Is this possible?

Discussion in 'Computer Support' started by alan, Jul 20, 2009.

  1. alan

    alan Guest

    On a newsgroup other than this one, in which two posters (we'll call them
    tweedledee and tweedledum) are constantly at each other's throats, two posts
    appeared yesterday which showed email addresses belonging to tweedle*dee*.
    The IP address belonged to tweedle*dum* and, oddly enough, the posts were
    signed by tweedle*dum*.

    This was followed a few minutes later by a post from tweedle*dum* announcing
    that he had not made those posts, explaining that "someone hacked my
    newsreader" . . .

    I'd say that, due to the fact that the IP address belonged to tweedledum, he
    HAD to have been the one that made the posts with tweedledee's email
    address, right?

    I mean, although I'm sure it's possible to use someone else's newsreader,
    that's not going to force the system to incorrectly report the originating
    IP address, is it?

    It's my thought that tweedledum realized his stupid error of having signed
    "tweedledum" to a post he was trying to make appear had come from
    tweedledee,
    panicked, and came up with the even dumber idea of claiming a "hacked
    newsreader".

    In short, it's not possible to forge someone else's IP address, is it?
     
    alan, Jul 20, 2009
    #1
    1. Advertising

  2. alan

    John Holmes Guest

    alan "contributed" in 24hoursupport.helpdesk:

    > On a newsgroup other than this one, in which two posters (we'll call
    > them tweedledee and tweedledum) are constantly at each other's
    > throats, two posts appeared yesterday which showed email addresses
    > belonging to tweedle*dee*. The IP address belonged to tweedle*dum*
    > and, oddly enough, the posts were signed by tweedle*dum*.
    >
    > This was followed a few minutes later by a post from tweedle*dum*
    > announcing that he had not made those posts, explaining that "someone
    > hacked my newsreader" . . .
    >
    > I'd say that, due to the fact that the IP address belonged to
    > tweedledum, he HAD to have been the one that made the posts with
    > tweedledee's email address, right?
    >
    > I mean, although I'm sure it's possible to use someone else's
    > newsreader, that's not going to force the system to incorrectly report
    > the originating IP address, is it?
    >
    > It's my thought that tweedledum realized his stupid error of having
    > signed "tweedledum" to a post he was trying to make appear had come
    > from tweedledee,
    > panicked, and came up with the even dumber idea of claiming a "hacked
    > newsreader".
    >
    > In short, it's not possible to forge someone else's IP address, is it?
    >


    In my client, I can add any IP addy I'd like. What does the IP addy in my
    headers tell you?


    --
    <snip>
     
    John Holmes, Jul 20, 2009
    #2
    1. Advertising

  3. alan

    Mike Easter Guest

    alan wrote:
    > On a newsgroup other than this one,


    This would be more interesting to consider if you would simply name the
    group and the *dum & *dee personas, so that the evaluation of the headers
    could avoid your personal 'filtration'.

    It is much better to look at the actual headers than your sketchy
    analysis of one part of them.

    --
    Mike Easter
     
    Mike Easter, Jul 20, 2009
    #3
  4. alan

    Aardvark Guest

    On Mon, 20 Jul 2009 14:15:50 -0700, richard wrote:

    > From what I understand, it sounds like both are actually the same person
    > and the idiot forgot which service he was using at the time. It is
    > highly unlikely that two people using two different machines on the same
    > service will ever have the same IP.


    What about the 300 people who you said could do 'IP sharing'? Or do you
    mean that an IP can't be shared by only 2 hosts, it has to be 300?

    I'm confused, please explain.
     
    Aardvark, Jul 20, 2009
    #4
  5. alan

    Evan Platt Guest

    On Mon, 20 Jul 2009 15:04:48 -0700, richard <>
    wrote:

    >I drop out of threads when I see no point in arguing the issue.


    Translation: When you know you're wrong, and cannot prove your point.

    >Even more so when the discussion is far removed from the original
    >topic.


    Uhhh.. but this topic is about forging NNTP-Posting-Hosts, And my
    point was it can be done. You said it can't.

    >I will not reply to your reply to this.


    Because you know you're wrong.

    >So you lose, again.


    LOL... Only in your mind, St00pid. Everyone here knows you're wrong,
    and that you're st00pid. Except you.

