Maker Pro
Maker Pro

A hacker at work? IP 80.46.128.141

D

DarkMatter

Jan 1, 1970
0
Well, not exactly - as it says above, it is an offence to cause a computer
to "perform any function with intent to secure access..."

Hey, dingledorf, port scanning is NOT causing the computer to
"perform" any function other than a return as to whether the port is
open or not. That occurs at the network level, and no access is made
to any computer data or programs.

BONE up on tcp/ip. Port scanning is required. Your ISP does it all
the time. So do others. Guess what... It's legal.
 
D

DarkMatter

Jan 1, 1970
0
Just to get something straight in my mind after an evening
spent on the special brew.

Can anyone tell me whether it is true that some people reveal
their IP address every time they post to USENET ?

EVERY post you make to usenet has a header. EVERY header of EVERY
post made to usenet has YOUR (the sender's) information in it.

You can falsify a lot of it, but you have no control over the part
that identifies the sender to the rest of the world. That way, if you
commit malicious acts, they can come find yer lame ass.

Every time you hit a web site, your IP address is reported to their
logs.

Your IP address is NOT a big thing. It is ALSO revealed in your
instant message client, AND in your IRC Chat client when you are in
chat.

Your IP address is NOT a big deal, sheesh.

The AIRYhead Beanbag started all this baby bullshit?
 
D

DarkMatter

Jan 1, 1970
0
You mean like dsl-80.46.128.141 access.uk.tiscali.com
I believe that was yours on this post....take care, Ross
And to think that three months ago, YOU were clueless on this as
well.
 
D

DarkMatter

Jan 1, 1970
0
anyone who reverts to lowlife gutter cornerboy language can
never win an argument and only shows their cb tendencies.

I do not have to measure up to ANY of your, E-1 grade, unsolicited,
unqualified, unintelligent bullshit assessments, little boy.

You fall in *under* the realm of a "CBer". They have more character
than a lame **** like you will ever have. That makes you a *REAL* low
life ****!
 
D

DarkMatter

Jan 1, 1970
0
So true!.....My step father was a ham for over 50 years and I was always
impressed with the class he and his fellow hams had on-air......Ross
So, what the **** happened to your lame ass then?
 
D

DarkMatter

Jan 1, 1970
0
How did Texas become a "Tard State".....how about an elaboration on your
rhetoric......Just curious, though, I should know better than to ask!!!

No... you should learn to read, dipshit.

It says "Lone 'tard State", ya clueless twit.
 
C

Cameron Dorrough

Jan 1, 1970
0
DarkMatter said:
EVERY post you make to usenet has a header. EVERY header of EVERY
post made to usenet has YOUR (the sender's) information in it.

You can falsify a lot of it, but you have no control over the part
that identifies the sender to the rest of the world. That way, if you
commit malicious acts, they can come find yer lame ass.

Every time you hit a web site, your IP address is reported to their
logs.


Not unless you are part of the internet (eg. are an ISP).

The IP address that is commonly reported to web site logs is the IP address
of the ISP's router you are connected to - not the one assigned to your box.
The web site admin could probably request it if they wanted their logs to be
blooming huge - but most don't.

Your IP address is NOT a big thing. It is ALSO revealed in your
instant message client, AND in your IRC Chat client when you are in
chat.

Your IP address is NOT a big deal, sheesh.


Quite true. Millions of people have them!. ;-)
 
Not unless you are part of the internet (eg. are an ISP).

Not true. An good deal of info goes with each request (more or
less depending on your browser), including IP, referring page (if any)
and browser name/version. However, many browsers will allow you to
fake the last, as many brain-dead sites refuse to answer to anything
except MSIE. In fact, if you let your Opera browser self identify,
microsoft.com will add tabs at the beginning of the lines to make the
display look like crap, allegedly because Opera requires this
massaging. In fact, if you tell Opera to identify as MSIE, you get a
perfectly readable page back.

For the simplest proof that your IP is passed, look at
http://www.whatismyip.com/ -- it reflects your IP back to you. Google
for something like "browser parameters passed" and you'll find other
sites which will reflect back all that your browser passes. There are
perhaps twenty items.

Samples:
http://members.aol.com/StanDCmr/display.htm
http://www.webhero.org/Browsers/info.htm

Other sites will display additional parameters.
 
C

Cameron Dorrough

Jan 1, 1970
0
Not true. An good deal of info goes with each request (more or
less depending on your browser), including IP, referring page (if any)
and browser name/version. However, many browsers will allow you to
fake the last, as many brain-dead sites refuse to answer to anything
except MSIE. In fact, if you let your Opera browser self identify,
microsoft.com will add tabs at the beginning of the lines to make the
display look like crap, allegedly because Opera requires this
massaging. In fact, if you tell Opera to identify as MSIE, you get a
perfectly readable page back.

