On Sat, Dec 16, 2000 at 12:26:45PM -0500, madmullah wrote:
Regarding anonymous Usenet reading (vs. posting), what kind of logging do most nntpd's perform ?
I've never had the opportunity to setup nntp daemon softwarez so I have nada idea as to the level of default logging that they perform by default, or how they can be tweaked further.
By default they perform all the default logging....
Is it possible to log HEAD and BODY requests for individual articles in individual newsgroups along with a userid on the clients end ? Worse, can the ip address of the client newsreader software be logged along with its individual nntp commands ?
Yes, it can be. I used to have a script which parsed nntpd logs to watch an individual's browsing (individual host that is). With access to the dialup/radius database, the ISP could match the IP to the account and thus to the real name. The same info can be obtained for email on an ISP via POP/IMAP logging combined with the sendmail logs (and looking at the emails in the queue to get the content). Fortunately most ISPs don't have the time to do this just for fun, unfortunately a lot of them would do it if requested to do so by police. Only by running your own mail or news server can you prevent the ISP from monitoring your email or news reading. -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5