    You have yet to actually win an argument.
    --
    To reply via e-mail, remove The Obvious from my e-mail address.
     
    Evan Platt, Jul 20, 2009
    #5
  6. alan

    Evan Platt Guest

    On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark <>
    wrote:

    >What about the 300 people who you said could do 'IP sharing'? Or do you
    >mean that an IP can't be shared by only 2 hosts, it has to be 300?
    >
    >I'm confused, please explain.


    He won't. He can't. Because he's wrong.

    As much as I normally am a people person and would never wish bad
    things on anyone, he's one of the few that I'd love to see become just
    sick enough that they're unable to use their computer.

    Well - I mean he can barely use his computer now. You know what I
    mean.
    --
    To reply via e-mail, remove The Obvious from my e-mail address.
     
    Evan Platt, Jul 20, 2009
    #6
  7. alan

    John Holmes Guest

    Evan Platt "contributed" in 24hoursupport.helpdesk:

    > On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark <>
    > wrote:
    >
    >>What about the 300 people who you said could do 'IP sharing'? Or do you
    >>mean that an IP can't be shared by only 2 hosts, it has to be 300?
    >>
    >>I'm confused, please explain.

    >
    > He won't. He can't. Because he's wrong.
    >
    > As much as I normally am a people person and would never wish bad
    > things on anyone, he's one of the few that I'd love to see become just
    > sick enough that they're unable to use their computer.
    >
    > Well - I mean he can barely use his computer now. You know what I
    > mean.


    Hence your reply, you're the only sick one here, Evan.

    --
    <snip>
     
    John Holmes, Jul 20, 2009
    #7
  8. alan

    Mike Easter Guest

    Mike Easter wrote:
    > alan wrote:
    >> On a newsgroup other than this one,

    >
    > This would be more interesting to consider if you would simply name the
    > group and the *dum & *dee personas, so that the evaluation of the
    > headers could avoid your personal 'filtration'.
    >
    > It is much better to look at the actual headers than your sketchy
    > analysis of one part of them.


    Nevermind. Presumably this is all about the behavior of the alt.coffee
    personas Zolt (Dave) and Robert Harmon (Tex).

    Generally, but not always, they both post from GG which stamps the
    connectivity IP in the NPH.

    Harmon generally posts from an EL IP which is now connected via comcast
    since there was some kind of shuffle in the Houston area which changed EL
    connectivity from the typical TW to comcast.

    If an EL user accesses via the EL provided newsserver, it is outsourced
    to giganews, and giganews also stamps an NPH IP stamp in the headers.

    Zolt Dave generally accesses from a socal RR IP address.

    I haven't analyzed very much of their activity in a.c, but it does appear
    that there is some apparent 'identity' of the Harmon IP address in an
    EL/giganews post using a From dave <at> hitechespresso.com

    That From would seem to correspond to the Robert Harmon antagonist David
    (Zolt) Blane who registered the domainname at godaddy.

    The way people 'mess with' IP addresses in GG postings is to access the
    GG interface via a proxy; naturally any newsserver including giganews is
    accessible in that way.

    But when you have a long history of posting which reflects an ongoing
    condition of the IP address of two regulars, the likelihood is that the
    IP reflects their normal 'real' connectivity.

    A typical Dave/Zolt IP is like 76.170.98.140 a socal.res.rr.com
    A typical R.Harmon/Tex IP is like 64.91.200.218 - which doesn't rDNS, but
    belongs to EL but achieves its connetivity via tx.houston.comcast.net
    right up to the last hop.

    There is at least one post in a.c in which those personas/IPs seem to
    'merge'.

    --
    Mike Easter
     
    Mike Easter, Jul 20, 2009
    #8
  9. alan

    Mike Easter Guest

    Mike Easter wrote:

    > I haven't analyzed very much of their activity in a.c, but it does
    > appear that there is some apparent 'identity' of the Harmon IP address
    > in an EL/giganews post using a From dave <at> hitechespresso.com


    > There is at least one post in a.c in which those personas/IPs seem to
    > 'merge'.


    That is, the simplest explanation without requiring any 'dexterity' would
    be for Robert Harmon to configure his XNews newsreader with a From dave
    <at> hitechespresso.com and access via the EL/giganews newsserver.

