8 Apr 2004 12:52:13 +0100, "James" <>
    wrote:

    >:"Frank Slootweg" <> wrote in message
    >:news:407516ba$0$64619$...


    <snipped>

    >:> [1] I live in The Netherlands and AFAIK our (ISP etc. related) laws are
    >:> similar to the UK ones.
    >:
    >:I would like to agree with you, but I have actually examined some of the
    >:logs which are kept in UK and there is plenty (!) of content - most recently
    >:I saw some interesting chat room conversations retained in network logs. UK
    >:ISPs are aware that they are required as part of their good practice
    >:policies to maintain such records as will "facilitate investigation" by the
    >:boys in blue. Keeping the info is not difficult just expensive.
    >:
    >:But the principal point I'm making is that despite the beneficent impetus
    >:from EU Directives to protect the privacy of the individual and his/her
    >:communications, the UK goes much, much, much further than necessary in
    >:pursuit of the qualificatino of "preventing crime" and has little if any
    >:regard for rights of individual privacy at all. The Netherlands, on the
    >:eek:ther hand, has a long tradition of protection of individual rights and
    >:freedoms. There is a huge gulf between the attitudes of both nations.
    >:
    >:regards
    >:James
    >:


    This message was sent via an encrypted tunnel. I live in the UK. I
    would love to see the logs of my ISP. It will just be apparent
    randomn garbage, of course. They will only know that it is encrypted
    data and it is going to an SSH2 enabled host server in Hong Kong. I
    use this server for all my web browsing, usenet postings/downloading
    and Email.

    It must be very frustrating for some busybody.
    Jeremy Paxman, Apr 8, 2004
    #14
  15. Regal

    KK Guest

    On Thu, 08 Apr 2004 21:23:51 +0100, Jeremy Paxman <> wrote:
    >
    >
    > On Thu, 8 Apr 2004 12:52:13 +0100, "James" <>
    > wrote:
    >
    >>:"Frank Slootweg" <> wrote in message
    >>:news:407516ba$0$64619$...

    >
    ><snipped>
    >
    >>:> [1] I live in The Netherlands and AFAIK our (ISP etc. related) laws are
    >>:> similar to the UK ones.
    >>:
    >>:I would like to agree with you, but I have actually examined some of the
    >>:logs which are kept in UK and there is plenty (!) of content - most recently
    >>:I saw some interesting chat room conversations retained in network logs. UK
    >>:ISPs are aware that they are required as part of their good practice
    >>:policies to maintain such records as will "facilitate investigation" by the
    >>:boys in blue. Keeping the info is not difficult just expensive.
    >>:
    >>:But the principal point I'm making is that despite the beneficent impetus
    >>:from EU Directives to protect the privacy of the individual and his/her
    >>:communications, the UK goes much, much, much further than necessary in
    >>:pursuit of the qualificatino of "preventing crime" and has little if any
    >>:regard for rights of individual privacy at all. The Netherlands, on the
    >>:eek:ther hand, has a long tradition of protection of individual rights and
    >>:freedoms. There is a huge gulf between the attitudes of both nations.
    >>:
    >>:regards
    >>:James
    >>:

    >
    > This message was sent via an encrypted tunnel. I live in the UK. I
    > would love to see the logs of my ISP. It will just be apparent
    > randomn garbage, of course. They will only know that it is encrypted
    > data and it is going to an SSH2 enabled host server in Hong Kong. I
    > use this server for all my web browsing, usenet postings/downloading
    > and Email.
    >
    > It must be very frustrating for some busybody.
    >
    >
    >


    Except, of course, that they can read your posts on the Usenet like I am
    doing right now.

    No problem for them to obtain the IP address of this server in Hong Kong
    and determine what it is doing. Take a few seconds.

    man nmap
    man traceroute
    man whois
    man host

    etc...

    They can discover that server's connection to any other server, such as a
    newsserver, in a blink.

    If *I* could, they could, and more...

