help interpreting headers

Discussion in 'Computer Support' started by softnfurry, Mar 4, 2010.

  1. softnfurry

    softnfurry Guest

    Could someone who knows about headers please look at mine and interpret
    what it all means please...
    TIA
    softnfurry, Mar 4, 2010
    #1
    1. Advertising

  2. softnfurry

    Anyolmouse Guest

    "softnfurry" <> wrote in message
    news:hmmun4$b5m$-september.org...
    > Could someone who knows about headers please look at mine and

    interpret
    > what it all means please...
    > TIA


    Here is a "do it yourself page"
    http://www.cynthiaarmistead.com/headers/usenetheaders.shtml

    Also, you should not munge your address with anything that can be used.
    At least use .invalid instead of .com

    --
    We have met the enemy and he is us-- Pogo

    Anyolmouse
    Anyolmouse, Mar 4, 2010
    #2
    1. Advertising

  3. softnfurry

    Guest

    On Thu, 4 Mar 2010 00:26:12 +0000 (UTC), softnfurry
    <> wrote:

    >Could someone who knows about headers please look at mine and interpret
    >what it all means please...
    >TIA


    Read here:

    http://preview.tinyurl.com/ygwwfuv
    , Mar 4, 2010
    #3
  4. softnfurry

    VanguardLH Guest

    softnfurry wrote:

    > Could someone who knows about headers please look at mine and interpret
    > what it all means please...


    What headers? From your newsgroup post? From an e-mail that you chose not
    to exhibit here? For your garage door? WHAT?

    Would you like pointers to the headers define by RFC for Internet messages
    and NNTP? They can be quite stale and difficult for noobs to interpret.

    Rather then ask about all headers (which are many but not all may be
    present), do you have a question about a header in particular? I doubt
    you'll get anyone that will waste their time reciting an encyclopedia to you
    about Internet and NNTP headers.


    --- Posting Hints ---

    ALWAYS REVIEW your message before submitting it. You want someone OTHER
    than yourself to understand your post. Also remember that no one here is
    looking over your shoulder to see at what you are pointing. If you don't
    well explain your situation by providing the details that you already know,
    don't expect others to know what is your situation. Explain YOUR computing
    environment and just what actions you take to reproduce the problem.

    Often you get just one chance per potential respondent to elicit a reply
    from them. If they skip your post because you gave them nothing to go on
    (no details, no versions, no OS, no context) then they will usually move on
    to the next post and never return to yours.

    What is Usenet:
    http://en.wikipedia.org/wiki/Usenet
    http://en.wikipedia.org/wiki/Newsgroups
    http://www.masonicinfo.com/newsgroups.htm
    http://www.mcfedries.com/Ramblings/usenet-primer.asp

    How to post to newsgroups:
    http://66.39.69.143/goodpost.htm
    http://support.microsoft.com/kb/555375
    http://users.tpg.com.au/bzyhjr/liszt.html
    http://www.mugsy.org/asa_faq/getting_along/usenet.shtml

    Regarding error or status messages:
    - Do NOT omit the message.
    - Do NOT describe the message.
    - Do NOT summarize the message.
    - Do NOT paraphrase the message.
    - Do NOT truncate the message.
    - Do show the ENTIRE message (but munge or star out personal info,
    like your username in an e-mail address but not the domain).
    - DETAIL the steps to reproduce the error or problem.
    VanguardLH, Mar 4, 2010
    #4
  5. softnfurry

    softnfurry Guest

    On Wed, 03 Mar 2010 18:37:52 -0600, Anyolmouse wrote:

    > "softnfurry" <> wrote in message
    > news:hmmun4$b5m$-september.org...
    >> Could someone who knows about headers please look at mine and

    > interpret
    >> what it all means please...
    >> TIA

    >
    > Here is a "do it yourself page"
    > http://www.cynthiaarmistead.com/headers/usenetheaders.shtml
    >
    > Also, you should not munge your address with anything that can be used.
    > At least use .invalid instead of .com


