does isp's knows which sites you browse to?

[arik100]

hello
does an isp know when the user is connecting to any kind of web site?
for an example:
if i enter www.NAMESITE.com
will my isp know , that i have browsed this web site?
or another example
if i use some port , 5441 for example , will they know exactly which port i have used?

 

[tdg]

Since everything is passing through them, they have the ability to know. Its highly unlikely they watch what you do or even log any of it, unless something illegal is going on and they were served with a subpoena.

 

[Ockie]

Yes, so stop visiting those donkey pr0n sites

jk. But yes, they can if they wanted, pretty much anyone can with the skill and devotion if they really wanted.

 

[scoob8000]

Yes, but do they log this information for everyone? No.

So unless you are under government investigation, nothing to worry about.

 

[YeOldeStonecat]

Since everything is passing through them, they have the ability to know. Its highly unlikely they watch what you do or even log any of it,

Exactly. OP..have you ever looked at DNS logs before? Holy makeral..take a kajillion hours just to sift through a few minutes of surfing time from a large number of clients.

 

[sandmanx]

Exactly. OP..have you ever looked at DNS logs before? Holy makeral..take a kajillion hours just to sift through a few minutes of surfing time from a large number of clients.

It's pretty simple to sort these logs by IP address though. I wouldn't be suprised if ISPs at least keep logs of everything passing through their firewall for a period of time. I admin a fairly small amount of users compared to an ISP, but I can produce logs of everyone in very little time. Since disk space is so cheap these days, it's easy to keep.

 

[ring.of.steel]

Are the isp's even allowed by law to just see what your browsing? isnt this intruding your personal privacy?

 

[Hurdler]

Are the isp's even allowed by law to just see what your browsing? isnt this intruding your personal privacy?

Well, it's going through their network, so I would imagine that if they wanted to they could.

 

[ring.of.steel]

Well, it's going through their network, so I would imagine that if they wanted to they could.

Yes, but you use the telephone companys network for voice and they can just listen in on you for no valid reason.

 

[Hurdler]

Yes, but you use the telephone companys network for voice and they can just listen in on you for no valid reason.

That's also a valid point.

However the phone companies don't record your call as part of normal operations. The ISP's kind of have to know what you're doing.

 

[sandmanx]

Yes, but you use the telephone companys network for voice and they can just listen in on you for no valid reason.

The telephone company also keeps a record of all phone numbers you dialed. Consider keeping a record of all IPs you visited as the same thing. They don't "listen in", they just record where you went.

 

[ring.of.steel]

The telephone company also keeps a record of all phone numbers you dialed. Consider keeping a record of all IPs you visited as the same thing. They don't "listen in", they just record where you went.

I suppose so yes, but i allways think for your isp to see every site you went on is a bit intrusive, as things are logged by domain name normally, with the telephone companys its just a number, if you see what i meen.

 

[Grentz]

IMO the things most ISPs would be monitoring is their DNS servers. It is a lot easier to monitor a DNS server than it is to monitor a customers individual line.

There would have to be a proxy of some sort to monitor all surfing traffic and such, and most ISPs do not force traffic through a proxy. DNS servers on the other hand are being hit by your machines all the time and could easily log what is being requested.

 

[ring.of.steel]

IMO the things most ISPs would be monitoring is their DNS servers. It is a lot easier to monitor a DNS server than it is to monitor a customers individual line.

There would have to be a proxy of some sort to monitor all surfing traffic and such, and most ISPs do not force traffic through a proxy. DNS servers on the other hand are being hit by your machines all the time and could easily log what is being requested.

Quite a few people now dont use their isp's dns, i dont.

 

[Met-AL]

Quite a few people now dont use their isp's dns, i dont.

OpenDNS here.

 

[sandmanx]

I suppose so yes, but i allways think for your isp to see every site you went on is a bit intrusive, as things are logged by domain name normally, with the telephone companys its just a number, if you see what i meen.

