1

Can the Police or any other lawful body obtain information about a criminal from the ISP knowing such things as the shared IP (the NAT, I believe?), timestamps, visited websites etc.?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Mateusz Sowiński
  • 111
  • 1
  • possibly, if the router logs activity by the inside IP addresses. – mti2935 Jun 08 '20 at 18:55
  • I've changed the title of your question so that it now asks for tracking the internal user (the criminal) and not the internal IP. The internal IP address is not very useful by itself but based on the body it is the actual user you are interested in. – Steffen Ullrich Jun 08 '20 at 19:10
  • If the lawful body(Police) wish to, they may collect data by any means possible. I am commenting this on ethical factor instead of technical here. Focus on being ethically correct and forget about hiding your information from lawful bodies. They are here to protect us. Or may be rephrase your question – Arpit Rohela Jun 08 '20 at 19:20
  • @ArpitRohela the question here isn't really a matter of ethics or anything else, I was really just curious if a NAT protects a criminal in any way. – Mateusz Sowiński Jun 08 '20 at 19:31
  • I apologize, my understanding is solely based on words used to frame a question and the way my brain interprets it. Its better you clarified. – Arpit Rohela Jun 08 '20 at 19:41

2 Answers2

2

Since the ISP knows the owner (the one who pays the bills) and street address of the shared IP address police will likely start there. They might simply confiscate the systems in this home and question the inhabitants for more information, i.e. do it the analogue way and not try to somehow trace some internal computer back through the internet.

guntbert
  • 1,825
  • 2
  • 18
  • 21
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • I'm not sure you got what I meant? The whole idea is that the Police gather information like the shared IP, timestamps etc. and from that, the ISP traces it to the user and their address (which they don't know to begin with) – Mateusz Sowiński Jun 08 '20 at 19:30
  • @MateuszSowiński: Maybe we are talking about different ISP here. The one I talk about is the one who provides DSL, cable, fiber etc access to home users. This kind of ISP knows which user is currently using which shared IP address (and was using which in the past) and also knows the address. Even a mobile ISP usually knows the one who pays the bills so it is possible to track down someone to query too. What kind of ISP you are talking about? – Steffen Ullrich Jun 08 '20 at 19:44
0

A sophisticated adversary able to observe traffic can indeed differentiate different users using the same external IP by analyzing TCP sequence numbers and through timing analysis.

They will be able to draw conclusions such as "The person who visited XXX site also visited YYY site".

8vtwo
  • 372
  • 1
  • 7