UTIMACO - Secure tracing of IP addresses back to users and devices
In today’s criminal investigations, tracing IP addresses back to the actual users and devices is a critical requirement. Sometimes a source IP address, a TCP port number, date and time are the first or only leads accessible to a criminal or suspected terrorist.
Finding the user of an IP address and port number is sometimes difficult, if not impossible. One key challenge is that many Internet Service Providers use NAT/NAPT (Network Address and Port Translation) for sharing IP addresses among a larger group of users or for security reasons. In practice, NAT eliminates the traceability of source IP addresses, because the translation of addresses is highly volatile and commonly not recorded by the ISP.
Utimaco has developed an on-switch and off-switch solution to generate and load NAT logs to the Utimaco DRS in near-realtime. The on-switch technique reads and correlates NAT logs and AAA logs from available resources. The unique off-switch technology generates the log data by filtering and correlating all pre-NAT and post-NAT IP traffic with AAA data captured from the network. Latest generation FPGA technology overcomes the processing restrictions of software based logging solutions, such as incomplete data, restricted protocol support and missing byte counts.
For long-term retention and analysis, all aggregated Internet Connection Records (also known as Internet Protocol Detail Records - IPDR's) can be imported into the Utimaco Data Retention Suite (DRS). Operators can use Utimaco DRS, to trace IP addresses back to individual users, phone numbers and geographical locations. The DRS provides comprehensive security features for telecom operators and/or law enforcement agencies to control data access.