Maker Pro
Maker Pro

A hacker at work? IP 80.46.128.141

M

Mike Mann

Jan 1, 1970
0
Exactly my point.

I don't understand your point.
The *hostname* is typically recorded - and not
necessarily the user's actual IP address. Only if when the hostname can't
be resolved (eg. are an ISP) will a discrete IP address be recorded.

With respect, you misunderstand TCP/IP. The IP address of the client
is directly visible to the Web server and the translation, if it's
done, is the other way round: from IP address to fully qualified
domain name, in order to make the logs more readable.
You can't get the IP address of the user's box from the hostname or find out
anything about them reallly - you only get the IP of the host that they are
connected into and would need to check their host logs for more detail.
IIRC, this is done so that, if the same user was to visit the site multiple
times using a DHCP-allocated IP, your logs would show multiple hits from the
same *hostname* (eg. AOL) and not multiple hits from multiple IPs owned by
the same domain..

This makes no sense to me. "AOL" isn't a hostname, DHCP isn't
generally used by ISPs to allocate dynamic IP addresses (it's done
within the PPP negotiation), and the Web server always sees the IP
address of the client or of a proxy if one is being used: the raw
datagram contains the IP address, not a hostname or even the FQDN.

Mike.
 
C

class_a_zpk_12wpm_unlike_2800

Jan 1, 1970
0
I do not have to measure up to ANY of your, XXX grade, unsolicited,
XXXXXXXXXXX, XXXXXXXXXXXXX XXXXXXXX assessments, XXXXXXXXXX.

You fall in *under* the realm of a XXXXXX. They have more character
than a XXXX XXXX like you will ever have. That makes you a *REAL* XXX
XXXX XXXX!

m3osn pse note.
rsgb pse note.


oh dearrie dearrie me.
what will the people at analogue or us dot com
have to say about this ?
 
C

Cameron Dorrough

Jan 1, 1970
0
Mike Mann said:
I don't understand your point.


With respect, you misunderstand TCP/IP. The IP address of the client
is directly visible to the Web server and the translation, if it's
done, is the other way round: from IP address to fully qualified
domain name, in order to make the logs more readable.


This makes no sense to me. "AOL" isn't a hostname, DHCP isn't
generally used by ISPs to allocate dynamic IP addresses (it's done
within the PPP negotiation), and the Web server always sees the IP
address of the client or of a proxy if one is being used: the raw
datagram contains the IP address, not a hostname or even the FQDN.

I'm possibly out of my depth a bit here - thanks for your patience.

My point was that web site logs do not record an individual's IP address
under normal circumstances. Even Usenet doesn't always - it depends on how
you are accessing the Internet.

To take another example: My headers clearly show my IP address - but hang
on a sec - no they don't! That's actually the IP address of the router I
use to connect to the Internet. There could be thousands (well hundreds, at
any rate) of other people using that same IP.

To get from a web site log such as "cache-loh-ac05.proxy.aol.com - -
[23/Oct/2003:19:43:06 +0100]" to something that will positively identify the
user's PC, you need to check the host's HTTP logs (in Gareth's example by
contacting AOL) to find the IP that was accessing your site at the exact
time/date recorded, and then check the HTTP logs of that IP (if it's a
router like mine is), and so on, until you get to the PC at the top of the
chain.

I've had to do this on two occasion for attacks on our site... it's a real
pain... particularly when dealing with ISPs in your country, who are
unhelpful to say the least.

Cameron:)
 
D

DarkMatter

Jan 1, 1970
0
I think he imitates what he hears on all those "gangsta" movies
because he thinks it sounds hard!

How juvenile.

Show me ANYTHING from the above that ever came from ANY movie. You
can't you retarded old bastard.
 
R

Ross Mac

Jan 1, 1970
0
DarkMatter said:
And to think that three months ago, YOU were clueless on this as
well.
Here's a dime...buy a clue.....I have been in computers since you were in
diapers!
 