    Here's your headers, for the Archives:

    Path: newsspool2.news.pas.earthlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net
    !elnk-atl-nf1!newsfeed.earthlink.net!newshosting.com!nx02.iad01.newshosting.com!post01.iad01.newshosting.com
    !not-for-mail
    From: Jeremy Paxman
    Newsgroups: alt.computer.security,comp.security.misc,alt.censorship,alt.privacy
    Subject: Re: Can my ISP see my NNTP traffic?
    Date: Thu, 08 Apr 2004 21:23:51 +0100
    Message-ID: <>
    References: <94C495766E51A628D1@64.62.191.200> <40740ade$0$64611$>
    <c51ul3$ht0$> <407516ba$0$64619$>
    <c53ekj$96q$>
    X-Newsreader: Forte Agent 1.91/32.564
    X-No-Archive: yes
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    Lines: 41
    Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
    X-Complaints-To:
    Xref: news.earthlink.net alt.computer.security:49115 comp.security.misc:83730 alt.censorship:202841
    alt.privacy:155198
    X-Received-Date: Thu, 08 Apr 2004 13:24:03 PDT (newsspool2.news.pas.earthlink.net)

    Why you want to cheat the archives of your useful posts, I don't know.

    KK
    KK, Apr 8, 2004
    #15
  16. On Thu, 08 Apr 2004 20:58:47 GMT, KK <> wrote:

    >:On Thu, 08 Apr 2004 21:23:51 +0100, Jeremy Paxman <> wrote:


    <snipped>


    >:> This message was sent via an encrypted tunnel. I live in the UK. I
    >:> would love to see the logs of my ISP. It will just be apparent
    >:> randomn garbage, of course. They will only know that it is encrypted
    >:> data and it is going to an SSH2 enabled host server in Hong Kong. I
    >:> use this server for all my web browsing, usenet postings/downloading
    >:> and Email.
    >:>
    >:> It must be very frustrating for some busybody.
    >:>
    >:>
    >:>
    >:
    >:Except, of course, that they can read your posts on the Usenet like I am
    >:doing right now.
    >:
    >:No problem for them to obtain the IP address of this server in Hong Kong
    >:and determine what it is doing. Take a few seconds.
    >:
    >:man nmap
    >:man traceroute
    >:man whois
    >:man host
    >:
    >:etc...
    >:
    >:They can discover that server's connection to any other server, such as a
    >:newsserver, in a blink.
    >:
    >:If *I* could, they could, and more...
    >:
    >:Here's your headers, for the Archives:
    >:
    >:path: newsspool2.news.pas.earthlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net
    >: !elnk-atl-nf1!newsfeed.earthlink.net!newshosting.com!nx02.iad01.newshosting.com!post01.iad01.newshosting.com
    >: !not-for-mail
    >:From: Jeremy Paxman
    >:Newsgroups: alt.computer.security,comp.security.misc,alt.censorship,alt.privacy
    >:Subject: Re: Can my ISP see my NNTP traffic?
    >:Date: Thu, 08 Apr 2004 21:23:51 +0100
    >:Message-ID: <>
    >:References: <94C495766E51A628D1@64.62.191.200> <40740ade$0$64611$>
    >: <c51ul3$ht0$> <407516ba$0$64619$>
    >: <c53ekj$96q$>
    >:X-Newsreader: Forte Agent 1.91/32.564
    >:X-No-Archive: yes
    >:MIME-Version: 1.0
    >:Content-Type: text/plain; charset=us-ascii
    >:Content-Transfer-Encoding: 7bit
    >:Lines: 41
    >:Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
    >:X-Complaints-To:
    >:Xref: news.earthlink.net alt.computer.security:49115 comp.security.misc:83730 alt.censorship:202841
    >: alt.privacy:155198
    >:X-Received-Date: Thu, 08 Apr 2004 13:24:03 PDT (newsspool2.news.pas.earthlink.net)
    >:
    >:Why you want to cheat the archives of your useful posts, I don't know.
    >:
    >:KK


    Oh, yes, I am well aware of what my headers say. But what I didn't
    say (and will be careful about revealing) is how I connect to that
    server in Hong Kong. Also, nobody knows who I am because I did not
    subscribe to that server, nor to the news server. I use them
    because they are available to me. Next time I might use a different
    one.

