How to find out a previous connection IP Address

kc_kyle · 4 May 2013 at 22:00

davido_labido said:
isnt it up to them to prove you HAVE downloaded the film, rather than you prove you havnt? an IP address isnt proof enough, as it can be changed.

tell them you want more proof!

I thought so to.

All I know is that the process goes as follows:

Ipoque detects a file are being illegally downloaded and goes to the law firm say, "Hey, look we got another one! Here's the connection details/IP address it was downloaded by."

Lawyer looks up IP address, find who the ISP is and contacts them, asking to put a name to the IP address at the time of the download. Sop whether the IP Address has changed since doesn't matter.

Someone gets a letter in the post.

teaboy5 · 4 May 2013 at 22:02

kc_kyle said:
I thought so to.

All I know is that the process goes as follows:

Ipoque detects a file are being illegally downloaded and goes to the law firm say, "Hey, look we got another one! Here's the connection details/IP address it was downloaded by."

Lawyer looks up IP address, find who the ISP is and contacts them, asking to put a name to the IP address at the time of the download. Sop whether the IP Address has changed since doesn't matter.

Someone gets a letter in the post.

Have made contact with anyone over this? If not, take the letter and throw it in the fire.

Rroff · 4 May 2013 at 22:05

Quite a few games (i.e. eve online), email clients, etc. keep an activity log of logged in sessions that you can check your IP history on so worth looking at sites and online apps you use to see if they have that feature - if the IP its logged either side of the alleged offense is the same but different to the one they have logged then its a good indication it wasn't you.

HungryHippos · 4 May 2013 at 22:09

You previously purchased the film in question, but wanted to have a backup of the film. As such you downloaded the film from the interwebs.

P.S. Don't know if this would actually work, but I heard before you are allowed to have a backup of your purchased/licensed media.

kc_kyle · 4 May 2013 at 22:11

Rroff said:
Quite a few games (i.e. eve online), email clients, etc. keep an activity log of logged in sessions that you can check your IP history on so worth looking at sites and online apps you use to see if they have that feature - if the IP its logged either side of the alleged offense is the same but different to the one they have logged then its a good indication it wasn't you.

Yeah I tried this by checking the message details of an email I sent on the same day. According to my lawyer though, the IP stated is just the network IP and not the connection IP, which is the one that counts. I would copy and past the messgae information, but it contains sensitive information - I wouldn't feel comfortable advertising it to the world...

kc_kyle · 4 May 2013 at 22:12

Eulogy said:
You previously purchased the film in question, but wanted to have a backup of the film. As such you downloaded the film from the interwebs.

P.S. Don't know if this would actually work, but I heard before you are allowed to have a backup of your purchased/licensed media.

I didn't download the film... I hadn't even heard of it before this whole catastrophe. Plus, I would probably need a receipt that I did in fact buy the film. But thanks for the idea.

Malevolence · 4 May 2013 at 22:18

Eulogy said:
You previously purchased the film in question, but wanted to have a backup of the film. As such you downloaded the film from the interwebs.

P.S. Don't know if this would actually work, but I heard before you are allowed to have a backup of your purchased/licensed media.

Doubt that defence would it would work. Once you'd admitted to downloading the film, no matter if it was only a couple of bytes they'd get you on uploading. If I were the OP I'd have just binned the letter and thought nothing more about it.

Rroff · 4 May 2013 at 22:20

Not that its very helpful but I still fail to see how its possible to have a chain of custody/evidence with an IP address alone thats water tight enough that a case based on it could ever get near a court - the chance for contimnation of the evidence is ridiculously high.

bam0 · 4 May 2013 at 22:25

kc_kyle said:
Yeah I tried this by checking the message details of an email I sent on the same day. According to my lawyer though, the IP stated is just the network IP and not the connection IP, which is the one that counts. I would copy and past the messgae information, but it contains sensitive information - I wouldn't feel comfortable advertising it to the world...