R

Ross Mac

Jan 1, 1970
0
DarkMatter said:
snip


That's not enough.
Maybe one day when you get a bit older you will realize that people are not
perfect......relax and get over it!
 
D

DarkMatter

Jan 1, 1970
0
m3osn pse note.
rsgb pse note.


oh dearrie dearrie me.
what will the people at analogue or us dot com
have to say about this ?

Grow up, dipshit. This is Usenet, a public, free speech forum.
 
R

Ross Mac

Jan 1, 1970
0
Ross Mac said:
Here's a dime...buy a clue.....I have been in computers since you were in
diapers!
Well group, it is about time for me to honor Don't Matter with a song he
loves so much....Y'all like country western?
Most likely our nasty poster will go beserk with postings after this...but
what the hell....Merry Christmas TardMatter!!

A fine tune for our friend "TardHole" alias DarkMatter!
Now this is a country tune so make sure ya break out yer gitar and sing
along!

Were you born, an asshole, or did you work at it yer whole life?
Either way it worked out fine, because you're an asshole tonight!
Yes, you're an, (spell it!) A S S H O L E , and don't you try to blame it
on me!
You deserve all the credit, your and asshole tonight!
You were an asshole, yesterday , you're and asshole tonight.
And I got, a fear, you'll be and asshole the rest of your life!

"Some Twangy Guitar Stuff and a Little bit of Harp Here"

I was talkin' to your mother, just the other night.
I told her I thought you were an asshole, she said "YES, I think you're
right"!
And all your friends are all assholes, because you've known them your whole
life....
And somebody told me, you got an asshole for a wife!
Were you born, an asshole or did you work at it yer whole life....
Either way it worked out fine, because .....
YOU ARE AN ASSHOLE TONIGHT!
 
R

Ross Mac

Jan 1, 1970
0
DarkMatter said:
No... you should learn to read, dipshit.

It says "Lone 'tard State", ya clueless twit.
Uh....look at your own post....you said Lonely Tard State...I dropped the
word lonely......You never posted Lone ......you really should give up
drinking the bong water wild boy!.....
 
C

Cameron Dorrough

Jan 1, 1970
0
Geoff said:
Now exactly how do the spam harvesters get your addresses - lots of ways of
course - but one way is from the logs of suspect web sites.

No, they don't use web site logs - there are far easier ways than that. The
most common way is to buy the list off your friendly ISP.

Hotmail, RoadRunner, Bigpond, Ozemail.. they'll all happily sell their email
address database (and their Granny) to marketing firms. Nowadays there is
usually some clause in some fine print somewhere that allows them to legally
do this "for market research" or some such - but it's big money!!

Another way is to trawl them off your own web site, if you have one.. but
then maybe the most common way is to just decode them from Usenet posts??
;-)

Have a (cosy, secure) day. <g>

Cameron:)
 
D

DarkMatter

Jan 1, 1970
0
Uh....look at your own post....you said Lonely Tard State...I dropped the
word lonely......You never posted Lone ......you really should give up
drinking the bong water wild boy!.....
I'm closer to being right than you were. **** you, Alzzie.
 
D

DarkMatter

Jan 1, 1970
0
...or the IP of the firewall. My work IP address never leaves
the company (I tried today with the sites listed in this thread).

Dipshit. Local network Ip addresses do not pass through. Doh!
Different tier.

Someone at their home is a subscriber client on an ISP's server, to
get "authorized" for net access. THAT assigned IP will ALWAYS get
reported to inquiries, even with a local net inside your modem port.
20 machines would all report the same IP during their posts.

Your work audit trail ends for external probes at your firewall, but
if you pull some illicit shit, your work's own auditing will nab your
lame ass internally.
The point here though is the NNTP_Posting_Host tag in the NNTP
headers. My headers don't show my IP address. NewsGuy puts
their host ID in there, not the users.

There are differences because instead of using your work place's
access to news services (it DOES have them, you know...?) You use your
personally subscribed to access to a "news provider".

