Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Is this possible?

Reply
Thread Tools

Is this possible?

 
 
alan
Guest
Posts: n/a
 
      07-20-2009
On a newsgroup other than this one, in which two posters (we'll call them
tweedledee and tweedledum) are constantly at each other's throats, two posts
appeared yesterday which showed email addresses belonging to tweedle*dee*.
The IP address belonged to tweedle*dum* and, oddly enough, the posts were
signed by tweedle*dum*.

This was followed a few minutes later by a post from tweedle*dum* announcing
that he had not made those posts, explaining that "someone hacked my
newsreader" . . .

I'd say that, due to the fact that the IP address belonged to tweedledum, he
HAD to have been the one that made the posts with tweedledee's email
address, right?

I mean, although I'm sure it's possible to use someone else's newsreader,
that's not going to force the system to incorrectly report the originating
IP address, is it?

It's my thought that tweedledum realized his stupid error of having signed
"tweedledum" to a post he was trying to make appear had come from
tweedledee,
panicked, and came up with the even dumber idea of claiming a "hacked
newsreader".

In short, it's not possible to forge someone else's IP address, is it?

 
Reply With Quote
 
 
 
 
John Holmes
Guest
Posts: n/a
 
      07-20-2009
alan "contributed" in 24hoursupport.helpdesk:

> On a newsgroup other than this one, in which two posters (we'll call
> them tweedledee and tweedledum) are constantly at each other's
> throats, two posts appeared yesterday which showed email addresses
> belonging to tweedle*dee*. The IP address belonged to tweedle*dum*
> and, oddly enough, the posts were signed by tweedle*dum*.
>
> This was followed a few minutes later by a post from tweedle*dum*
> announcing that he had not made those posts, explaining that "someone
> hacked my newsreader" . . .
>
> I'd say that, due to the fact that the IP address belonged to
> tweedledum, he HAD to have been the one that made the posts with
> tweedledee's email address, right?
>
> I mean, although I'm sure it's possible to use someone else's
> newsreader, that's not going to force the system to incorrectly report
> the originating IP address, is it?
>
> It's my thought that tweedledum realized his stupid error of having
> signed "tweedledum" to a post he was trying to make appear had come
> from tweedledee,
> panicked, and came up with the even dumber idea of claiming a "hacked
> newsreader".
>
> In short, it's not possible to forge someone else's IP address, is it?
>


In my client, I can add any IP addy I'd like. What does the IP addy in my
headers tell you?


--
<snip>















 
Reply With Quote
 
 
 
 
Mike Easter
Guest
Posts: n/a
 
      07-20-2009
alan wrote:
> On a newsgroup other than this one,


This would be more interesting to consider if you would simply name the
group and the *dum & *dee personas, so that the evaluation of the headers
could avoid your personal 'filtration'.

It is much better to look at the actual headers than your sketchy
analysis of one part of them.

--
Mike Easter

 
Reply With Quote
 
Aardvark
Guest
Posts: n/a
 
      07-20-2009
On Mon, 20 Jul 2009 14:15:50 -0700, richard wrote:

> From what I understand, it sounds like both are actually the same person
> and the idiot forgot which service he was using at the time. It is
> highly unlikely that two people using two different machines on the same
> service will ever have the same IP.


What about the 300 people who you said could do 'IP sharing'? Or do you
mean that an IP can't be shared by only 2 hosts, it has to be 300?

I'm confused, please explain.
 
Reply With Quote
 
Evan Platt
Guest
Posts: n/a
 
      07-20-2009
On Mon, 20 Jul 2009 15:04:48 -0700, richard <(E-Mail Removed)>
wrote:

>I drop out of threads when I see no point in arguing the issue.


Translation: When you know you're wrong, and cannot prove your point.

>Even more so when the discussion is far removed from the original
>topic.


Uhhh.. but this topic is about forging NNTP-Posting-Hosts, And my
point was it can be done. You said it can't.

>I will not reply to your reply to this.


Because you know you're wrong.

>So you lose, again.


LOL... Only in your mind, St00pid. Everyone here knows you're wrong,
and that you're st00pid. Except you.

You have yet to actually win an argument.
--
To reply via e-mail, remove The Obvious from my e-mail address.
 
Reply With Quote
 
Evan Platt
Guest
Posts: n/a
 
      07-20-2009
On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark <(E-Mail Removed)>
wrote:

>What about the 300 people who you said could do 'IP sharing'? Or do you
>mean that an IP can't be shared by only 2 hosts, it has to be 300?
>
>I'm confused, please explain.


He won't. He can't. Because he's wrong.

As much as I normally am a people person and would never wish bad
things on anyone, he's one of the few that I'd love to see become just
sick enough that they're unable to use their computer.

Well - I mean he can barely use his computer now. You know what I
mean.
--
To reply via e-mail, remove The Obvious from my e-mail address.
 
