Re: I would like to apologise.
- From: "J.J. O'Shea" <try.not.to@xxxxxxxxxxx>
- Date: Sun, 14 Jun 2009 10:12:06 -0400
On Sun, 14 Jun 2009 07:21:36 -0400, Caranx latus wrote
(in article <h12mga$9or$2@xxxxxxxx>):
Martin Andersen wrote:
[M]adman wrote:
*Hemidactylus* wrote:
<snip>
IP addresses can be are are /spoofed/Spoofing works in scenarios were no feedback is required. NNTP requires
a back and forward conversation over an established socket connection to
work. [M]adman making an ass of himself in yet another one of his fields
of inexpertise.
As far as I'm aware, there is no requirement that the
X-NNTP-Posting-Host IP address match the source IP address in the IP
packet header, and therefore no reason why the X-NNTP-Posting-Host IP
address cannot be spoofed. I'm always happy to be set straight if I'm
wrong.
You need to have your own news feed to set the NNTP-Posting-Host header, or
you need to be able to play with the headers downstream. I would say that
anyone capable of playing with the headers that way would also be able to do
a better job of forging the posts in the first place.
The simplest explanation for the NNTP Posting Host headers is that they were
assigned by the newsfeed used by the person posting. This means, simply, that
either Spintronic did it or someone else who uses blueyonder is forging the
posts. The admins at blueyonder will be able to easily discover who it was
that their system handed the IP 82.42.169.192 to.
I do find it interesting that the last post sent by Spintronic@xxxxxxxxxxx,
timestamped Wednesday, 10 June 2009 09:29:20 PDT, had the following headers:
Path:
news2.newsguy.com!extra.newsguy.com!num01.iad!npeer02.iad.highwinds-
media.com!news.highwinds-media.com!feed-me.highwinds-
media.com!postnews.google.com!news1.google.com!newsfeed.stanford.edu!darwin.ed
iacara.org!there.is.no.cabal
From: spintronic <spintronic@xxxxxxxxxxx>
Newsgroups: talk.origins
Subject: Re: You know what THAT means, right?
Date: Wed, 10 Jun 2009 09:29:20 -0700 (PDT)
Organization: http://groups.google.com
Lines: 39
Sender: news@xxxxxxxxxxxxxxxxxxx
Approved: robomod@xxxxxxxxxxxx
Message-ID:
<4a90d3dd-82d3-47a3-81d6-1a2c0032c558@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <madman-HbPXl.52962$qa.24153@xxxxxxxxxxxxxxxxxxxxxx>
Reply-To: no.body@xxxxxxxxxxx
<TtadnWaeJ-cbV7LXRVn_vwA@xxxxxxxxxxxx>
NNTP-Posting-Host: darwin
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: darwin.ediacara.org 1244689221 91581 128.100.83.246 (11 Jun 2009
03:00:21 GMT)
X-Complaints-To: usenet@xxxxxxxxxxxxxxxxxxx
NNTP-Posting-Date: Thu, 11 Jun 2009 03:00:21 +0000 (UTC)
X-NNTP-Posting-Host: 82.42.169.192
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: q2g2000vbr.googlegroups.com; posting-host=82.42.169.192;
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
Xref: news2.newsguy.com talk.origins:1079880
X-Received-Date: Thu, 11 Jun 2009 02:49:47 UTC (s02-b88)
A comparison with the headers from the post allegedly sent by YOO to start
this thread would be interesting. Here are those headers:
Path:
news3.newsguy.com!extra.newsguy.com!num01.iad!npeer01.iad.highwinds-
media.com!news.highwinds-media.com!feed-me.highwinds-
media.com!nx01.iad01.newshosting.com!newshosting.com!newsfeed.news2me.com!head
wall.stanford.edu!newsfeed.stanford.edu!darwin.ediacara.org!there.is.no.cabal
From: "Ye Old One." <ye.oldone@xxxxxxxxxxxxx>
Newsgroups: talk.origins
Subject: I would like to apologise.
