Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
|
|||
|
|||
These annoying recipes
There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? -- geoff |
#2
|
|||
|
|||
raden wrote:
There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? The German news server is filtering them out. Checking on NTL's server though, ISWYM Presumably it makes someone happy somewhere... Lee -- Email address is valid, but is unlikely to be read. |
#3
|
|||
|
|||
"raden" wrote in message
... There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Answer courtesy of Jeff C on rec.autos.makers.honda: That was a forged post by a USENET vandal known as "hipcrime". Dippy hates USENET, and especially it hates news.admin.net-abuse.email, so it wrote a piece of abuseware known as "newsagent" that allows it to forge supercede posts and force follow-ups to flood NANAE with thousands of "WTF" posts such as yours. What to do about it is simple. First, look at the headers of a few forged posts, and filter on the commonly identifiable elements. Lately dipy's been abusing news servers in northern Europe. If you subscribe to a service such as Supernews, the filtering is already done for you. Second, if you feel you NUST reply to a dippyspew post, look very carefully at where the post will be sent before you send it. This will ensure that you don't accidentally pollute another group thus doing dippy's vandalism for it. Third, now that you're immune to this id10t, join in the defense by posting a message similar to this one whenever you see a dippyspew in your newsgroup. The more people who know about dippy, the less damage it can do. HTH, Al |
#4
|
|||
|
|||
On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:
There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Late last night, yes, nothing much today. They appear to be forged headers created by harvesting name details and injecting messages into appropriately open news servers. Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. Unfortunately, the Usenet environment doesn't have quite so much protection as email servers can have. Equally, this type of attack does not seem to be too prevalent (at least not in the newsgroups I read). -- ..andy To email, substitute .nospam with .gl |
#5
|
|||
|
|||
"Andy Hall" wrote in message ... On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote: There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Late last night, yes, nothing much today. They appear to be forged headers created by harvesting name details and injecting messages into appropriately open news servers. Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. Unfortunately, the Usenet environment doesn't have quite so much protection as email servers can have. Equally, this type of attack does not seem to be too prevalent (at least not in the newsgroups I read). More at: http://www.spamfaq.net/terminology.s...sgroup_attacks Some news servers run software to filter them out, but not most because, as you say, the attack is an uncommon one (except on news.admin.net-abuse.email). Al |
#6
|
|||
|
|||
Andy Hall wrote:
Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. I noted that the plusnet server had killed them before I saw them, however there was an interesting side effect, in that the original "mice" thread headers were also removed from the server as well. I only noticed when I synched another copy of Mozilla on another PC that the whole thread had vanished, yet I can still access the original messages from my cached thread headers on this PC. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#7
|
|||
|
|||
"Andy Hall" wrote in message ... On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote: There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Late last night, yes, nothing much today. They appear to be forged headers created by harvesting name details and injecting messages into appropriately open news servers. Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. I just had a report from, I guess, the moderator of news.karlvalentin.de that some recipes had been posted appearing to come from my email address by the following route: news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP address also left out.mismatch I don't know if this means anything to anyone. I have the email ID but am unsure whether it is wise to post it, so haven't. Someone targetted me once about ten years ago. Very irritating. Sys admin at the place I worked tried to trace it but I had left it too long because I was baffled. Peter Scott |
#8
|
|||
|
|||
|
#9
|
|||
|
|||
On Mon, 27 Dec 2004 15:21:21 -0000, "Peter Scott"
wrote: "Andy Hall" wrote in message .. . On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote: There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Late last night, yes, nothing much today. They appear to be forged headers created by harvesting name details and injecting messages into appropriately open news servers. Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. I just had a report from, I guess, the moderator of news.karlvalentin.de that some recipes had been posted appearing to come from my email address by the following route: news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP address also left out.mismatch I don't know if this means anything to anyone. I have the email ID but am unsure whether it is wise to post it, so haven't. Someone targetted me once about ten years ago. Very irritating. Sys admin at the place I worked tried to trace it but I had left it too long because I was baffled. Peter Scott I would write back to him, pointing out that it appears that your address has been spoofed and that there are a whole bunch of recipe posts in different groups appearing to come from legitimate sources. You might like also to draw his attention to your legitimate posts to this and other groups to establish that in probability, you are not a bad lad. -- ..andy To email, substitute .nospam with .gl |
#10
|
|||
|
|||
"raden" wrote in message