A bit, but these logs may be required to surrender to government agencies.

IMO the things most ISPs would be monitoring is their DNS servers. It is a lot easier to monitor a DNS server than it is to monitor a customers individual line.

There would have to be a proxy of some sort to monitor all surfing traffic and such, and most ISPs do not force traffic through a proxy. DNS servers on the other hand are being hit by your machines all the time and could easily log what is being requested.

All ISPs are going to have a small amount of gateways, and traffic will almost surely be logged to where it's being routed to from here.

 

[niccoli]

Honestly, depending on the network it woudln't be that hard to see what a user is doing, and it gets easier as we go all FTTP since everything is IP(voice, data, video..etc). Heck, if I wanted to see what a user was doing all I would need to do is port mirror at about 5 different places on my network, have my sniffing software filter out for only a certain IP and just sit back.

Would I, no, it's mostly a matter of ethics, ethically I don't feeel it is right to do something like this unless I have a good reason to do so. That being said, we do collect netflow stats on our network which, like it or not, give me a picture of what is being transfered on my network as well as a glimpse of sites people go to and who comes to their sites. We use this mostly for traffic shaping (if lots of users are going to a certain site we alter our BGP routes to send out certain connections...etc.

 

[Cheetoz]

what kind of hardware would you need to "sniff" thousands of users.

 

[SpaceHonkey]

http://en.wikipedia.org/wiki/Narus

 

[athlon1.2]

Yes your ISP can and does collect browsing habits most likely. The don't usually give out those details, unless you pay them to.

 

[goodcooper]

Yes your ISP can and does collect browsing habits most likely. The don't usually give out those details, unless you pay them to.

most informative 2 sentences EVAR

 

[ring.of.steel]

most informative 2 sentences EVAR

QFT

 

[delemorte]

Yes your ISP can and does collect browsing habits most likely. The don't usually give out those details, unless you pay them to.

These are mostly, if not al,l about ISP's in the UK. Laws in the US differ a bit. but as working with a LARGE ISP i can contribute this.


Yes it is not hard to track your movements on your ISPs network, from the perspective of your ISP, regardless of what DNS you use; you still go thru our gateway and routers. However no they dont keep track of that garbage.Do you know how large a log like that would be? For the sake of argument, lets just say we are recording records on a few hundred thousand subscribers (thats a small percentage of a ISP's subscriber base)? HOLY CRAP BATMAN!!! Even with releativly cheap prices of hard drives these days you are talking about a huge amount of data and exspense.

On the other hand if Uncle Sam or your local LEO's were to send a request to your ISP to monitor your IP and track were you went then that woud be a differnet story.



TOP ISP's by subscriber...
http://www.isp-planet.com/research/rankings/usa.html

Comcast alone has 12 million subscribers.

 

[andyroo]

Do they see what you download like torrents? if they do my ISP must not care which is good thing

 

[ring.of.steel]

Do they see what you download like torrents? if they do my ISP must not care which is good thing

Didnt you just read the above poster, if an isp has 12 million subscribers how is it supposed to monitor everyone?

 

[SpaceHonkey]

Didnt you just read the above poster, if an isp has 12 million subscribers how is it supposed to monitor everyone?

Did you read my post? A Narus STA 6400 is capable of deep packet inspection at OSI layer 3 (read IP) at 10 Gb/s (or OC-192) and layer 7 (read HTTP or any other cleartext application protocol) at 2.5 Gb/s (or OC-48). While doing this it can be used for several things, anything from reconstructing emails, Voip phone calls, file transfers - anything you can transfer it can reassemble, if they want it to. What is likely done is that it searches for activity that matches certain criteria - keywords like "bomb" and other terrorist-sounding activities, at which point you've got its attention. Then it can make a social network of sorts and log your activity - along with who you're communicating with. Presumably these machines could be linked to a mothership (the NSA) and could therefore be used as a group to target individuals deemed as threats. This is exactly how the NSA wiretapping works (and other non-disclosed surveillance programs).