    There is a similarly configured item in alt.test - headers edited below,
    bangs separated for wrapping and some Xlines removed.

    Path: g2news2.google.com! news1.google.com!
    border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!
    nntp.giganews.com! backlog2.nntp.dca.giganews.com! nntp.earthlink.com!
    news.earthlink.com.POSTED! not-for-mail
    NNTP-Posting-Date: Wed, 15 Jul 2009 21:50:55 -0500
    Newsgroups: alt.test
    Subject: test
    From: Zolt < mungeing dave <at> hitechespresso. com >
    Message-ID: <Xns9C49DE49A25FAZoltan@216.168.3.70>
    User-Agent: Xnews/5.04.25
    Date: Wed, 15 Jul 2009 21:50:55 -0500

    www.hitechespresso.com

    Robert seems to be alleging that someone else modified his XNews From,
    and disavowing that he forged Dave's email address.


    --
    Mike Easter
     
    Mike Easter, Jul 20, 2009
    #9
  10. alan

    Mike Easter Guest

    Mike Easter wrote:

    > There is a similarly configured item in alt.test - headers edited

    below,
    > bangs separated for wrapping and some Xlines removed.


    > From: Zolt < mungeing dave <at> hitechespresso. com >
    > Message-ID: <Xns9C49DE49A25FAZoltan@216.168.3.70>
    > User-Agent: Xnews/5.04.25


    Oops. In my header editing, I accidentally edited the NPH which is
    important in this case.

    NNTP-Posting-Host: 64.91.200.218

    I don't know very much about configuring XNews. I think it lets you
    manipulate its 'idtoken'. In this case the 2nd half of the MID is the IP
    of the EL/giganews server and the Zoltan is akin to the Zolt From.


    --
    Mike Easter
     
    Mike Easter, Jul 21, 2009
    #10
  11. alan

    NormanM Guest

    On Mon, 20 Jul 2009 23:33:13 +0200 (CEST), John Holmes wrote:

    > In my client, I can add any IP addy I'd like. What does the IP addy in my
    > headers tell you?


    That you are running your own news server!

    --
    Norman
    ~Oh Lord, why have you come
    ~To Konnyu, with the Lion and the Drum
     
    NormanM, Jul 21, 2009
    #11
  12. alan

    NormanM Guest

    On Mon, 20 Jul 2009 13:21:54 -0700, alan wrote:

    > In short, it's not possible to forge someone else's IP address, is it?


    Probably. Especially if one runs one's own NNTP server.

    --
    Norman
    ~Oh Lord, why have you come
    ~To Konnyu, with the Lion and the Drum
     
    NormanM, Jul 21, 2009
    #12
  13. alan

    rd Guest

    "Rôgêr" <> wrote in message
    news:...
    > Evan Platt wrote:
    >> On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark <>
    >> wrote:
    >>
    >>> What about the 300 people who you said could do 'IP sharing'? Or do you
    >>> mean that an IP can't be shared by only 2 hosts, it has to be 300?
    >>>
    >>> I'm confused, please explain.

    >>
    >> He won't. He can't. Because he's wrong.
    >>
    >> As much as I normally am a people person and would never wish bad
    >> things on anyone, he's one of the few that I'd love to see become just
    >> sick enough that they're unable to use their computer.
    >>
    >> Well - I mean he can barely use his computer now. You know what I
    >> mean.

    >
    > Evan, do you really have nothing else to do? Does your whole life revolve
    > around posting follow ups to people you don't like on Usenet? I've been
    > resisting plonking you because I know your heart is pure, but you are
    > getting to be much more irksome than richard, chuck and all the rest
    > combined. PLEASE, get a life. Do something other than tell people how
    > stupid you think someone else is on every post.


    I have to agree.
     
    rd, Jul 21, 2009
    #13
  14. alan

    G. Morgan Guest

    Rôgêr wrote:

    >You know, talking to yourself is the first sign of
    >
    > I N
    > s a
    >I
    >
    > T
    > Y


    The worst part is the OP appears to be a drive-by. lol.. all that work for
    nuthin.
     
    G. Morgan, Jul 21, 2009
    #14
  15. alan

    Guest

    , Jul 21, 2009
    #15
  16. alan

    Guest

    wrote:

    > Evan Platt <> wrote:
    >
    >>Yes, it is possible. But in general, the provider wouldn't by default
    >>show an IP. So if someone had a NSP (News Service Provider) which
    >>allowed the forging of a IP address, the person generally wouldn't
    >>have a address showing.