For the simplest proof that your IP is passed, look at
http://www.whatismyip.com/ -- it reflects your IP back to you. Google
for something like "browser parameters passed" and you'll find other
sites which will reflect back all that your browser passes. There are
perhaps twenty items.

Samples:
http://members.aol.com/StanDCmr/display.htm
http://www.webhero.org/Browsers/info.htm

Other sites will display additional parameters.

Thanks for the detail - it's very interesting... but the statement I was
responding to was "Every time you hit a web site, your IP address is
recorded in their *logs*." (emphasis added).

I do realise that all kinds of information is passed to the browser for use
if required, but unless the site uses scripting of some kind (including
cookies) to record the data for their own use, it is *not* recorded in their
web site logs by default. If they did, the logs would be enormous and
contain large amounts of duplicate data.

I hope this helps,

Cameron:)
 
D

DarkMatter

Jan 1, 1970
0
Thanks for the detail - it's very interesting... but the statement I was
responding to was "Every time you hit a web site, your IP address is
recorded in their *logs*." (emphasis added).

I do realise that all kinds of information is passed to the browser for use
if required, but unless the site uses scripting of some kind (including
cookies) to record the data for their own use, it is *not* recorded in their
web site logs by default. If they did, the logs would be enormous and
contain large amounts of duplicate data.

I hope this helps,

Cameron:)

Access logs ARE huge. I hope this helps.
 
W

Walt Davidson

Jan 1, 1970
0
I do not have to measure up to ANY of your, E-1 grade, unsolicited,
unqualified, unintelligent bullshit assessments, little boy.

You fall in *under* the realm of a "CBer". They have more character
than a lame **** like you will ever have. That makes you a *REAL* low
life ****!

I think he imitates what he hears on all those "gangsta" movies
because he thinks it sounds hard!

How juvenile.

73 de G3NYY
 
W

Walt Davidson

Jan 1, 1970
0
How did Texas become a "Tard State".....how about an elaboration on your
rhetoric......Just curious, though, I should know better than to ask!!!

By spawning not one, but *two* George Bushes!

73 de G3NYY
 
F

Frank Turner-Smith G3VKI

Jan 1, 1970
0
Walt Davidson said:
By spawning not one, but *two* George Bushes!

73 de G3NYY
Nah, he said 'Tard' not 'retard'
 
A

Andy Cowley

Jan 1, 1970
0
Gareth said:
Just to get something straight in my mind after an evening
spent on the special brew.

Can anyone tell me whether it is true that some people reveal
their IP address every time they post to USENET ?

Many Thanks,

Gareth.

212.159.3.244 ring any bells?


vy 73

Andy, M1EBV
 
G

Gareth Rowlands

Jan 1, 1970
0
... but the statement I was responding to was "Every time you hit a web
site, your IP address is recorded in their *logs*." (emphasis added).
but unless the site uses scripting of some kind (including cookies) to
record the data for their own use, it is *not* recorded in their web
site logs by default.

Let's have a look at the logs from my website. They are huge !

I once wrote a document called "NNTP for Virgins" which was about
getting the NNTP server up and running in TNOS and JNOS.

Here are two little extracts from the logs where someone has gone to
a search engine looking for something else:

a065163.dialin.hansenet.de - - [07/Nov/2003:02:42:15 +0000]
"GET /amrad/nntp4v.htm HTTP/1.1" 200 27547 "http://search.msn.de/
results.aspx?ps=ba%3d(0..15)0........%26co%3d(0..15)6.3.200.2.5.10.1.3.
%26pn%3d1%26rd%3d0%26&q =little+virgins+bbs&ck_sc=1&ck_af=1"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

So hostname a065163.dialin.hansenet.de went to the search engine
search.msn.de looking for the "little virgins bbs"


cache-loh-ac05.proxy.aol.com - - [23/Oct/2003:19:43:06 +0100] "GET
/amrad/nntp4v.htm HTTP/1.0" 200 27547 "http://aolsearch.aol.co.uk/web?
query=what+i+want+is+virgins&location=uk&isinit=true&submit.x=33&
submit.y=14""Mozilla/4.0 (compatible; MSIE 6.0; AOL 8.0; Windows 98)"

The AOL user who was making use of cache-loh-ac05.proxy.aol.com
on 23rd Oct at 19:43:06 went to aolsearch.aol.co.uk using as the search
term "what i want is virgins"

If the IP address does not resolve to a hostname, then the dotted quad
address is substituted instead !

