Re: Could someone get this guy a quarter?

[M]adman wrote, on 09-06-20 11:21 AM:
J.J. O'Shea wrote:
On Fri, 19 Jun 2009 21:53:16 -0400, M]adman wrote
(in article<madman-NcX_l.12989$he4.10729@xxxxxxxxxxxxxxxxxxxxxx>):

J.J. O'Shea wrote:
On Fri, 19 Jun 2009 06:50:32 -0400, Mike Dworetsky wrote
(in article<9vqdnbtVy6jm8KbXnZ2dnUVZ8j-dnZ2d@xxxxxxxxxxxxxxxx>):


"J.J. O'Shea"<try.not.to@xxxxxxxxxxx> wrote in message
news:h1flgu01k4s@xxxxxxxxxxxxxxxxxxxx
On Fri, 19 Jun 2009 05:04:26 -0400, Mike Dworetsky wrote
(in article<BoKdnRq3y-0CyabXnZ2dnUVZ8g-dnZ2d@xxxxxxxxxxxxxxxx>):

"Tom McDonald"<tmcdonald2672@xxxxxxxxxxx> wrote in message
news:0dI_l.2018$9Z.1509@xxxxxxxxxxxxxxx
spintronic wrote:
Hey moderator, digger, or whatever dip*** name you use.

Could you put 25 cents in your electricity meter, and get T.O
back upto full speed?


YOO spoofing Spinny, or Spinny spoofing YOO? The headers, except
for the IP addy, are Spinny's; the IP addy is YOO's.

Payback? Or a slightly more clever forgery by Spinny?

I report, DIG decides.

--
Tom


I'm not sure that is correct.

It's spinny. He's using a machine at the St. Helens Council, the
same one he
was using on the 13th. He used that IP, his own home IP, a German
IP, and a
Scots IP to post forged YOO posts. The council machine was the one
he used immediately after people posted showing that forged YOO
posts were coming from spinny's home machine.

It remains to be determined if this is from a public terminal at a
library in St Helens or from the council offices themselves, or
from a local school. If he is an employee posting on his
employer's time, it's a no-no, as is any technically illegal
activity even if he is using a free account at the local library.

That doesn't matter. Somehow spinny would have had to, by purest
accident, selected the exact same machine that someone else selected
to forge those fake YOO posts...

You can't be assured of any of this without tracing the MAC address.
THAT is the only true way to tell if it was the exact "machine".

It had the exact same IP. It'd be one hell of a coincidence if he
used a different machine in the complex and got the same IP.


NOT true. All it would take is to shut down the computers and reboot. If
IP's are assigned by the router then a new IP could be asigned. Also WinXP


DHCP leases are typically 7 days in a Windows server environment, and admins rarely set the lease time for less than 24 hours. The DHCP server would most likely give the machine the same IP since it still has the lease in its database. Only in a place like a wireless cafe with lots of transient computers might you get a different IP when rebooting or doing a release/renew.

has a "repair" function which flushes the cache and assigns a new IP.

No, no, the repair function does not assign a new IP - it requests a new one via DHCP unless the interface is set to use a static IP. As above, it will thus most likely get the same IP.




And,
again, NOTE THAT THE FORGER GOT THE IP ADDRESS _FIRST_. How did the
forger know which IP would be given to spinny _days_ later? It's not
like the other posts, where the forger used an IP that spinny had
already used; maybe, just maybe, he could have hacked into blueyonder
or Darwin or both and spoofed spinny's old IP... but how could he
_possibly_ have spoofed the IP _before spinny posted from that
machine even once_? Does the spoofer have a tame time machine?


What is a tame time machine?

The spoofer did not know spinny would get the same IP. THAT part could be or
was a coincidence.



Which you are too stupid to do

Post up the MAC of the routher and the machine.

What's a 'routher'? And why would I need to do that? And _how_ would
I do that without hacking into their system, which is highly illegal?

No it's not you baffoon. You can find the MAC on anyone if you know the IP.

Not across the Internet, you can't. The MAC won't survive the first hop - it is link local only.

(nbtstat -A ipaddress) and it is just as legal as doing a /whois. However, a

Except "nbtstat -A" is a NetBIOS command and the ports used by that are some of the most heavily blocked and filtered ones on the Internet and are unlikely to make it out one NAT. It certainly wouldn't ever make it into a NAT, because you'd never be able to route any port, NetBIOS or other, to a private range IP behind a NAT.

So, again, this would require physical penetration of the network in question to use nbtstat to find a computer's MAC.

MAC can be cloned so a really cleaver hacker will have the MAC spoofed as
well. Plus, since the onslaught of DHCP routers you are more likely to get
the MAC of the router since the router is assigned the actual public IP. But

No, you would get even that because no hardware router implements NetBIOS and only an idiot would use a Windows box as an edge router.

many quality routers allow MAC cloning as well. So at best you can find the
physical location of the router by it's MAC but not necessarly the MAC of a
specific PC on the local network without some tricks. Which i will not tell
you of course.

I doubt you know them.

.

Loading