ip tracing in newsgroups

Discussion in 'Computer Security' started by ev0l, Mar 4, 2004.

  1. ev0l

    ev0l Guest

    i have noticed that i can see peoples ip addresses when they post. how can
    people proxy themselves or spoof their ip when posting?
    ev0l, Mar 4, 2004
    #1
    1. Advertising

  2. ev0l

    John Guest

    In article <C0K1c.376$BA.338@fed1read03>, says...
    > i have noticed that i can see peoples ip addresses when they post. how can
    > people proxy themselves or spoof their ip when posting?
    >
    >
    >

    You need to get a hardware router, with NAT (Network Address
    Translation).
    John, Mar 4, 2004
    #2
    1. Advertising

  3. ev0l

    ev0l Guest

    right! but what if you don't want anyone to see your gateways ip. say your
    bheind a router and posting, do you want som hacker scanning and trying to
    break into it?
    "John" <> wrote in message
    news:vSK1c.73236$A12.28238@edtnps84...
    > In article <C0K1c.376$BA.338@fed1read03>, says...
    > > i have noticed that i can see peoples ip addresses when they post. how

    can
    > > people proxy themselves or spoof their ip when posting?
    > >
    > >
    > >

    > You need to get a hardware router, with NAT (Network Address
    > Translation).
    ev0l, Mar 4, 2004
    #3
  4. ev0l

    Gladys Pump Guest

    On Thu, 04 Mar 2004 18:48:59 GMT, John <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >In article <C0K1c.376$BA.338@fed1read03>, says...
    >> i have noticed that i can see peoples ip addresses when they post. how can
    >> people proxy themselves or spoof their ip when posting?
    >>
    >>
    >>

    >You need to get a hardware router, with NAT (Network Address
    >Translation).


    I don't understand what NAT has to do with spoofing an IP address in
    newsgroup postings, sorry.

    AFAIK, NAT just translates 'private' IP address ranges into an IP address
    that is 'valid' on the Internet, and vice versa. It can also perform routing
    and filtering depending on what OS you have running, and what applications
    are controlling the NIC card. What it does not do is spoof your IP address,
    at least not in the context of the OP's question. Corrections welcome.

    Many people who frequent USENET, choose a 'News Provider' such as Giganews,
    or Easynews etc. These providers offer the ability to remove the originating
    IP address from posts made through their respective servers, as well as many
    other services not usually available through an ISP News account.

    Often, just using your ISP's News service will result in your IP address
    being carried through into the groups. Some people care about this, others
    aren't so bothered. The trade off is that it is free, or at least it's part
    of the 'package' you get with your ISP. Often though, posts take longer to
    show up, and the retention of messages is sometimes lower. This is not
    always the case though.

    Maybe someone else here can explain how to use proxies to spoof an IP
    address ? It's not something I use personally.

    Regs, Pete.


    Never anthropomorphize computers. They don't like it.
    Gladys Pump, Mar 4, 2004
    #4
  5. In article <C0K1c.376$BA.338@fed1read03>, says...
    > i have noticed that i can see peoples ip addresses when they post. how can
    > people proxy themselves or spoof their ip when posting?
    >
    >
    >



    use a proxy service such as www.cotse.net




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Mar 4, 2004
    #5
  6. ev0l

    John Guest

    In article <>,
    says...
    > On Thu, 04 Mar 2004 18:48:59 GMT, John <>, whilst in the
    > alt.computer.security newsfroup, articulated the following sentiments :
    >
    > >In article <C0K1c.376$BA.338@fed1read03>, says...
    > >> i have noticed that i can see peoples ip addresses when they post. how can
    > >> people proxy themselves or spoof their ip when posting?
    > >>
    > >>
    > >>

    > >You need to get a hardware router, with NAT (Network Address
    > >Translation).

    >
    > I don't understand what NAT has to do with spoofing an IP address in
    > newsgroup postings, sorry.
    >
    > AFAIK, NAT just translates 'private' IP address ranges into an IP address
    > that is 'valid' on the Internet, and vice versa. It can also perform routing
    > and filtering depending on what OS you have running, and what applications
    > are controlling the NIC card. What it does not do is spoof your IP address,
    > at least not in the context of the OP's question. Corrections welcome.
    >
    > Many people who frequent USENET, choose a 'News Provider' such as Giganews,
    > or Easynews etc. These providers offer the ability to remove the originating
    > IP address from posts made through their respective servers, as well as many
    > other services not usually available through an ISP News account.
    >
    > Often, just using your ISP's News service will result in your IP address
    > being carried through into the groups. Some people care about this, others
    > aren't so bothered. The trade off is that it is free, or at least it's part
    > of the 'package' you get with your ISP. Often though, posts take longer to
    > show up, and the retention of messages is sometimes lower. This is not
    > always the case though.
    >
    > Maybe someone else here can explain how to use proxies to spoof an IP
    > address ? It's not something I use personally.
    >
    > Regs, Pete.
    >
    >
    > Never anthropomorphize computers. They don't like it.
    >