    I will not keep this Nym, perhaps next time use something different.

    Maybe yours?

    I trust you are retreiving your hotmail.com messages via either SSL or
    a tunnel. Not sure if you can use SSL all the way into hotmail -
    never liked using it.
    Jeremy Paxman, Apr 8, 2004
    #16
  17. Regal

    Dave Bird Guest

    In article<40740c6e$0$252$>, Allan Birnbaum
    Ditlevsen <> writes:
    >sorry to bother you kulm_nd but is subpoena?


    Court Order. It begins with sub poena dare -- i.e. under penalty
    of paying (amount of fine) -- you will do whatever is ordered in it.

    --
    "If I have seen further than other men, (0_
    it is because I have been surrounded (o. | (o. (o.
    by pygmies." /\ //\ /\ /\
    \/_ V_/_ \/_ \/_
    Dave Bird, Apr 8, 2004
    #17
  18. Security and Encryption FAQ - Revision

    On Thu, 08 Apr 2004 20:58:47 GMT, KK <> wrote:

    >:On Thu, 08 Apr 2004 21:23:51 +0100, Jeremy Paxman <> wrote:


    <snipped>


    >:> This message was sent via an encrypted tunnel. I live in the UK.

    I
    >:> would love to see the logs of my ISP. It will just be apparent
    >:> randomn garbage, of course. They will only know that it is

    encrypted
    >:> data and it is going to an SSH2 enabled host server in Hong Kong.

    I
    >:> use this server for all my web browsing, usenet postings/downloading
    >:> and Email.
    >:>
    >:> It must be very frustrating for some busybody.
    >:>
    >:>
    >:>
    >:
    >:Except, of course, that they can read your posts on the Usenet like I

    am
    >:doing right now.
    >:
    >:No problem for them to obtain the IP address of this server in Hong

    Kong
    >:and determine what it is doing. Take a few seconds.
    >:
    >:man nmap
    >:man traceroute
    >:man whois
    >:man host
    >:
    >:etc...
    >:
    >:They can discover that server's connection to any other server, such

    as a
    >:newsserver, in a blink.
    >:
    >:If *I* could, they could, and more...
    >:
    >:Here's your headers, for the Archives:
    >:
    >:path:

    newsspoo
    l2.news.
    pas.eart
    hlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net
    >: !elnk-atl-

    nf1!newsfeed.
    earthlink.net
    !newshosting.com!nx02.iad01.newshosting.com!post01.iad01.newshosting.com
    >: !not-for-mail
    >:From: Jeremy Paxman
    >:Newsgroups:

    alt.computer.security,comp.security.misc,alt.censorship,alt.privacy
    >:Subject: Re: Can my ISP see my NNTP traffic?
    >:Date: Thu, 08 Apr 2004 21:23:51 +0100
    >:Message-ID: <>
    >:References: <94C495766E51A628D1@64.62.191.200>

    <40740ade$0$64611$>
    >: <c51ul3$ht0$>

    <407516ba$0$64619$>
    >: <c53ekj$96q$>
    >:X-Newsreader: Forte Agent 1.91/32.564
    >:X-No-Archive: yes
    >:MIME-Version: 1.0
    >:Content-Type: text/plain; charset=us-ascii
    >:Content-Transfer-Encoding: 7bit
    >:Lines: 41
    >:Organization: Newshosting.com - Highest quality at a great price!

    www.newshosting.com
    >:X-Complaints-To:
    >:Xref: news.earthlink.net alt.computer.security:49115

    comp.security.misc:83730 alt.censorship:202841
    >: alt.privacy:155198
    >:X-Received-Date: Thu, 08 Apr 2004 13:24:03 PDT

    (newsspool2.news.pas.earthlink.net)
    >:
    >:Why you want to cheat the archives of your useful posts, I don't know.
    >:
    >:KK


    Oh, yes, I am well aware of what my headers say. But what I didn't
    say (and will be careful about revealing) is how I connect to that
    server in Hong Kong. Also, nobody knows who I am because I did not
    subscribe to that server, nor to the news server. I use them because
    they are available to me. Next time I might use a different one.