209.17.161.144 - - [06/Nov/2003:22:01:09 +0000] "GET /linux/msfclock/
HTTP/1.1" 200 3530 "http://www.rat.org.uk/amrad/menu.htm" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"

The above user was looking at a page about an MSF decoder for Linux
having linked there from a menu page.

73, G.
 
G

Geoff

Jan 1, 1970
0
Access logs ARE huge. I hope this helps.

But computer data processing can very rapidly strip unwanted and duplicate
data from the processed logs - funny, that is what computers are very good
at :)

Now exactly how do the spam harvesters get your addresses - lots of ways of
course - but one way is from the logs of suspect web sites.

Geoff
 
G

Gareth Rowlands

Jan 1, 1970
0
Note that this isn't perfect as some servers substitute their own name
into the NNTP-Posting-Host: tag.

This is what I am wondering has happened !

; <<>> DiG 9.2.2 <<>> -x 212.159.3.244

244.3.159.212.in-addr.arpa. 86400 IN PTR ptb-nnrpp01.plus.net.

; <<>> DiG 9.2.2 <<>> lightfox.plus.com

lightfox.plus.com. 86400 IN A 212.56.88.9

So it could be that some isp's reveal their customer's identity
in the NNTP posting host line, but others dont !

Many thanks to all for the help !

73, Gareth.
 
M

Mike Mann

Jan 1, 1970
0
I do realise that all kinds of information is passed to the browser for use
if required, but unless the site uses scripting of some kind (including
cookies) to record the data for their own use, it is *not* recorded in their
web site logs by default.

I'm afraid that's simply untrue. The most widely used Web server on
the planet is Apache and that does, by default, record in its access
log the IP address of every client requesting a page.
If they did, the logs would be enormous and
contain large amounts of duplicate data.

Indeed. The amount of information recorded can of course be
configured by the administrator of the Web server.

Mike.
 
C

Cameron Dorrough

Jan 1, 1970
0
Gareth Rowlands said:
... but the statement I was responding to was "Every time you hit a web
site, your IP address is recorded in their *logs*." (emphasis added).
but unless the site uses scripting of some kind (including cookies) to
record the data for their own use, it is *not* recorded in their web
site logs by default.

Let's have a look at the logs from my website. They are huge !

I once wrote a document called "NNTP for Virgins" which was about
getting the NNTP server up and running in TNOS and JNOS.

Here are two little extracts from the logs where someone has gone to
a search engine looking for something else:

a065163.dialin.hansenet.de - - [07/Nov/2003:02:42:15 +0000]
"GET /amrad/nntp4v.htm HTTP/1.1" 200 27547 "http://search.msn.de/
results.aspx?ps=ba%3d(0..15)0........%26co%3d(0..15)6.3.200.2.5.10.1.3.
%26pn%3d1%26rd%3d0%26&q =little+virgins+bbs&ck_sc=1&ck_af=1"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

So hostname a065163.dialin.hansenet.de went to the search engine
search.msn.de looking for the "little virgins bbs"


cache-loh-ac05.proxy.aol.com - - [23/Oct/2003:19:43:06 +0100] "GET
/amrad/nntp4v.htm HTTP/1.0" 200 27547 "http://aolsearch.aol.co.uk/web?
query=what+i+want+is+virgins&location=uk&isinit=true&submit.x=33&
submit.y=14""Mozilla/4.0 (compatible; MSIE 6.0; AOL 8.0; Windows 98)"

The AOL user who was making use of cache-loh-ac05.proxy.aol.com
on 23rd Oct at 19:43:06 went to aolsearch.aol.co.uk using as the search
term "what i want is virgins"

If the IP address does not resolve to a hostname, then the dotted quad
address is substituted instead !

209.17.161.144 - - [06/Nov/2003:22:01:09 +0000] "GET /linux/msfclock/
HTTP/1.1" 200 3530 "http://www.rat.org.uk/amrad/menu.htm" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)"

The above user was looking at a page about an MSF decoder for Linux
having linked there from a menu page.

Exactly my point. The *hostname* is typically recorded - and not
necessarily the user's actual IP address. Only if when the hostname can't
be resolved (eg. are an ISP) will a discrete IP address be recorded. (To
use the example above: 209.17.161.144 is allocated to Group Telecom Services
Corp in Toronto:
http://www.checkdomain.com/cgi-bin/checkdomain.pl?domain=209.17.161.144)

You can't get the IP address of the user's box from the hostname or find out
anything about them reallly - you only get the IP of the host that they are
connected into and would need to check their host logs for more detail.
IIRC, this is done so that, if the same user was to visit the site multiple
times using a DHCP-allocated IP, your logs would show multiple hits from the
same *hostname* (eg. AOL) and not multiple hits from multiple IPs owned by
the same domain..

Cameron:)
 
Top