Furthermore, if your OS has the Dual_EC-DRBG pseudo random number generator installed (including Vista SP1) and the program that requires encryption decides to use it (out of your control) your data can be on the fly decrypted after receiving a measly 32 bytes of data. That's the equivalent of a TLS initiation. Let me be clear. In the amount of data it takes to handshake with your bank online (without even logging in!) your data can be decrypted if this algorithm was used. This works because the algorithm is known to have a master key of sorts; if you know the master key and have sufficient data, you can guess what "random" numbers will be generated. The math comes to 32 bytes. And it goes for ANY encrypted data using ANY encryption algorithm. It should be said that just because the Dual_EC-DRBG prng is installed does not mean you are using it. However, you cannot disable it, and the program must explicitly call it. It is safe to assume that if Microsoft was willing to patch it into Vista SP1 at the request of the government, they would also bow to making IE using it by default. That, however, is purely speculation.

So IF your ISP wants to track you, by all means they can, and at backbone speeds.

 

[delemorte]

Do they see what you download like torrents? if they do my ISP must not care which is good thing

NO they dont care. All they care about is bandwidth. Dont show up on their radar as a heavy uploader and they dont care what you download.

Did you read my post? A Narus STA 6400 is capable of deep packet inspection at OSI layer 3 (read IP) at 10 Gb/s (or OC-192) and layer 7 (read HTTP or any other cleartext application protocol) at 2.5 Gb/s (or OC-48). While doing this it can be used for several things, anything from reconstructing emails, Voip phone calls, file transfers - anything you can transfer it can reassemble, if they want it to. What is likely done is that it searches for activity that matches certain criteria - keywords like "bomb" and other terrorist-sounding activities, at which point you've got its attention. Then it can make a social network of sorts and log your activity - along with who you're communicating with. Presumably these machines could be linked to a mothership (the NSA) and could therefore be used as a group to target individuals deemed as threats. This is exactly how the NSA wiretapping works (and other non-disclosed surveillance programs).

So IF your ISP wants to track you, by all means they can, and at backbone speeds.

Yes this is true but it would take a LEO request to get this ball rolling. Bottom line is there is no way to hide on the internet unless you use public AP's like in libraries or coffee shops. Even then someone is going to see you. If all your concerned about is downloading some games or MP3's then i would not worry about it, if your planning a terrorist attack then i would not risk it.

 

[Zardoz]

it's all about time and money, ISPs or anyone for that matter don't really watch what you do on a file level, it's more on a usage/general level if even that, and if that usage becomes a problem or you are doing things that alert them then they can spend the time and money to inspect you and see what is going on.

Think of it like a police department. the cops are out there they watch what you do and for the most part don't care what you do, however if you keep doing the wrong things or do something very bad you will get in to trouble.

 

[jfejapan]

Okay, I understand that your ISP can track your activities very easily going forward but do they or are they able to know what you have downloaded and where you have been in the past? And if so, how far?

Also, what happens to your old ISP log if you change to a different ISP.

Thanks to all the knowledgable and informed people that have been so willing to share!

 

[bob]

what kind of hardware would you need to "sniff" thousands of users.

My Via C3 can handle snort over cable internet, im still able to burst past 20Mb/s. Of course, its just one user and a few connections at the most.. Its not really a question of what hardware is needed to sniff...

What hardware is needed to sniff, sort, and store while providing a decent broadband connection at a low cost? Slashdot article about argentina:

http://yro.slashdot.org/article.pl?sid=05/04/11/1944204

 

[Cheetoz]

slashdot article about

"The Washington Post is reporting that some Internet Service Providers (ISP) have been using deep-packet inspection to spy on the communications of more than 100,000 US customers."

http://yro.slashdot.org/article.pl?sid=08/04/05/1232206