[brass hammer]

if computer geek *******/chi-com could crack then track individual posters i.p./street address? producing a list of known potential resistance, for their fantasy invasion of north america?

don't sweat it RINGWORM! they already know of your prowess and will give you the whole state of platoro to rule as you see fit.

thanks

 

[andy]

without a doubt, $500 a "track", find

such guys at any college where computer training is a big deal. Some people are in for a REALLY bad shock, one of these days.

 

[Hard Rock]

It would be very hard to do since most people use a dialup... meaning they don't have a static IP addy. It is possible with the right equipment with the right access but most people don't have it.

Mike

 

[Rich Z]

Even static IPs aren't really static in all cases. I have a cable connection through Comcast, but just in the time that I have been posting on this board I have 10 different IP addresses associated with those posts. So it is pretty safe to say that each of those IP addresses also point to a bunch of other people at one time or another.

 

[84 C4]

On one of the racing forums I moderate (ironic, because I've had more posts deleted than anyone else, on that site ) the number of IP addresses I had was greater than the number of posts I made.

 

[Aslan]

It can be done. The Government can do it. But they have funding, manpower, expertise, and clout.

Servers are easier to track than individual pcs, as their addresses are around a lot longer and there are more packets heading to a server than to an individual pc.

My router(s) and firewall(s) - yes, I have more than one of each. All get their IP's via DHCP at startup from my ISP. I also reset them on a regular basis so they get a new IP.

All of my computers (yes, again more than one - mixture of pc's and mac's.) are only seen as one or two IP addresses to the internet.

One set of machines goes through a hardware VPN and their internet access would be hidden by yet another set og firewalls and routers, and the IP for those systems would trace back to Pittsburg.

I'm not in Pittsburg, I'm in AZ.

It would be very difficult to untagle all of that routing (since a lot of it would take place in a private network on leased lines) back to my physical location without gaining access to the mainframes my company uses.

The government could do so, they have clout and could get a court order giving them access to my companies hardware and network.

The average hacker would have problems.

I'm not worried about any hackers finding me, though if they do, then it will be my fault for not locking down something in my firewall settings.

But, I would not hesitate to prosecute any who do.

I laugh when I see GK post that $500 hacker thing. (he's posted it quite a few times, I think it supposed to be a threat that he will find us one day. I guess offering to tell him where to find us is too easy or something.)

I am a strong beleiver in hardware firewalls. Software firewalls are ok, but it means they've already reached your system for the software to deal with them.

:devil:

 

[brass hammer]

thanks

i was wondering out loud! great in- put all the way around.

thanks.

 

[Rich Z]

What about these programs that generate random IP addresses from your local system? Are they worth a hoot?

 

[Aslan]

My opinion on the IP randomizers is that they are not worth spending any money on. This is strictly my opinion.

Consider the way an interaction on the internet usually works (simplified)

Your computer sends a request to a web page to display the information on that page. This request includes your IP address, along with some other information.

The web page creates a connection back to the IP address passed and then sends the information.

the connection is dropped.

If you want to do something else, a new request and a new connection are made.

The IP randomizer software changes the IP address for each request.

This sounds like it would defeat any attempt to track you, right?

Unfortunately, this software cannot defeat what is known as stateful packet inspection. The fact that the requests follow a pattern, and the contents of the packets (the information sent back and forth) contain information about the requests, makes it possible to track them.

Remember, the informatio has to find it's way back to your computer. if the packet can find you, so could a reasonably intelligent packet sniffer (hardware / software for examining IP packets)

Some people like the randomizers, I don't put any faith in them.

hope this made some sense.

:devil:

 

[Rich Z]

Hmm. Well what about going through an anonymizing server proxy? Preferably one out of the country.

This is interesting for me because I do have problems on another site where people will get kicked off for some pretty offensive mannerisms, but they seem to be able to come back through one method of another. AOL is the bane of most message board admins because they use proxy servers and members can have a different IP address pretty much everytime they log on.

Sometimes it is beneficial to be able to point to one user and positively know they are the same bad guy who posted earlier under a different name.

 

[andy]

In 1998, I had a server that offered

the option of an "alias" every time you logged on. I used it to give the fits to MANY a bozo who "thought" he had "advanced" software. $500, to the right guy, and the right time, can mean a bullet in your guts, much less motivate an interested kid into doing a bit of research.

 

[Aslan]

Rich,, that's just it. Without investing a lot of time and energy, you won't have the resources to track them down. It can be done, you should read the book the cuckoo's egg. It's just tedius and time consuming. The average guy isn't going to invest the time or effort.

But they won't stop BB from tracking you down if he wants to. He has a virtually unlimited budget, unlimited manpower, better tools, and the ability to make ISP's cooperate with him (court orders).

What is going to start happening, and I've thought about looking into developing it, is a system using an encrypted key.

When you register, you will get a key that resides on your machine. Without the key, you cannot post.

Because the key includes the encrypted username, it cannot be used by anyone else. You boot a user, you disable the key.

Then only trusted (however you want to define it) users can make posts on the board.

Issues with this method:

1)some people have multiple computers, so the key has to be somewhat portable.

2)People upgrade machines - same as point 1

3) how do you establish the trust to give them a key in the first place? <- this is the biggest of the issues. People like the privacy of the net, you can't really demand their dirvers license or their home phone, but it is getting to the point where validation is a requirement.

I mean, just look at GK admitting to causing problems using such a server. (ignoring the childish threats and all)

It's coming, whether we like it or not, all because of a few idiots that feel they are entitled to do as they please on anyones web site.

:devil: