|
Posted by on January 26, 2005, 1:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I recently came across a NG post that mentioned a friend of mine.
Because of the subject of the post I checked the IP number of the
posting. The IP number matches that of another individual I know but
who would not make such postings and also hardly is ever on their
computer. It is possible for one person to use another person's IP
address to post to a newsgroup? How can this be possible?
Any feedback would be appreciated with thanks.
|
|
Posted by Michael J. Pelletier on January 26, 2005, 5:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
manmar@h2009.com wrote:
> I recently came across a NG post that mentioned a friend of mine.
> Because of the subject of the post I checked the IP number of the
> posting. The IP number matches that of another individual I know but
> who would not make such postings and also hardly is ever on their
> computer. It is possible for one person to use another person's IP
> address to post to a newsgroup? How can this be possible?
> Any feedback would be appreciated with thanks.
Well, it depends. Does the other person have remote access to your friends
PC?
Also, if they are not on the same subnet, the other guy CAN NOT use his IP.
Remember IP 101. For this guy to forge your friends IP address, he must
have a route out and back for that IP address. If the other guy is not on
the same LAN, he does not have a route back....He can forge DOS type
attacks but can not forge a duplex communication. A duplex communication is
require to post to a news group.
So, what I am saying is this. If the other guy does not have remote access
capability and he is NOT on the same LAN that answer is no.
Michael
|
|
Posted by Walter Roberson on January 26, 2005, 9:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:Because of the subject of the post I checked the IP number of the
:posting. The IP number matches that of another individual I know but
:who would not make such postings and also hardly is ever on their
:computer. It is possible for one person to use another person's IP
:address to post to a newsgroup? How can this be possible?
Yes, it is possible.
The first thing to check would be whether the "innocent" person's computer
is being remotely controlled. Does it have a good firewall, and are all
the virus and trojan and spyware definitions up to date?
Beyond that... you would need to trace through the posting path.
You may find somewhere along the path a system that allows arbitrary
postings to be injected. If there is a system which does not
validate postings very well, then it is not difficult for someone to
forge a posting to have pretty much any headers.
--
Usenet is one of those "Good News/Bad News" comedy routines.
|
|
Posted by E. on January 27, 2005, 6:25 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I recently came across a NG post that mentioned a friend of mine.
> Because of the subject of the post I checked the IP number of the
> posting. The IP number matches that of another individual I know but
> who would not make such postings and also hardly is ever on their
> computer. It is possible for one person to use another person's IP
> address to post to a newsgroup? How can this be possible?
> Any feedback would be appreciated with thanks.
Does this other person have physical access to the machine?
E.
|
|
Posted by Walter Roberson on January 28, 2005, 5:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
|>That's a bit of a misconception. MTA's are not -required- to add the
|>IP address to headers of email messages, and there are literally tens
|>of thousands of them out there which do not. The Received-By: headers that
|>are commonly added are a convention, not a requirement,
|From RFC 2821 (http://www.faqs.org/rfcs/rfc2821.html
|3.8.2 Received lines in Gatewaying
| When forwarding a message into or out of the internet environment, a gateway
| MUST prepend a Received: line, but it MUST NOT alter in any way a Received:
| line that is already in the header.
|Hence any compliant internet facing MTA MUST add in received lines.
According to RFC822, the only non-optional field in the Received:
header is the date-time, so my first statement is completely true,
and my second statement is correct with respect to what is
"commonly added".
It's also not uncommon that systems throw away Received headers,
even if they are not supposed to.
--
"Mathematics? I speak it like a native." -- Spike Milligan
|
| Similar Threads | Posted | | Linux Sequence Number Generation | January 26, 2006, 9:59 am |
| Reading Pentium III serial number (PSN) | February 8, 2007, 7:11 pm |
| How to change the Serial Number of an OpenSSL certificate? | June 3, 2007, 5:29 pm |
| sequential number user name convention - security concern | July 23, 2008, 7:23 am |
| Is known IP-number filtering pretty much all that is needed for website security/vulnerability? | May 17, 2006, 3:55 pm |
| WEP question | August 18, 2004, 6:14 pm |
| * VPN and NAT Question | November 8, 2004, 6:42 pm |
| Log in question | July 22, 2005, 12:38 pm |
| Log in question | July 22, 2005, 12:38 pm |
| Log in question | July 22, 2005, 12:38 pm |
|
XML site map