    >>I just tried adding one, let's see if it shows


    I set it up as sender in Agent, someone new at headers might be fooled
    :)
    --

    Another 40th anniversary: WoodStock
    undercover lovers http://tinyurl.com/lmglgp
    or http://www.nydailynews.com/entertai...dstocks_undercover_lovers_.html#ixzz0Loo79kGk
     
    , Jul 21, 2009
    #16
  17. alan

    alan Guest

    "G. Morgan" <> wrote in message
    news:...
    > Rôgêr wrote:
    >
    >>You know, talking to yourself is the first sign of
    >>
    >> I N
    >> s a
    >>I
    >>
    >> T
    >> Y

    >
    > The worst part is the OP appears to be a drive-by. lol.. all that work
    > for
    > nuthin.


    A "drive-by"? Hardly. I've refrained from comment only because I have
    nothing substantial to offer and it seems that it's still far from clear
    whether or not someone (unless they had their own news server) could
    possibly forge an IP address, although it does seem likely that in the case
    I described that one of the parties just made a stupidly sloppy attempt at
    masquerading as his nemesis and offered the even stupider excuse that his
    news server had been "hacked". I do appreciate everyone's replies thus far
    .. . .
     
    alan, Jul 21, 2009
    #17
  18. rd <> pinched out a steaming pile
    of<h43865$20f$-september.org>:

    >
    >"Rôgêr" <> wrote in message
    >news:...
    >> Evan Platt wrote:
    >>> On Mon, 20 Jul 2009 22:05:29 GMT, Aardvark

    <>
    >>> wrote:
    >>>
    >>>> What about the 300 people who you said could do 'IP sharing'? Or

    do you
    >>>> mean that an IP can't be shared by only 2 hosts, it has to be 300?
    >>>>
    >>>> I'm confused, please explain.
    >>>
    >>> He won't. He can't. Because he's wrong.
    >>>
    >>> As much as I normally am a people person and would never wish bad
    >>> things on anyone, he's one of the few that I'd love to see become

    just
    >>> sick enough that they're unable to use their computer.
    >>>
    >>> Well - I mean he can barely use his computer now. You know what I
    >>> mean.

    >>
    >> Evan, do you really have nothing else to do? Does your whole life

    revolve
    >> around posting follow ups to people you don't like on Usenet? I've

    been
    >> resisting plonking you because I know your heart is pure, but you

    are
    >> getting to be much more irksome than richard, chuck and all the rest
    >> combined. PLEASE, get a life. Do something other than tell people

    how
    >> stupid you think someone else is on every post.

    >
    >I have to agree.
    >

    <blink>
    <blink>

    STOP FIGHTING!
    ALL OF YOU!!!!!11111!!!!!!

    <crys and runs off>



    --
    http://www.youtube.com/watch?v=COaoYqkpkUA
    cageprisoners.com|www.snuhwolf.9f.com|www.eyeonpalin.org
    _____ ____ ____ __ /\_/\ __ _ ______ _____
    / __/ |/ / / / / // // . . \\ \ |\ | / __ \ \ \ __\
    _\ \/ / /_/ / _ / \ / \ \| \| \ \_\ \ \__\ _\
    /___/_/|_/\____/_//_/ \_@_/ \__|\__|\____/\____\_\
     
    §ñühw¤£f, Jul 21, 2009
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QWxpIEQ=?=

    Possible domain related wireless problem

    =?Utf-8?B?QWxpIEQ=?=, Aug 10, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    556
    =?Utf-8?B?QWxpIEQ=?=
    Aug 10, 2004
  2. Michael Giroux

    Possible to connect 2 computers via USB?

    Michael Giroux, Sep 1, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    9,312
  3. YNOT

    Boosting wireless signal---Possible????

    YNOT, Nov 21, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    1,497
  4. Rob Davies

    Is this possible?

    Rob Davies, Dec 3, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    510
    Rob Davies
    Dec 16, 2004
  5. spodosaurus

    Is this possible (wireless networking bridge question)

    spodosaurus, Dec 20, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    691
    spodosaurus
    Dec 20, 2004
Loading...

Share This Page