    I will not keep this Nym, perhaps next time use something different.

    Maybe yours?

    I trust you are retreiving your hotmail.com messages via either SSL or
    a tunnel. Not sure if you can use SSL all the way into hotmail - never
    liked using it.

    This one was done thru the remailers, maybe easier. Can you still do a
    trace?
    Anonymous via the Cypherpunks Tonga Remailer, Apr 9, 2004
    #18
  19. Regal

    Rowdy Yates Guest

    Barry Margolin <> wrote in
    news::

    >> there is NO anonymity on the internet. subpoena or no subpoena. just
    >> about every single system/hw device/whatever on the net logs. have
    >> you any idea how many for those things your traffic goes through?

    >
    > While it's normal for servers to log their activity, it's very unusual
    > for routers to keep detailed traffic logs. Most ISP routers have the
    > ability to log these details, but the overhead makes it prohibitive to
    > use it except when there's something specific you're looking for
    > (typically when you're trying to troubleshoot network problems).
    >


    yes. but as you state, "have the ability to log".

    i also tell my users that auditing is too resource intensive and i don't
    audit, even when i am actually doing it.

    Rowdy Yates
    "the man who tried and failed miserably"
    --
    Visit Rowdy's Home Page
    http://rowdy_yates2.tripod.com/
    Rowdy Yates, Apr 9, 2004
    #19
  20. In article <Xns94C5E23D52CEErowdyyates2lycoscom@66.185.95.104>,
    Rowdy Yates <> wrote:

    > Barry Margolin <> wrote in
    > news::
    >
    > >> there is NO anonymity on the internet. subpoena or no subpoena. just
    > >> about every single system/hw device/whatever on the net logs. have
    > >> you any idea how many for those things your traffic goes through?

    > >
    > > While it's normal for servers to log their activity, it's very unusual
    > > for routers to keep detailed traffic logs. Most ISP routers have the
    > > ability to log these details, but the overhead makes it prohibitive to
    > > use it except when there's something specific you're looking for
    > > (typically when you're trying to troubleshoot network problems).
    > >

    >
    > yes. but as you state, "have the ability to log".


    Actually, I'd like to qualify my statement. The logging that can be
    done with routers is often quite limited. For instance, on a Cisco
    router you can use "debug ip packet detailed" to get packet traces, but
    it doesn't show the payload; you can get addresses, port numbers, and
    TCP flags, but not the application data (which is where the newsgroup
    information would be).

    However, it may be possible to install an RMON module in a router to
    perform full packet capture.

    --
    Barry Margolin,
    Arlington, MA
    Barry Margolin, Apr 9, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Skybuck Flying
    Replies:
    0
    Views:
    4,807
    Skybuck Flying
    Jan 19, 2006
  2. Plomaris

    Desktop can see Laptop, but Laptop can't see Desktop!

    Plomaris, Feb 16, 2006, in forum: Wireless Networking
    Replies:
    3
    Views:
    3,936
    Plomaris
    Feb 17, 2006
  3. Fourdogs
    Replies:
    1
    Views:
    508
    trout
    Dec 6, 2004
  4. Replies:
    6
    Views:
    465
    Meat Plow
    Apr 19, 2007
  5. Steven V.A
    Replies:
    0
    Views:
    871
    Steven V.A
    Apr 29, 2008
Loading...

Share This Page