So you have an email that you sent on the same day from your home computer to another address of your own? In this case the email headers on the received email should list the IP address of your connection. Depending on your client it different to do this but you want to look at the raw headers, in gmail you can do this by opening the mail then in the drop down to the right of the reply button clicking "show original". You should see some lines that start "Received:" they show the path that the email took to get from sender to receiver. If you sent it from an email client at your home (not webmail) one of these lines should include the IP address of your internet connection.
If you were using webmail you may find a header called "X-Originating-IP", although Google don't include this and it seems Hotmail no longer include it either.
If you want to post these lines they won't reveal any information about your emails and someone here will be able to point out if your external address is in there.

xGBHxPegasus · 4 May 2013 at 22:27

If you have Facebook, in the security settings theres active logins and shows you the IP address. Could try and see if it shows a session from 2 weeks ago?

teaboy5 · 4 May 2013 at 22:31

kc_kyle said:
I didn't download the film... I hadn't even heard of it before this whole catastrophe. Plus, I would probably need a receipt that I did in fact buy the film. But thanks for the idea.

Are you listening to anyone in this thread? Take the letter and bin it.

kc_kyle · 4 May 2013 at 23:06

bam0 said:
So you have an email that you sent on the same day from your home computer to another address of your own? In this case the email headers on the received email should list the IP address of your connection. Depending on your client it different to do this but you want to look at the raw headers, in gmail you can do this by opening the mail then in the drop down to the right of the reply button clicking "show original". You should see some lines that start "Received:" they show the path that the email took to get from sender to receiver. If you sent it from an email client at your home (not webmail) one of these lines should include the IP address of your internet connection.
If you were using webmail you may find a header called "X-Originating-IP", although Google don't include this and it seems Hotmail no longer include it either.
If you want to post these lines they won't reveal any information about your emails and someone here will be able to point out if your external address is in there.

I think this is what you mean:

Received: from dub0-omc3-s34.dub0.hotmail.com (dub0-omc3-s34.dub0.hotmail.com
[157.55.2.43]) by mail.phorms.de with ESMTP id xlPSBGCWeojCoEXq for
<[email protected]>; Tue, 16 Apr 2013 22:27:54 +0200 (CEST)

(I've just taken this snippet from the message details and censored my email address. Would 157.55.2.43 have been my IP at the time then?

Amleto · 4 May 2013 at 23:08

no. the very first 'received by/from'

you wont have 'hotmail' or anything like that from your ip!

HungryHippos · 4 May 2013 at 23:08

That looks like the hotmail server IP address to me.

jsmoke · 4 May 2013 at 23:46

Basically you will pretty much always only get your LAN IP AFAIR, that means your behind a router, including a cable modem.

Why don't you check your routers logs.

Start/run and type cmd, then type ipconfig in the console.

Find your default gateway IP and enter this like http://198.168.1.1 or whatever it is and have a look for a log in there, your never know.

kc_kyle · 4 May 2013 at 23:47

This then maybe?

Received: from mail.phorms.de (192.168.99.12) by managex.PhormsSchool.net
(192.168.99.11) with Microsoft SMTP Server id 8.1.436.0; Tue, 16 Apr 2013
22:28:00 +0200

jsmoke · 4 May 2013 at 23:51

kc_kyle said:
This then maybe?

Received: from mail.phorms.de (192.168.99.12) by managex.PhormsSchool.net
(192.168.99.11) with Microsoft SMTP Server id 8.1.436.0; Tue, 16 Apr 2013
22:28:00 +0200

They are all LAN IPs, which means they can't be yours, anything outside your router can't see your LAN IP.

OOps I missed the 8.1.436.0 but it looks like it's a Microsoft IP.

marc2003 · 4 May 2013 at 23:52

their scaremongering is certainly working. you're ignoring all the sensible advice telling you to bin the letter and forget it. there's not really much hope for you at all.

kc_kyle · 4 May 2013 at 23:55

marc2003 said:
their scaremongering is certainly working. you're ignoring all the sensible advice telling you to bin the letter and forget it. there's not really much hope for you at all.

Perhaps not. They kindly sent me a cease and desist form, which I know is a bad idea. It seems I should send a modified one and then do nothing. Apparently the lawyer just gives up after a few unanswered warnings.

Castiel · 5 May 2013 at 00:04

You cannot be convicted on the basis of an IP Address alone, you have no obligation to 'prove' your innocence, they have the obligation to prove that you have committed an offence. If German Law is so lacking in basic rights that simple accusations based on dynamic IP addresses is sufficent to even get a charge against you, let alone a court appearance or conviction then I feel very sorry for you.....I suspect however that they cannot and the best (despite what other lawyers might tell you) advice is to ignore the letter, at least the initial ones...if they had anything substansive then you would have recieved a visit from the local Police, not some random letter from a law firm.