Find out who you get your T1 or DSL or whatever external link to the
world your work has, find out their NNTP server addy, and stop
proxying your news access, and your wallet! Hahhah I just saved you
gobs o cash.

Big difference.
 
G

Geoff

Jan 1, 1970
0
No, they don't use web site logs - there are far easier ways than
that. The most common way is to buy the list off your friendly ISP.

Except those web sites that are specifically set to generate "opt-in"
lists. No reputable company would do so, but there are many that do. It
is only marginally different to those local authorities, and that is MOST
local authorities, who sell their electoral roles.
Hotmail, RoadRunner, Bigpond, Ozemail.. they'll all happily sell their
email address database (and their Granny) to marketing firms.
Nowadays there is usually some clause in some fine print somewhere
that allows them to legally do this "for market research" or some such
- but it's big money!!

Of course, it is always necessary to read, and understand, the small
print. I find it easier to use a reputable ISP and never go near any of
those you mention, and some others. I have banned my other users from
using hotmail etc. I am also close to putting one or two of those
companies on my blocked list.
Another way is to trawl them off your own web site, if you have one..
but then maybe the most common way is to just decode them from Usenet
posts?? ;-)

Have a (cosy, secure) day. <g>

My favourite is the number of people who say "because they have got a
firewall, they cannot get a virus." This is because the virii are blocked
by the firewall. :)

Incidentally, I have found that, for me at least, the most effective
antivirus solution is not to run Microsoft email software on Intel 80X86
hardware!


Have a safe, secure and Merry Xmas

Geoff
 
A

Andy Cowley

Jan 1, 1970
0
Cameron said:
Exactly my point. The *hostname* is typically recorded - and not
necessarily the user's actual IP address. Only if when the hostname can't
be resolved (eg. are an ISP) will a discrete IP address be recorded. (To
use the example above: 209.17.161.144 is allocated to Group Telecom Services
Corp in Toronto:
http://www.checkdomain.com/cgi-bin/checkdomain.pl?domain=209.17.161.144)

Very common tuning is to turn off the hostname lookup for logging, i.e. record
only numeric data. This saves a DNS lookup per hit and is well worth it if
performance is at all an issue.
You can't get the IP address of the user's box from the hostname or find out
anything about them reallly

Since you had to reverse look up the IP to get the hostname, I don't see this?
- you only get the IP of the host that they are
connected into and would need to check their host logs for more detail.
IIRC, this is done so that, if the same user was to visit the site multiple
times using a DHCP-allocated IP, your logs would show multiple hits from the
same *hostname* (eg. AOL) and not multiple hits from multiple IPs owned by
the same domain..

I think you may be saying that the web-proxy looks like the source of the
request. This is correct. It is also true if a firewall is doing NAT. It
doesn't have anything to do with DHCP.
 
E

Ephram Snotwobbler Jr

Jan 1, 1970
0
Were you ever employed in any capacity by Westinghouse?

Are you so employed now?

If not, would you care to comment on how any change may have come
about?

Predictable, boring and repetitive response by a paranoid obsessive.
 
D

DarkMatter

Jan 1, 1970
0
You really are a 'tard. My work *fixed* address is reserved as
one of the originals, yet doesn't appear on the net.

It doesn't appear because local nets are not the same as wide nets,
dipshit.
 
D

DarkMatter

Jan 1, 1970
0
Try inquiring this! I respond occasionally from work, often from
home, though there is no difference in my headers. Are you drunk.


If your work acts as your ISP, then it is an easy determination.
 
D

DarkMatter

Jan 1, 1970
0
How the hell do you know? You haven't a clue about me, or where
I work. Are you drunk tonight? You're making less sense than
normal, if that's possible.


Everyone has to pay for their access to the backbone through
someone. Every ISP I have ever seen has NNTP servers.
If not, they don't qualify too well as ISPs... DOH!

If your company is directly on the net, then you missed out.
 
Top