Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > help interpreting headers

Reply
Thread Tools

help interpreting headers

 
 
softnfurry
Guest
Posts: n/a
 
      03-04-2010
Could someone who knows about headers please look at mine and interpret
what it all means please...
TIA
 
Reply With Quote
 
 
 
 
Anyolmouse
Guest
Posts: n/a
 
      03-04-2010

"softnfurry" <(E-Mail Removed)> wrote in message
news:hmmun4$b5m$(E-Mail Removed)-september.org...
> Could someone who knows about headers please look at mine and

interpret
> what it all means please...
> TIA


Here is a "do it yourself page"
http://www.cynthiaarmistead.com/head...theaders.shtml

Also, you should not munge your address with anything that can be used.
At least use .invalid instead of .com

--
We have met the enemy and he is us-- Pogo

Anyolmouse

 
Reply With Quote
 
 
 
 
sammy34@34th.place.com.net.org
Guest
Posts: n/a
 
      03-04-2010
On Thu, 4 Mar 2010 00:26:12 +0000 (UTC), softnfurry
<(E-Mail Removed)> wrote:

>Could someone who knows about headers please look at mine and interpret
>what it all means please...
>TIA


Read here:

http://preview.tinyurl.com/ygwwfuv
 
Reply With Quote
 
VanguardLH
Guest
Posts: n/a
 
      03-04-2010
softnfurry wrote:

> Could someone who knows about headers please look at mine and interpret
> what it all means please...


What headers? From your newsgroup post? From an e-mail that you chose not
to exhibit here? For your garage door? WHAT?

Would you like pointers to the headers define by RFC for Internet messages
and NNTP? They can be quite stale and difficult for noobs to interpret.

Rather then ask about all headers (which are many but not all may be
present), do you have a question about a header in particular? I doubt
you'll get anyone that will waste their time reciting an encyclopedia to you
about Internet and NNTP headers.


--- Posting Hints ---

ALWAYS REVIEW your message before submitting it. You want someone OTHER
than yourself to understand your post. Also remember that no one here is
looking over your shoulder to see at what you are pointing. If you don't
well explain your situation by providing the details that you already know,
don't expect others to know what is your situation. Explain YOUR computing
environment and just what actions you take to reproduce the problem.

Often you get just one chance per potential respondent to elicit a reply
from them. If they skip your post because you gave them nothing to go on
(no details, no versions, no OS, no context) then they will usually move on
to the next post and never return to yours.

What is Usenet:
http://en.wikipedia.org/wiki/Usenet
http://en.wikipedia.org/wiki/Newsgroups
http://www.masonicinfo.com/newsgroups.htm
http://www.mcfedries.com/Ramblings/usenet-primer.asp

How to post to newsgroups:
http://66.39.69.143/goodpost.htm
http://support.microsoft.com/kb/555375
http://users.tpg.com.au/bzyhjr/liszt.html
http://www.mugsy.org/asa_faq/getting_along/usenet.shtml

Regarding error or status messages:
- Do NOT omit the message.
- Do NOT describe the message.
- Do NOT summarize the message.
- Do NOT paraphrase the message.
- Do NOT truncate the message.
- Do show the ENTIRE message (but munge or star out personal info,
like your username in an e-mail address but not the domain).
- DETAIL the steps to reproduce the error or problem.
 
Reply With Quote
 
softnfurry
Guest
Posts: n/a
 
      03-04-2010
On Wed, 03 Mar 2010 18:37:52 -0600, Anyolmouse wrote:

> "softnfurry" <(E-Mail Removed)> wrote in message
> news:hmmun4$b5m$(E-Mail Removed)-september.org...
>> Could someone who knows about headers please look at mine and

> interpret
>> what it all means please...
>> TIA

>
> Here is a "do it yourself page"
> http://www.cynthiaarmistead.com/head...theaders.shtml
>
> Also, you should not munge your address with anything that can be used.
> At least use .invalid instead of .com


Ok, fixed that.
I have read the linked page, but I suppose what I am really asking is how
people figure out where you posted from, is it as simple as tracing the
named IP?
 
Reply With Quote
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      03-04-2010
softnfurry wrote:

> Could someone who knows about headers please look at mine and interpret
> what it all means please...
> TIA


> From: softnfurry <(E-Mail Removed)>


You are using a domain name owned by a person in Utah. Spambots will
collect it and generate spam to his email server. That's not nice.

Change it to http://www.velocityreviews.com/forums/(E-Mail Removed) The word 'example' is reserved for the
purpose.

--
-bts
-Four wheels carry the body; two wheels move the soul
 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      03-04-2010
softnfurry wrote:

> I have read the linked page, but I suppose what I am really asking is how
> people figure out where you posted from, is it as simple as tracing the
> named IP?


Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
with your connecting IP.

In order for someone to derive something about your meatspace persona
from your header information, they would have to gain information from
your news provider about your account, which would lead to an email
address that you registered the account with.

Since e-s isn't a pay provider, they don't get any information about
anything such as a CC creditcard account number there.

e-s also maintains logs, so your connectivity IP could be derived from
that information, which generally either requires a subpoena or someone
otherwise on the inside at e-s.

From your connectivity IP, one is generally getting closer to something
that has transactional financial information, such as your ISP and then
to your home address, credit cards and credit rating, social security
number, mortgages, arrest history, drivers license info, and so forth.

Are you worried about something?