    Well I thought the OP was asking how to prevent your IP address from
    showing up on the header to the messages that you post. I believe that
    NAT accomplishes that, at least the IP address showing under "posting
    host" in the detailed headers for my posts is *not* my IP address. I
    don't know what address it is, but it's not mine.

    So, my question is - can someone identify my machine from the
    information in the detailed header to my postings here - or not?
    John, Mar 4, 2004
    #6
  7. In article <b4M1c.131020$Hy3.93620@edtnps89>, says...
    > In article <>,
    > says...
    > > On Thu, 04 Mar 2004 18:48:59 GMT, John <>, whilst in the
    > > alt.computer.security newsfroup, articulated the following sentiments :
    > >
    > > >In article <C0K1c.376$BA.338@fed1read03>, says...
    > > >> i have noticed that i can see peoples ip addresses when they post. how can
    > > >> people proxy themselves or spoof their ip when posting?
    > > >>
    > > >>
    > > >>
    > > >You need to get a hardware router, with NAT (Network Address
    > > >Translation).

    > >
    > > I don't understand what NAT has to do with spoofing an IP address in
    > > newsgroup postings, sorry.
    > >
    > > AFAIK, NAT just translates 'private' IP address ranges into an IP address
    > > that is 'valid' on the Internet, and vice versa. It can also perform routing
    > > and filtering depending on what OS you have running, and what applications
    > > are controlling the NIC card. What it does not do is spoof your IP address,
    > > at least not in the context of the OP's question. Corrections welcome.
    > >
    > > Many people who frequent USENET, choose a 'News Provider' such as Giganews,
    > > or Easynews etc. These providers offer the ability to remove the originating
    > > IP address from posts made through their respective servers, as well as many
    > > other services not usually available through an ISP News account.
    > >
    > > Often, just using your ISP's News service will result in your IP address
    > > being carried through into the groups. Some people care about this, others
    > > aren't so bothered. The trade off is that it is free, or at least it's part
    > > of the 'package' you get with your ISP. Often though, posts take longer to
    > > show up, and the retention of messages is sometimes lower. This is not
    > > always the case though.
    > >
    > > Maybe someone else here can explain how to use proxies to spoof an IP
    > > address ? It's not something I use personally.
    > >
    > > Regs, Pete.
    > >
    > >
    > > Never anthropomorphize computers. They don't like it.
    > >

    >
    > Well I thought the OP was asking how to prevent your IP address from
    > showing up on the header to the messages that you post. I believe that
    > NAT accomplishes that, at least the IP address showing under "posting
    > host" in the detailed headers for my posts is *not* my IP address. I
    > don't know what address it is, but it's not mine.
    >
    > So, my question is - can someone identify my machine from the
    > information in the detailed header to my postings here - or not?
    >
    >



    you're using d199-126-251-13.abhsia.telus.net, or something on telus.net
    to post to usenet. evidently this usenet service masks the posters
    originating IP (as does supernews, cotse, etc.), therefore, you're using
    something like the thread author was looking for, a usenet service or
    proxy that masks the originating IP address when posting to usenet.

    nat, nat routers, etc. do mask your internal IP addresses from the
    world, but the nat router/gateway IP still gets tagged to all outgoing
    traffic from your internal lan. your provider, telus, knows your
    originating IP address.

    in the case of cotse, if you use cotse's nntp/news proxy to get to
    giganews, supernews, newsguy, etc. only cotse knows the IP you come
    from, not the news provider. if you use a proxy between you and cotse,
    then cotse only knows the previous proxy IP, not your originating IP.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Mar 4, 2004
    #7
  8. ev0l

    ev0l Guest

    Thanx Colonel and Gladys, that is what i was looking for. I guess most ISPs
    don't care about their users privacy.
    "Colonel Flagg" <> wrote in
    message news:...
    > In article <C0K1c.376$BA.338@fed1read03>, says...
    > > i have noticed that i can see peoples ip addresses when they post. how

    can
    > > people proxy themselves or spoof their ip when posting?
    > >
    > >
    > >

    >
    >
    > use a proxy service such as www.cotse.net
    >
    >
    >
    >
    > --
    > Colonel Flagg
    > http://www.internetwarzone.org/
    >
    > Privacy at a click:
    > http://www.cotse.net
    >
    > Q: How many Bill Gates does it take to change a lightbulb?
    > A: None, he just defines Darkness? as the new industry standard..."
    >
    > "...I see stupid people."
    ev0l, Mar 4, 2004
    #8
  9. "ev0l" <> wrote in message
    news:yaN1c.445$BA.356@fed1read03...
    > Thanx Colonel and Gladys, that is what i was looking for. I guess most

    ISPs
    > don't care about their users privacy.


