This post has been removed at the request of the Afghan blogger involved, as new information has come to light substantially changing the story. The post concerned the following:
“Sohrab Kabuli“, Afghan blogger and winner of the Freedom Blog Award for his Farsi blog, Shared Pains, has been getting death threats. (You can read an interview with him about his blog and its impact here.)
Initial information pointed improperly to the source of the threats.
Hmmm. Anybody taking DHCP and/or NAT into account here?
I doubt the BBC would spend the money to have an internet routable IP address for every computer in their intranet.
They would much more likely use a Network Address Translator that gives an address from a smaller (ergo, less expensive) pool of internet routable addressed to each computer any time it reaches out to the internet from the BBC intranet.
So, unless the BBC has good logging for their NAT/DHCP servers, then it is rather unlikely they’ll be able to isolate the exact computer that sent the message.
For example, my company has well over 200 PC’s, but we only have 30 routable addresses. So, there will be an IP address of 206.117.x.x shown for this post of mine, but that is not directly traceable to the PC on my desk.
I’d give it a 50% chance they can.
I have been following this story for well over 15 minutes and I’m trying to be fair. This has Karl Rove’s fingerprints all over it; blah. No terrorist sympathizer would ever be dumb enough to post a hateful, threatening email; blah. This is an attack on the unbiased BBC by partisan political operators; blah
My question is how long will it take before we black bloggers get another “take down” like Aslam?
You just got another Instalanche here. Will this get results? Will this become a major BBC scandal until the instigator is behind bars?
Inquiring minds want to know.
I should clarify: “black blogging” is the new term for blackballing the main stream media when they step over the line with certain articles and reports. We are determined to get our scalps. This time the scalp has to be the threatening BBC employee fired and behind bars.
IP addresses are logical addresses, not physical. On most large networks they are dynamically assignned, i.e. an address that belonged to a specific computer yesterday belongs to another today, and yet another tomorrow, this person kept the same IP for better than a month. Does the BBc use static IP’s or multi-month DHCP leases? Spammers and malicious hackers compromise networks all the time to generate unwanted traffic and/or attacks from a network with no connection to them other than poor security, so as Vann said someone outside the BBC could be taking advantage of a compromised network. Most firewalls make all of the traffic from a network look like it’s coming from a single address, and the address in question resolves to webgw0.mh.bbc.co.uk (which I’d guess is Web Gateway 0, a proxy or firewall server with dozens if not hundreds of users behind it).
I’m more than willing to believe the Beeb would employ a gutless terrorist sympathizer, but you need a little more evidence before you start naming names.
Racist! Your use of the term ‘black’ clearly indicates you do no understand whom you may hurt or slander, as I’m sure the Beeb will tell you. You consequential backpeddling doesn’t matter. ;)
Well, where is the BBC reporter based? It may be that his locale has one assigned IP address, and it may be that he is the only BBC reporter there. That would explain why his IP would stay the same for so long.
It would not surprise me at all that a person, even a reporter, would not realize that IPs can be traced, though. Plenty of smart people don’t realize that, so I wouldn’t use that as evidence either way.
Listen, even with DHCP/NAT, you have logs that tell you which system MAC address acquired which IP address, and when. So you can, if you have the desire and technical know-how, walk the cat back to at least a particular piece of hardware (since MAC addresses are hardware unique IDs for most desktop PCs/Macs). You can trace this thru ethernet switch logging, DHCP logging and firewall/NAT logging.
That is, if you have technical competence and have due diligence logging. I believe the BBC has that competence, but not necessarily the desire.
If they know the IP address and the time of the post, it literally will take MINUTES to look at the DHCP or static IP logs on the BBC network. As a network administrator, I can tell you that this is something that shouldn’t take more than 5 minutes.
The network logs will show the “MAC” address of the computer/network adapter that connected to THAT IP at THAT TIME and is uniquely identifiable. They should be able to narrow down the PC that had this IP address on those dates and identify the person who used that PC.
Good luck and take care. I hope this person is exposed very soon.