    Ok, fixed that.
    I have read the linked page, but I suppose what I am really asking is how
    people figure out where you posted from, is it as simple as tracing the
    named IP?
    softnfurry, Mar 4, 2010
    #5
  6. softnfurry wrote:

    > Could someone who knows about headers please look at mine and interpret
    > what it all means please...
    > TIA


    > From: softnfurry <>


    You are using a domain name owned by a person in Utah. Spambots will
    collect it and generate spam to his email server. That's not nice.

    Change it to The word 'example' is reserved for the
    purpose.

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
    Beauregard T. Shagnasty, Mar 4, 2010
    #6
  7. softnfurry

    Mike Easter Guest

    softnfurry wrote:

    > I have read the linked page, but I suppose what I am really asking is how
    > people figure out where you posted from, is it as simple as tracing the
    > named IP?


    Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
    with your connecting IP.

    In order for someone to derive something about your meatspace persona
    from your header information, they would have to gain information from
    your news provider about your account, which would lead to an email
    address that you registered the account with.

    Since e-s isn't a pay provider, they don't get any information about
    anything such as a CC creditcard account number there.

    e-s also maintains logs, so your connectivity IP could be derived from
    that information, which generally either requires a subpoena or someone
    otherwise on the inside at e-s.

    From your connectivity IP, one is generally getting closer to something
    that has transactional financial information, such as your ISP and then
    to your home address, credit cards and credit rating, social security
    number, mortgages, arrest history, drivers license info, and so forth.

    Are you worried about something?

    The other kind of sleuthing is 'softer', based on your posting history
    and its 'handwriting' and other identity sleuthing tricks.


    --
    Mike Easter
    Mike Easter, Mar 4, 2010
    #7
  8. softnfurry

    VanguardLH Guest

    Mike Easter wrote:

    > softnfurry wrote:
    >
    >> I have read the linked page, but I suppose what I am really asking is how
    >> people figure out where you posted from, is it as simple as tracing the
    >> named IP?

    >
    > Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
    > with your connecting IP.
    >
    > In order for someone to derive something about your meatspace persona
    > from your header information, they would have to gain information from
    > your news provider about your account, which would lead to an email
    > address that you registered the account with.
    >
    > Since e-s isn't a pay provider, they don't get any information about
    > anything such as a CC creditcard account number there.
    >
    > e-s also maintains logs, so your connectivity IP could be derived from
    > that information, which generally either requires a subpoena or someone
    > otherwise on the inside at e-s.
    >
    > From your connectivity IP, one is generally getting closer to something
    > that has transactional financial information, such as your ISP and then
    > to your home address, credit cards and credit rating, social security
    > number, mortgages, arrest history, drivers license info, and so forth.
    >
    > Are you worried about something?
    >
    > The other kind of sleuthing is 'softer', based on your posting history
    > and its 'handwriting' and other identity sleuthing tricks.


    E-S now inserts the following header:

    Injection-Info: news.motzarella.org; posting-host="zXcU9IAQqfnVvPJTzFoBhA";

    This doesn't let users identify the user regarding their IP address or their
    ISP but, I believe, it remain static to the account used from E-S. So while
    you cannot filter on the missing NNTP-Posting-Host header, you can filter on
    the info in the Injection-Info header.

    It's been awhile time since I left E-S. They weren't inserting this header
    at that time. I don't know when they introduced this header to identify the
    poster (which is by their account through E-S). E-S would know who is the
    poster (but only by their account since they are free). If I interpret the
    Injection-Info header correctly, users can kill file based on the
    posting-host value. Of course, that poster could open another E-S account
    or go to another freebie NNTP provider to avoid kill filters.
    VanguardLH, Mar 4, 2010
    #8
  9. softnfurry

    Mike Easter Guest

    VanguardLH wrote:
    > Mike Easter wrote:


    >> Your newsserver e-s eternalseptember doesn't stamp a NPH nntppostinghost
    >> with your connecting IP.