    There are reasons.. a lot of people (like myself) both desire and /expect/
    privacy. OTOH, there's always that "other person, not me, rabid nutter"
    thing; by all means "buy" privacy, but don't expect it to last too long if a
    "big elephant" of a corporation or government comes a-knockin'..

    Like anything else, if someone /really/ wants to know, then she'll find out
    ("Tracker" almost certainly excepted ;o)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!

    > "Colonel Flagg" <> wrote in
    > message news:...
    > > In article <C0K1c.376$BA.338@fed1read03>, says...
    > > > i have noticed that i can see peoples ip addresses when they post. how

    > can
    > > > people proxy themselves or spoof their ip when posting?


    > > use a proxy service such as www.cotse.net
    Hairy One Kenobi, Mar 5, 2004
    #9
  10. ev0l

    Gladys Pump Guest

    On Thu, 04 Mar 2004 20:11:51 GMT, John <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >Well I thought the OP was asking how to prevent your IP address from
    >showing up on the header to the messages that you post.


    He was, yes. AFAIK, the only ways to accomplish this are to use a News
    provider such as Giganews (http://www.giganews.com), or Easynews, that will
    remove your originating IP address from posts, or use a proxy service like
    those found on http://www.cotse.net . Using 'nyms' (which AFAIK mean
    'anonymous relays') would also work, although one of those relays has to
    know your originating IP address. Corrections welcome.

    >I believe that NAT accomplishes that, at least the IP address showing under "posting
    >host" in the detailed headers for my posts is *not* my IP address. I
    >don't know what address it is, but it's not mine.


    The IP address I see on your post resolves to Telus Comms.

    >So, my question is - can someone identify my machine from the
    >information in the detailed header to my postings here - or not?


    As the Colonel mentioned John, NAT does mask your LAN machines, but in the
    case of all other Internet devices, all they see is your router's IP
    address. That is the IP address that gets stamped onto everything you send
    out onto the Internet. AFAIK, LAN IP addresses (192.168.1.xxx for example)
    are not routable on the Internet.

    Are you looking in your 'sent items' or 'outbox' and checking the headers
    there ? If so, your machine's LAN IP address might appear there, yes. But
    that address cannot exist on the Internet. All web/mail/news/whatever
    services that you are connected to, only care about your router's IP
    address. That is all they see. NAT just automagically translates that into a
    private IP address that can exist on your LAN, and routes it to the correct
    machine.

    I see you are using MicroPlanet Gravity v2.50. Your newsreader may stamp the
    LAN IP address on all your posts, but only you see that. I'm quite sure that
    my newsreader doesn't show this, at least I can't get it to. But I'm very
    sure that all posts from this machine carry this machine's LAN IP address as
    far as my router, where said IP address gets replaced by the router's IP
    address (the one assigned by DHCP by my ISP) so that the post can wing it's
    way to Giganews.com, eventually.

    Unless the News service you are subscribed to provides the 'feature' of
    removing an originating IP (the router's IP, not a machine on your LAN), as
    is the case with Giganews for example, then your IP address will follow
    through into all postings.

    To finally answer your question, yes, someone could identify your machine
    from the information provided in your post's header, if it has a valid IP
    address stamped on it. Of course, your News provider will most likely know
    who you are all the time, and whilst they may not monitor you, they have the
    means to identify you. And me ! :)

    HTH.

    Regs, Pete.


    Never anthropomorphize computers. They don't like it.
    Gladys Pump, Mar 5, 2004
    #10
  11. ev0l

    *Vanguard* Guest

    "Gladys Pump" said in news::
    <snip>
    > Many people who frequent USENET, choose a 'News Provider' such as
    > Giganews, or Easynews etc. These providers offer the ability to
    > remove the originating IP address from posts made through their
    > respective servers, as well as many other services not usually
    > available through an ISP News account.