There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes From: http://www.netrn.net/computing.htm Your IP address is the number assigned by your internet service provider (ISP) that identifies your computer as you surf the web. An IP address usually looks like this: 111.222.333.444. It may have less digits in each field. If you want to know your computer's IP address IPChicken will tell you: http://www.ipchicken.com/ You can also find it by clicking start, run, typing cmd, (in Win XP), hit enter, then type in "ipconfig" without the quotes. The important thing to know about your IP address is that it is recorded at every website you visit and is shown in the header of every email that you send. However your IP address cannot be traced to you as in individual. It can be looked up at http://www.arin.net/whois. When you type in the set of numbers it will show the netblock or range of numbers in which yours is located. It may list the name of your ISP. It might or might not give a clue to the area where you live. The only way to prevent your IP address from being visible on the web is to use a proxy or service such as Anonymizer to mask your identify while you surf. -- Posted via Mailgate.ORG Server - http://www.Mailgate.ORG |
#11
|
|||
|
|||
Michael Mcneil wrote:
From: http://www.netrn.net/computing.htm Your IP address is the number assigned by your internet service provider (ISP) that identifies your computer as you surf the web. An IP address All of which kind of pre-supposes that the message was not relayed via a botnet, or used IP source address spoofing on a network that does not implement egress filtering (i.e most of them!) -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
#12
|
|||
|
|||
"Andy Hall" wrote in message ... On Mon, 27 Dec 2004 15:21:21 -0000, "Peter Scott" wrote: "Andy Hall" wrote in message . .. On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote: There seem to be a lot of posts purporting to be from the previous poster in a thread containing weird recipes Is everybody else getting them, and does anybody know what's going on ? Late last night, yes, nothing much today. They appear to be forged headers created by harvesting name details and injecting messages into appropriately open news servers. Some ISPs do address range limitations to prevent their news servers being used by other than their customers, but there are enough open ones around and this is before getting into use of trojan plants on legitimate machines being used to relay posts to look legitimate. I just had a report from, I guess, the moderator of news.karlvalentin.de that some recipes had been posted appearing to come from my email address by the following route: news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP address also left out.mismatch I don't know if this means anything to anyone. I have the email ID but am unsure whether it is wise to post it, so haven't. Someone targetted me once about ten years ago. Very irritating. Sys admin at the place I worked tried to trace it but I had left it too long because I was baffled. Peter Scott I would write back to him, pointing out that it appears that your address has been spoofed and that there are a whole bunch of recipe posts in different groups appearing to come from legitimate sources. You might like also to draw his attention to your legitimate posts to this and other groups to establish that in probability, you are not a bad lad. Helpful advice- thanks I have emailed already. Difficult to prove these things though. I could be a schizophrenic and have a straight and a strange side couldn't I? Does anyone know of a feasible way to track down the nutters who send these things? Could this be the subject of an RFC? Peter Scott |
#13
|
|||
|
|||
John Rumm wrote:
Michael Mcneil wrote: From: http://www.netrn.net/computing.htm Your IP address is the number assigned by your internet service provider (ISP) that identifies your computer as you surf the web. An IP address All of which kind of pre-supposes that the message was not relayed via a botnet, or used IP source address spoofing on a network that does not implement egress filtering (i.e most of them!) Doen';t really matter that much, since at some level the nntp posting host is in the path, and you can generally work from there. Ip source address spoofing is rather hard to use to implement a stream connection, as if you fake where you are coming from, the ack packets won;t get back to you. Yoi may be ale to take over a nearby addres, but you can't fake one across teh other side of teh world. Most boundary routers are VERY tight on stuff like that. |
#14
|
|||
|
|||
The Natural Philosopher wrote:
Doen';t really matter that much, since at some level the nntp posting host is in the path, and you can generally work from there. To an extent, assuming someone is not running their own NNTP host on a "owned" computer, or hiding behind a proxy on one etc. Ip source address spoofing is rather hard to use to implement a stream connection, as if you fake where you are coming from, the ack packets won;t get back to you. This is true... it a more useful technique for DDoS attacks than for things like two way traffic (i.e. TCP connections). Yoi may be ale to take over a nearby addres, but you can't fake one across teh other side of teh world. Most boundary routers are VERY tight on stuff like that. They are getting better. They have always been pretty tight on preventing external IP address blocks get access to services provided for subscribers (although there are still some ISPs that don't care). The reverse situation however is still much more patchy (i.e. preventing exit of packets apparently originated from an IP address range that really ought not to be in the network segment) since this is a technically much harder problem to solve as an afterthought (i.e. you need to have started with a well planned and segmented network in the first place, rather than having "grown" one organically as your demand increased. (The thrust of my post was really to highlight that post containing a snippet of "Noddy learns IP", was (while interesting to some), pretty pointless as a practical solution to the problem). -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
New lights, noisy ballast- it's annoying. | Home Repair | |||
Electropolishing recipes, version two | Metalworking | |||
wild ass kitchen concept . | Woodworking |