Cat and Mouse Games → Re: IP+time+filename+username = Not an evidence

you have a point
if I spoof my neighbor's IP and MAC address and use his Kazaa username it would appear to the RIAA that I was him

so just find someone you don't like and steal their info
if they get hauled off, big deal...you didn't like them anyway

said by Mr_Stealth:

---

you have a point
if I spoof my neighbor's IP and MAC address and use his Kazaa username it would appear to the RIAA that I was him
...

---

Yeah but if you spoof the IP & MAC you wont be able to establish a connection and actually down/upload any files to the RIAA henchman.

I guess it depends on how the RIAA is building lists of people of whom to send C&D letters to.

I would think the "proper" way is to actually establish a connection with the "target" user and "grab" a copywronged file from him, verify contents, and off the letter goes.

--BUT, it is the RIAA and based on their track record I'll assume they just get a file listing and off the letter goes, regardless of actual contents.

This is looking more and more like a witch hunt than anything else. Yes, I agree that there are valid points being made by both sided (Both the Producers and the legitimate side of copying/DLing.) I have a good sized collection of CDs, but I am also very hard on them. I copy all my CDs to my computer as I get them, so that I can create them again after about a year, when I have moved them around so mush that they are scratched to heck. I do not Share my collections, which has gotten me kicked of a couple of the trading sites. I started DLing music about two years ago to replace the CDs that I damaged but forgot to backup. I do not see what I was doing as wrong, I already paid for the music, and still have MOST of the damaged CDs to prove it. But they way I read this, I am still considered wrong for doing this. I would agree if I was DLing music that was not my own... and yes, I have been VERY VERY tempted, but I keep telling myself not to.

I understand that the RIAA *THINKS* that it is doing the right thing, but the last time I was on one of the trade sites, I saw in excess of 5 million users... even if they go after the top ten percent of the DLers (as one article suggested they plan to,) do they actually think they have the resources to go after 500,000 people? Some of which do not even fall under US or InterPol jurisdiction?

On a humorous note... Have any of you seen the commercial that stars various actors telling us to help them keep their jobs and stop pirating the music and movies? I seriously doubt that the DLing of music and movies is ever going to reach a point where they will not be able to make movies.... Well... that is unless Kevin Costner puts out a sequel to WaterWorld. The software industry is still around, and people have been pirating that for a full on 25+ years now. Not that it is right... just that, unfortunately, it is a fact of life.

If you spoofed all that information, then all the remote computer responses would go to your neighbors connection, which would promptly drop all the packets.

To illustrate what I mean, open a cmd line in windoze and type 'netstat -n'. You'll get a list of all network connections with both the local and remote IP address, and since they are established connections they aren't spoofable the way you mentioned above. 'sockstat -4c' will do pretty much the same thing on a unix box, and is where windows' netstat cmd is ripped from.

Now try connecting to a P2P system and find a host and download something.. while downloading, type netstat again and notice that you get the true IP address of the computer your downloading from.
The RIAA monkeys searching for violators are probably just searching, taking an inventory of the songs a user has, and then doing a download/netstat along with a timestamp.

Whether or not it's useable as evidence, I don't know. Technically though, if their computer can talk directly to yours, they can get enough info to determine your identity with the cooperation of the ISP.

Another point to add.....
When Napster was around I was purchasing 30+ cd's a month. The reason was I would download the full CD and listen to it. If I liked it I would purchase the CD at a store. If I didn't I certainly would not keep it around. Once Napster left I have bought very few CD's since. I would estimate 12 to 15 a year, at most. Amazon gives a sound bite of the songs, but usually not enough to generate a sale.
So here is my solution to the problem. Have the record companies offer their complete catalogs online. Then each song that is offered have a complete copy of the song available at a very low bitrate (32k springs to mind). Then have a reasonably price point for each song to allow purchase of the song at a very high bitrate.Similar to Itunes but with a much larger catalog of music.
This method would make their entire catalog viable again. It would also make music available for purchase that might otherwise go unnoticed. Plus record companies might take more of a chance on unknown artist, since they do not have to invest as much in product promotion or CD inventory.

-=AE=-

It would be hard to spoof an IP and then make a p2p application to work. The only way it could work is if the p2p application is based on UDP and it does not rely on the source IP address to be correct in the UDP packets. As far as I know nobody has done such thing yet.