    >> e-s also maintains logs,


    > E-S now inserts the following header:
    >
    > Injection-Info: news.motzarella.org; posting-host="zXcU9IAQqfnVvPJTzFoBhA";
    >
    > This doesn't let users identify the user regarding their IP address or their
    > ISP but, I believe, it remain static to the account used from E-S.


    Yes. I believe the function of that injection info, ie posting host and
    posting account hash is to make it easier for e-s to be able to 'deal
    with' a problem account without even having to use their logs.

    They can derive the posting account and the posting account's IP and
    squash a bad poster (including the consideration of the account's IP)
    'trivially'.

    Naturally the determined abuser can make a new account and can 'go
    around' the IP issue; but my 'guess' is that it makes e-s abuse
    management easier. Having to use the logs would be a PITA.

    > If I interpret the
    > Injection-Info header correctly, users can kill file based on the
    > posting-host value. Of course, that poster could open another E-S account
    > or go to another freebie NNTP provider to avoid kill filters.


    I think the injection info is more useful to e-s than the kf/er; but it
    is useful to both. Only a small percentage of kf/ers are going to be
    using header information which isn't in the overview.


    --
    Mike Easter
    Mike Easter, Mar 4, 2010
    #9
  10. softnfurry

    richard Guest

    On Thu, 4 Mar 2010 00:51:42 +0000 (UTC), softnfurry wrote:

    > On Wed, 03 Mar 2010 18:37:52 -0600, Anyolmouse wrote:
    >
    >> "softnfurry" <> wrote in message
    >> news:hmmun4$b5m$-september.org...
    >>> Could someone who knows about headers please look at mine and

    >> interpret
    >>> what it all means please...
    >>> TIA

    >>
    >> Here is a "do it yourself page"
    >> http://www.cynthiaarmistead.com/headers/usenetheaders.shtml
    >>
    >> Also, you should not munge your address with anything that can be used.
    >> At least use .invalid instead of .com

    >
    > Ok, fixed that.
    > I have read the linked page, but I suppose what I am really asking is how
    > people figure out where you posted from, is it as simple as tracing the
    > named IP?


    Many servers don't post IP's any more.
    As for which service you use, there are three ways.
    Look for "Path". Your server is the last on the list.
    Look for "Abuse@".
    Look for "Message ID".

    Path:
    news7.newsguy.com!extra.newsguy.com!npeersf02.iad.highwinds-media.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news.glorb.com!news2.glorb.com!feeder.erje.net!feeder.eternal-september.org!eternal-september.org!.POSTED!not-for-mail

    Path shows the routing the message took to get from you to me.

    Message-ID: <hmn06u$b5m$-september.org>
    This is the "serial number" of the post.

    Your particular headers do not show "Abuse@" or a contact.

    As for the email addy, try avoiding a working "TLD" such as ".com".
    would work.
    richard, Mar 4, 2010
    #10
  11. softnfurry

    softnfurry Guest

    "§nühw¤£f" <> wrote in message
    news:Xns9D315A0C37BD5snuhwolfyahoocom@216.196.97.142...
    > softnfurry <> clouded the waters of pure thought
    > with news:hmmun4$b5m$-september.org:
    >
    >> Path:
    >> border1.nntp.dca.giganews.com!nntp.giganews.com!npeer01.iad.highwin
    >> ds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!n
    >> ntp.club.cc.cmu.edu!feeder.erje.net!feeder.eternal-september

    >
    > That gives me some idea of where you might be.
    > Read the path to see the last nntp swerver before Eternal
    > September...erje.net...so I'd guess that you're in the netherlands.
    >
    > How'd I do?
    >
    > ^_^
    >
    > --
    > http://rudepundit.blogspot.com/
    > cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    > _____ ____ ____ __ /\_/\ __ _ ______ _____
    > / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    > _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    > /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
    >