    <snip>

    Well, I'm using Giganews (as contracted by my ISP which is Comcast). My
    IP address is certainly getting put into the headers. When looking at
    another of my posts here, I saw:

    NNTP-Posting-Host: 66.41.115.120

    Running "nslookup 66.41.115.120" returns
    c-66-41-115-120.mn.client2.attbi.com. Either is the IP name/address
    assigned by my ISP's DHCP server to my NAT router. So while my intranet
    host's IP address (assigned by the router's DHCP server) remains hidden,
    my router is definitely not hidden in the post which also means my
    "network" (as a customer of Comcast) is also not hidden. So Giganews is
    NOT removing my IP address from their headers when using them to post
    messages in a newsgroup.

    You say, "These providers offer the ability to remove the originating
    IP address." So is there some option I'm supposed to enable under my
    Giganews account to eliminate my IP address (for my router) in getting
    included in the headers? Giganews contracts out to ISPs their newsgroup
    service, so maybe for those accounts with Giganews the users don't get
    such an option; i.e., maybe you have to subscribe directly with Giganews
    to then have an option to remove your IP address. Maybe users of their
    ISP's news server which is really contracted from Giganews don't get the
    same setup or options as direct Giganews customers.
    *Vanguard*, Mar 6, 2004
    #11
  12. In article <>, no-email@no-
    spam.invalid says...

    >
    > You say, "These providers offer the ability to remove the originating
    > IP address." So is there some option I'm supposed to enable under my
    > Giganews account to eliminate my IP address (for my router) in getting
    > included in the headers? Giganews contracts out to ISPs their newsgroup
    > service, so maybe for those accounts with Giganews the users don't get
    > such an option; i.e., maybe you have to subscribe directly with Giganews
    > to then have an option to remove your IP address. Maybe users of their
    > ISP's news server which is really contracted from Giganews don't get the
    > same setup or options as direct Giganews customers.
    >
    >



    Could be. I know supernews masks/removes the originating IP address.
    which, supernews also filters the hell out of usenet, so i guess it's a
    give/take situation....




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Mar 6, 2004
    #12
  13. ev0l

    Gladys Pump Guest

    On Fri, 5 Mar 2004 19:06:23 -0600, "*Vanguard*" <>,
    whilst in the alt.computer.security newsfroup, articulated the following
    sentiments :


    >Well, I'm using Giganews (as contracted by my ISP which is Comcast). My
    >IP address is certainly getting put into the headers. When looking at
    >another of my posts here, I saw:
    >
    >NNTP-Posting-Host: 66.41.115.120
    >
    >Running "nslookup 66.41.115.120" returns
    >c-66-41-115-120.mn.client2.attbi.com. Either is the IP name/address
    >assigned by my ISP's DHCP server to my NAT router. So while my intranet
    >host's IP address (assigned by the router's DHCP server) remains hidden,
    >my router is definitely not hidden in the post which also means my
    >"network" (as a customer of Comcast) is also not hidden. So Giganews is
    >NOT removing my IP address from their headers when using them to post
    >messages in a newsgroup.
    >
    >You say, "These providers offer the ability to remove the originating
    >IP address." So is there some option I'm supposed to enable under my
    >Giganews account to eliminate my IP address (for my router) in getting
    >included in the headers? Giganews contracts out to ISPs their newsgroup
    >service, so maybe for those accounts with Giganews the users don't get
    >such an option; i.e., maybe you have to subscribe directly with Giganews
    >to then have an option to remove your IP address. Maybe users of their
    >ISP's news server which is really contracted from Giganews don't get the
    >same setup or options as direct Giganews customers.


    I think you've hit the nail on the head there with that last sentence. Look
    at my headers, I'm sure an IP address is not present in them. I am
    subscribing directly to Giganews.

    To be honest, I've not looked at their site for some time now, as their
    service is very good, so I almost 'forget it's there'. :)

    Regs, Pete.
    Gladys Pump, Mar 6, 2004
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rc@die@you@!spammers.sandworm.demon.co.uk

    Tracing a route question

    rc@die@you@!spammers.sandworm.demon.co.uk, Nov 7, 2004, in forum: Cisco
    Replies:
    5
    Views:
    442
  2. dexx

    tracing a mac address?

    dexx, May 25, 2005, in forum: Cisco
    Replies:
    6
    Views:
    32,219
    H.U.A. Koers
    May 26, 2005
  3. GeeBee

    windows XP boot tracing

    GeeBee, Nov 9, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    518
    GeeBee
    Nov 9, 2003
  4. rifleman

    tracing Swen emails?

    rifleman, Nov 17, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    378
    ┬░Mike┬░
    Nov 17, 2003
  5. Tracing An Email Address

    , Dec 26, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    593
Loading...

Share This Page