Reply With Quote
 
John Holmes
Guest
Posts: n/a
 
      07-20-2009
Evan Platt "contributed" in 24hoursupport.helpdesk:

> On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark <(E-Mail Removed)>
> wrote:
>
>>What about the 300 people who you said could do 'IP sharing'? Or do you
>>mean that an IP can't be shared by only 2 hosts, it has to be 300?
>>
>>I'm confused, please explain.

>
> He won't. He can't. Because he's wrong.
>
> As much as I normally am a people person and would never wish bad
> things on anyone, he's one of the few that I'd love to see become just
> sick enough that they're unable to use their computer.
>
> Well - I mean he can barely use his computer now. You know what I
> mean.


Hence your reply, you're the only sick one here, Evan.

--
<snip>







 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      07-20-2009
Mike Easter wrote:
> alan wrote:
>> On a newsgroup other than this one,

>
> This would be more interesting to consider if you would simply name the
> group and the *dum & *dee personas, so that the evaluation of the
> headers could avoid your personal 'filtration'.
>
> It is much better to look at the actual headers than your sketchy
> analysis of one part of them.


Nevermind. Presumably this is all about the behavior of the alt.coffee
personas Zolt (Dave) and Robert Harmon (Tex).

Generally, but not always, they both post from GG which stamps the
connectivity IP in the NPH.

Harmon generally posts from an EL IP which is now connected via comcast
since there was some kind of shuffle in the Houston area which changed EL
connectivity from the typical TW to comcast.

If an EL user accesses via the EL provided newsserver, it is outsourced
to giganews, and giganews also stamps an NPH IP stamp in the headers.

Zolt Dave generally accesses from a socal RR IP address.

I haven't analyzed very much of their activity in a.c, but it does appear
that there is some apparent 'identity' of the Harmon IP address in an
EL/giganews post using a From dave <at> hitechespresso.com

That From would seem to correspond to the Robert Harmon antagonist David
(Zolt) Blane who registered the domainname at godaddy.

The way people 'mess with' IP addresses in GG postings is to access the
GG interface via a proxy; naturally any newsserver including giganews is
accessible in that way.

But when you have a long history of posting which reflects an ongoing
condition of the IP address of two regulars, the likelihood is that the
IP reflects their normal 'real' connectivity.

A typical Dave/Zolt IP is like 76.170.98.140 a socal.res.rr.com
A typical R.Harmon/Tex IP is like 64.91.200.218 - which doesn't rDNS, but
belongs to EL but achieves its connetivity via tx.houston.comcast.net
right up to the last hop.

There is at least one post in a.c in which those personas/IPs seem to
'merge'.

--
Mike Easter

 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      07-20-2009
Mike Easter wrote:

> I haven't analyzed very much of their activity in a.c, but it does
> appear that there is some apparent 'identity' of the Harmon IP address
> in an EL/giganews post using a From dave <at> hitechespresso.com


> There is at least one post in a.c in which those personas/IPs seem to
> 'merge'.


That is, the simplest explanation without requiring any 'dexterity' would
be for Robert Harmon to configure his XNews newsreader with a From dave
<at> hitechespresso.com and access via the EL/giganews newsserver.

There is a similarly configured item in alt.test - headers edited below,
bangs separated for wrapping and some Xlines removed.

Path: g2news2.google.com! news1.google.com!
border1.nntp.dca.giganews.com!border2.nntp.dca.gig anews.com!
nntp.giganews.com! backlog2.nntp.dca.giganews.com! nntp.earthlink.com!
news.earthlink.com.POSTED! not-for-mail
NNTP-Posting-Date: Wed, 15 Jul 2009 21:50:55 -0500
Newsgroups: alt.test
Subject: test
From: Zolt < mungeing dave <at> hitechespresso. com >
Message-ID: <Xns9C49DE49A25FAZoltan@216.168.3.70>
User-Agent: Xnews/5.04.25
Date: Wed, 15 Jul 2009 21:50:55 -0500

www.hitechespresso.com

Robert seems to be alleging that someone else modified his XNews From,
and disavowing that he forged Dave's email address.


--
Mike Easter

 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      07-20-2009
Mike Easter wrote:

> There is a similarly configured item in alt.test - headers edited

below,
> bangs separated for wrapping and some Xlines removed.


> From: Zolt < mungeing dave <at> hitechespresso. com >
> Message-ID: <Xns9C49DE49A25FAZoltan@216.168.3.70>
> User-Agent: Xnews/5.04.25


Oops. In my header editing, I accidentally edited the NPH which is
important in this case.

NNTP-Posting-Host: 64.91.200.218

I don't know very much about configuring XNews. I think it lets you
manipulate its 'idtoken'. In this case the 2nd half of the MID is the IP
of the EL/giganews server and the Zoltan is akin to the Zolt From.


--
Mike Easter

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments