Quote from gotta_trade:
Hi,
If someone makes a post on a forum, is it possible to identify who they are where they live, (by their IP address or any other means)?
Or is it basically 100% confidential?
Thanks,
gotta_trade
OK what did you do? .... may as well confess now.
The short answer, is that far more information than you think is handed out when you post. Given resources, you are never anonymous. although the information may be useless when they go to research it depending on the installation you visit. One needs co-operation between all intermediate sites to do it and solid logging. It costs a lot of time and money to do it (unless they have sniffers and other such tools) and ultimately proving it was actually physically you on the particular machine is tough in law. (You can claim you were hacked by a trojan for example.)
Think about this. In order to communicate in a stateless variable route network, two machines must uniquely ID each other to compose and send a message. Investigators also need to know something about the network topography and have access to it or the logs.
One of the secrets of the Internet is letting people think they are anonymous and letting them think they are secure but not really. In 1998 or so, we wrote a servlet that dumped all the meta data that goes with the HTTP header. I was amazed then, but computers didn't have unique ID chips then. I'll bet that things are a whole lot worse now.
IP addresses can be spoofed, and most installations use DHCP which changes things ( look up command IPCONFIG /RENEW). Good logging and network topology captures all. It has been sometime since I have worked in IT.
We fired one person, when admin logs were wiped minutes after I told one particular programmer that we had inadvertently detected solaris root had been compromised on one box. The log times told the story and we were watching for it. He later came to me and asked me not to say anything (unknown to him - I was responsible for a particular security area on 300 plus environments). We already knew, and I had escalated it to the director level and was awaiting instructions back.
The responsible project manager asked me what to do. I said stop all work (50 programmers), load a previous environment from backup a month back (6 hour outage). She said that would cost too much time and trouble and we have a 35 million dollar project behind schedule. I said, all the more reason to do it then if it were me. She didn't likely tell me everything though.
We later found out the project manager had encouraged this contract individual to compromise root to "help the project" along. I would have fired her as well, but in the end she was promoted! The project was being billed to external clients and they might have sued if they knew all the details, but the project was a huge failure promoted as if it was a huge success. I often wonder how much more damage she has done to the particular company since I left. Soon after she was removed and put in purchasing (IT purgatory).