    About 400k out, I'm in south west UK, well hidden away (today, anyway)
    softnfurry, Mar 4, 2010
    #11
  12. softnfurry

    Mike Easter Guest

    snuhwolf wrote:
    > softnfurry


    >> Path:
    >> border1.nntp.dca.giganews.com!nntp.giganews.com!npeer01.iad.highwin
    >> ds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!n
    >> ntp.club.cc.cmu.edu!feeder.erje.net!feeder.eternal-september


    This above is the path (reverse path) from snf/softnfurry to
    sw/snuhwolf; that is snf posts to e-s and then sw gets it off the giga
    newsserver. In between we see the transit of the erje feeder,
    Carnegie-Mellon, and highwinds.

    > That gives me some idea of where you might be.


    No. That shows how - the path - the snf message 'traveled' to get to
    you. That path is quite different from the path the same snf message
    traveled to get to me, my newsserver.

    > Read the path to see the last nntp swerver before Eternal
    > September...erje.net...


    erje was the *first* stamp after the message left snf's e-s. The path
    when unaltered by bogus preloading, shows the steps the message passed
    along starting from the 'far end' back to the beginning. In reverse.

    > so I'd guess that you're in the netherlands.


    You can't derive much from snf's headers. Yours on the other hand, tell
    quite a lot about your provider and your geolocation.


    --
    Mike Easter
    Mike Easter, Mar 5, 2010
    #12
  13. In message <>, Mike Easter wrote:
    > snuhwolf wrote:
    > > softnfurry

    >
    > >> Path:
    > >> border1.nntp.dca.giganews.com!nntp.giganews.com!npeer01.iad.highwin
    > >> ds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!n
    > >> ntp.club.cc.cmu.edu!feeder.erje.net!feeder.eternal-september

    >
    > This above is the path (reverse path) from snf/softnfurry to
    > sw/snuhwolf; that is snf posts to e-s and then sw gets it off the giga
    > newsserver. In between we see the transit of the erje feeder,
    > Carnegie-Mellon, and highwinds.
    >
    > > That gives me some idea of where you might be.

    >
    > No. That shows how - the path - the snf message 'traveled' to get to
    > you. That path is quite different from the path the same snf message
    > traveled to get to me, my newsserver.
    >
    > > Read the path to see the last nntp swerver before Eternal
    > > September...erje.net...

    >
    > erje was the *first* stamp after the message left snf's e-s. The path
    > when unaltered by bogus preloading, shows the steps the message passed
    > along starting from the 'far end' back to the beginning. In reverse.
    >

    I didnt assume he'd know how to do path preloading since he claimed he couldnt
    read headers much :)

    > > so I'd guess that you're in the netherlands.

    >
    > You can't derive much from snf's headers. Yours on the other hand, tell
    > quite a lot about your provider and your geolocation.
    >

    Thats *old* news ;)

    --
    http://www.care2.com/click-to-donate/wolves/
    Proof of Americas 3rd world status:
    http://www.ramusa.org/
    Cash for *who*?
    http://www.bartcop.com/list-the-facts.htm
    http://www.pavlovianobeisance.com/
    §ñühw¤£f, Mar 5, 2010
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Hoffmann

    Interpreting RGB Histograms

    Steve Hoffmann, Feb 10, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    1,334
    Steve Hoffmann
    Feb 10, 2004
  2. Replies:
    2
    Views:
    2,095
  3. Replies:
    1
    Views:
    523
    Jeff Richards
    Aug 25, 2006
  4. Ron Drake
    Replies:
    3
    Views:
    907
    Wayne McGlinn
    Feb 14, 2006
  5. ~BD~
    Replies:
    4
    Views:
    624
    ©Ari®
    May 21, 2009
Loading...

Share This Page