On 4/9/12 8:03 PM, Andreas Krey wrote: > They don't have much more relevant logs than the usual provider (which > only needs the IP address to be able to point to a specific user). > > The NAT is an interesting thing by itself: Usually, interested parties > will only come up with an IP address to track down someone, and then the > NATting provider has the problem that there are multiple users behind that > addresse. Having logs of every NAT translation doesn't help much, because > usually the interested party does not have the source port number used. It help if the provider log all NAT translation.
The provider can tell to the LEA, given a specific target IP, that "this/those user(s) established a connection to that target IP". Typically it would be a single user, but even in case of many users, traditional other criminal investigation/correlation will help LEA in identifying the right user. For example in Italy Fastweb (www.fastweb.it) fiber internet provider, that have for end-user a big MAN with private ip address, do NAT translation logging and LEA reporting when required. -naif _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