Date: Fri, 12 Jun 2009 14:56:42 -0700 (PDT)
Organization: http://groups.google.com
Lines: 25
Sender: news@xxxxxxxxxxxxxxxxxxx
Approved: robomod@xxxxxxxxxxxx
Message-ID:
<a3a18b9b-ea2c-4205-a5d3-856ccca09fa4@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: darwin
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: darwin.ediacara.org 1244917744 83562 128.100.83.246 (13 Jun 2009
18:29:04 GMT)
X-Complaints-To: usenet@xxxxxxxxxxxxxxxxxxx
NNTP-Posting-Date: Sat, 13 Jun 2009 18:29:04 +0000 (UTC)
X-NNTP-Posting-Host: 82.42.169.192
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: x1g2000prh.googlegroups.com; posting-host=82.42.169.192;
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
Xref: news3.newsguy.com talk.origins:1082456
X-Received-Date: Sat, 13 Jun 2009 18:14:41 UTC (s02-b23)
A most intriguing similarity. Meanwhile, here are the headers from what
appears to be a post from the _real_ YOO:
Path:
news6.newsguy.com!extra.newsguy.com!num01.iad!npeer02.iad.highwinds-
media.com!news.highwinds-media.com!feed-me.highwinds-
media.com!nx01.iad01.newshosting.com!newshosting.com!newsfeed.news2me.com!head
wall.stanford.edu!newsfeed.stanford.edu!darwin.ediacara.org!there.is.no.cabal
From: Ye Old One <usenet@xxxxxxxxx>
Newsgroups: talk.origins
Subject: Re: Forgery reported.
Date: Sun, 14 Jun 2009 09:15:19 GMT
Organization: University of Ediacara
Lines: 34
Sender: news@xxxxxxxxxxxxxxxxxxx
Approved: robomod@xxxxxxxxxxxx
Message-ID: <1of9355ckloo77bgj782n1omnkp4qnovme@xxxxxxx>
References:
Reply-To: no.body@xxxxxxxxxxx
<a3a18b9b-ea2c-4205-a5d3-856ccca09fa4@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: darwin
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Trace: darwin.ediacara.org 1244971848 4016 128.100.83.246 (14 Jun 2009
09:30:48 GMT)
X-Complaints-To: usenet@xxxxxxxxxxxxxxxxxxx
NNTP-Posting-Date: Sun, 14 Jun 2009 09:30:48 +0000 (UTC)
X-Newsreader: Forte Agent 3.1/32.783
X-NNTP-Posting-Host: 92.233.37.220
Xref: news6.newsguy.com talk.origins:1082582
X-Received-Date: Sun, 14 Jun 2009 09:19:39 UTC (s02-b64)
I'd just love to hear how all of that can be explained away. _Someone_ is
forging posts. The only question is who, and so far it points just one way.
Perhaps Spintronic can present his side? This should be good.
And it really should be noted that both of the forged posts have a Hotmail
address listed in the From: line. YOO doesn't list Hotmail as his From:
address. Spintronic does. Spintronic is known to be incompetent, so this is
just the kind of error I'd expect from him. Those posts were done by either
Spintronic himself or by someone who _knows_ that Spintronic is incompetent
and crafted the forgeries to look as though they were done by a brain-damaged
jackass so that they'd be considered to be Spintronic's work.
--
email to oshea dot j dot j at gmail dot com.
.
- Follow-Ups:
- Re: I would like to apologise.
- From: TomS
- Re: I would like to apologise.
- References:
- I would like to apologise.
- From: Ye Old One.
- Re: I would like to apologise.
- From: John S. Wilkins
- Re: I would like to apologise.
- From: r norman
- Re: I would like to apologise.
- From: [M]adman
- Re: I would like to apologise.
- From: *Hemidactylus*
- Re: I would like to apologise.
- From: [M]adman
- Re: I would like to apologise.
- From: Martin Andersen
- Re: I would like to apologise.
- From: Caranx latus
- I would like to apologise.
- Prev by Date: Re: I would like to apologise.
- Next by Date: Re: Exctinctions...?
- Previous by thread: Re: I would like to apologise.
- Next by thread: Re: I would like to apologise.
- Index(es):
Relevant Pages
|
