Poster ID in Usenet posts?

Discussion in 'NZ Computing' started by Sue Bilstein, Feb 15, 2004.

  1. Sue Bilstein

    Sue Bilstein Guest

    In one of the periodic "Is Mr X the same as Mr Y" debates, I recollect
    someone remarking that there is a way to tell for sure whether two posts
    were done by the same person. Unfortunately I can't find this remembered
    post when I google for it.

    I'm still puzzling over how this could be done. For a post done via an ISP,
    you can usually see the type of newsreader used, the ISP and the posting
    host.

    Is there in fact anything there that would always be the same in two posts
    done from the same account? I read that Message-ID contains posting date
    and time - would it also contain account name, if you know how to crack it?
     
    Sue Bilstein, Feb 15, 2004
    #1
    1. Advertisements

  2. I would doubt that it would contain this info... infact, with usenet
    there is almost always no kind of auth info sent, so it can only be tied
    back to one particular ISP/IP/Group of IP's. This is also not entirely
    accurate, as it would appear that I'm posting from an Xtra account(Im
    using news.xtra.co.nz) but infact I'm simply using that news server
    because it allows it from my current IP.

    If it is woger... he's on a static, so, yeah, easy to find him.
     
    T.N.O. - Dave.net.nz, Feb 15, 2004
    #2
    1. Advertisements

  3. Sue Bilstein

    Jason M Guest

    Yes there is something in the headers that shows whether the same
    computer has been used, even though the IP number and/or newsreader is
    different.
    But I'd rather not explain that in a public forum and give the
    sockpuppets other ways to hide.

    nz.general cut
     
    Jason M, Feb 15, 2004
    #3
  4. He also creates untold amounts of it. He should be enclosed in a Faraday
    shield.
    --

    Nicolaas.



    - Children have greater need of models than of critics.
     
    Nicolaas Hawkins, Feb 15, 2004
    #4
  5. Sue Bilstein

    Roger_Nickel Guest

    the numeric part of the ID is from a random number generator seeded by
    the timestamp (maybe also the account number or assigned IP address,
    depending on the ISP). This is a one way hash function and going back
    the other way is not feasible. The only requirement is that the number
    be unique. If the ISP wanted to find out who posted, they would just
    check their internal log files. The "NNTP Posting Host" header gives an
    IP address as does the "Trace" header.This could be a clue if the poster
    is dumb enough to switch identities without starting a new session .
     
    Roger_Nickel, Feb 15, 2004
    #5
  6. Can you email me the details, I'm very interested in this sort of thing.
     
    T.N.O. - Dave.net.nz, Feb 15, 2004
    #6
  7. Or unable to change their posting host... much like myself.
     
    T.N.O. - Dave.net.nz, Feb 15, 2004
    #7
  8. Sue Bilstein

    Mainlander Guest

    The only means of tracing with any certainty is IP address and timestamp
    combined. If someone is on dialup they will get a random IP address each
    time they connect. If you then find that IP address being used by someone
    who is using the same software with different identities to post messages
    close together then it's a pretty sure thing. That in a nutshell is how
    such identification has been done in the past and there is no real way
    otherwise of identifying someone except by their posting style. The
    message ID does not usually contain a username. Some ISPs do post a
    username in their headers but since it can be anything it's not really
    sufficient.
     
    Mainlander, Feb 15, 2004
    #8
  9. Sue Bilstein

    steve Guest

    No....

    If I dial up to IHUG and post using Knode on Linux......

    Then I dial up to Actrix and post using Agent on Windows.....

    There is NO WAY you can tell it was the same person unless I make that clear
    in my posts.

    For people using cable modems it's a wee bit easier....as their posts will
    always contain the same IP address.

    ADSL users may also have the same IP address for days at time....though the
    provider rolls them over to make it difficult for users to operate servers.
    (though why they would want to do that when users by for data anyway is
    beyond me).
     
    steve, Feb 15, 2004
    #9
  10. Sue Bilstein

    Frank Osborn Guest



    And Some News Servers do not use IP numbers or ISP's.plus the users name is
    put in by the user..

    From memory Ihug does not post IP Numbers, in fact all security sites state
    that Fixed IP's should never be posted or seen..

    Seems that a few ISP's don't understand the security of that..
     
    Frank Osborn, Feb 15, 2004
    #10
  11. Sue Bilstein

    Warwick Guest

    Which header field might contain the users IP addy?

    thanks
    Warwick
     
    Warwick, Feb 15, 2004
    #11
  12. Sue Bilstein

    Warwick Guest

    Even if such a Header field existed (and I am not sure it does) it would
    not be hard to spoof it, the internet being set up for anonymous access as
    it is.
    So you might catch someone out with a header comparison, but it would take
    a trivial level of determination for a user to post as different authors if
    they wished to, and not be caught out.



    mho
    Warwick
     
    Warwick, Feb 15, 2004
    #12
  13. Sue Bilstein

    EMB Guest

     
    EMB, Feb 15, 2004
    #13
  14. Sue Bilstein

    Howard Guest

    In your post, it's the "NNTP-Posting-Host: 219.88.117.164" line.
     
    Howard, Feb 15, 2004
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.