The other kind of sleuthing is 'softer', based on your posting history
and its 'handwriting' and other identity sleuthing tricks.


--
Mike Easter
 
Reply With Quote
 
VanguardLH
Guest
Posts: n/a
 
      03-04-2010
Mike Easter wrote:

> softnfurry wrote:
>
>> I have read the linked page, but I suppose what I am really asking is how
>> people figure out where you posted from, is it as simple as tracing the
>> named IP?

>
> Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
> with your connecting IP.
>
> In order for someone to derive something about your meatspace persona
> from your header information, they would have to gain information from
> your news provider about your account, which would lead to an email
> address that you registered the account with.
>
> Since e-s isn't a pay provider, they don't get any information about
> anything such as a CC creditcard account number there.
>
> e-s also maintains logs, so your connectivity IP could be derived from
> that information, which generally either requires a subpoena or someone
> otherwise on the inside at e-s.
>
> From your connectivity IP, one is generally getting closer to something
> that has transactional financial information, such as your ISP and then
> to your home address, credit cards and credit rating, social security
> number, mortgages, arrest history, drivers license info, and so forth.
>
> Are you worried about something?
>
> The other kind of sleuthing is 'softer', based on your posting history
> and its 'handwriting' and other identity sleuthing tricks.


E-S now inserts the following header:

Injection-Info: news.motzarella.org; posting-host="zXcU9IAQqfnVvPJTzFoBhA";

This doesn't let users identify the user regarding their IP address or their
ISP but, I believe, it remain static to the account used from E-S. So while
you cannot filter on the missing NNTP-Posting-Host header, you can filter on
the info in the Injection-Info header.

It's been awhile time since I left E-S. They weren't inserting this header
at that time. I don't know when they introduced this header to identify the
poster (which is by their account through E-S). E-S would know who is the
poster (but only by their account since they are free). If I interpret the
Injection-Info header correctly, users can kill file based on the
posting-host value. Of course, that poster could open another E-S account
or go to another freebie NNTP provider to avoid kill filters.
 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      03-04-2010
VanguardLH wrote:
> Mike Easter wrote:


>> Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
>> with your connecting IP.


>> e-s also maintains logs,


> E-S now inserts the following header:
>
> Injection-Info: news.motzarella.org; posting-host="zXcU9IAQqfnVvPJTzFoBhA";
>
> This doesn't let users identify the user regarding their IP address or their
> ISP but, I believe, it remain static to the account used from E-S.


Yes. I believe the function of that injection info, ie posting host and
posting account hash is to make it easier for e-s to be able to 'deal
with' a problem account without even having to use their logs.

They can derive the posting account and the posting account's IP and
squash a bad poster (including the consideration of the account's IP)
'trivially'.

Naturally the determined abuser can make a new account and can 'go
around' the IP issue; but my 'guess' is that it makes e-s abuse
management easier. Having to use the logs would be a PITA.

> If I interpret the
> Injection-Info header correctly, users can kill file based on the
> posting-host value. Of course, that poster could open another E-S account
> or go to another freebie NNTP provider to avoid kill filters.


I think the injection info is more useful to e-s than the kf/er; but it
is useful to both. Only a small percentage of kf/ers are going to be
using header information which isn't in the overview.


--
Mike Easter
 
Reply With Quote
 
richard
Guest
Posts: n/a
 
      03-04-2010
On Thu, 4 Mar 2010 00:51:42 +0000 (UTC), softnfurry wrote:

> On Wed, 03 Mar 2010 18:37:52 -0600, Anyolmouse wrote:
>
>> "softnfurry" <(E-Mail Removed)> wrote in message
>> news:hmmun4$b5m$(E-Mail Removed)-september.org...
>>> Could someone who knows about headers please look at mine and

>> interpret
>>> what it all means please...
>>> TIA

>>
>> Here is a "do it yourself page"
>> http://www.cynthiaarmistead.com/head...theaders.shtml
>>
>> Also, you should not munge your address with anything that can be used.
>> At least use .invalid instead of .com

>
> Ok, fixed that.
> I have read the linked page, but I suppose what I am really asking is how
> people figure out where you posted from, is it as simple as tracing the
> named IP?


Many servers don't post IP's any more.
As for which service you use, there are three ways.
Look for "Path". Your server is the last on the list.
Look for "Abuse@".
Look for "Message ID".

Path:
news7.newsguy.com!extra.newsguy.com!npeersf02.iad. highwinds-media.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news.glorb.com!news2.glorb.com!feeder.er je.net!feeder.eternal-september.org!eternal-september.org!.POSTED!not-for-mail

Path shows the routing the message took to get from you to me.

Message-ID: <hmn06u$b5m$(E-Mail Removed)-september.org>
This is the "serial number" of the post.

Your particular headers do not show "Abuse@" or a contact.

As for the email addy, try avoiding a working "TLD" such as ".com".
(E-Mail Removed) would work.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with wsgiref.headers.Headers Phil Python 4 01-17-2010 04:47 PM
Help needed interpreting 'References' in message Headers ~BD~ Computer Security 4 05-21-2009 04:57 AM
Server cannot clear headers after HTTP headers have been sent Ian ASP .Net Security 2 03-20-2007 09:00 AM
? Need help interpreting this suspicious HTML code Alec S. HTML 5 09-11-2004 02:32 AM
Reading 'received' headers: Email Headers Parsing dont bother Python 0 03-03-2004 08:18 PM



Advertisments