ilec_geek writes: I'm looking for constructive feedback from IT professionals working at small or large ISPs. When copyright infringement notifications come my way, the only identifying information they provide me with is an IP address and possibly source TCP port number. Because I work at a small ISP, I dynamically assign private (RFC 1918) IP addresses to my subscribers via DHCP. Then I use my sparingly assigned public IP addresses in overloaded NAT pools to translate those private addresses for outbound Internet traffic. This all works very well, except when a copyright infringement notice shows up. I do have the ability to grep my NAT tables which I archive 4 times a day (every 6 hours) which allows me to track down the alleged violating public IP and source port. Then I cross reference that with my DHCP leases to find the associated user account. However, the NAT tables in my router are so volatile and nebulous, even though I capture them every 6 hours, I find many translations in the router that simply are no longer there when I perform my regular archive. My question is, how many of you have encountered the same challenges, and how have you solved them? Sometimes these infringement notifications get to me several days after the fact. The only solution I see is to keep an exact image of my huge NAT tables archived for every minute of the day for several days. This would turn into an administrative nightmare and would quickly reach the level of absurdity in the amount of data I would have to store just for this purpose. The bottom line is, I don't believe an IP address alone is sufficient to identify a person in a copyright infringement issue. My own example illustrates how cumbersome and difficult it is (and sometimes impossible) to identify a person based solely on their IP address. I am not deliberately trying to hide my customer's identities. It is simply the most efficient way for me to design my network.