UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1   Report Post  
raden
 
Posts: n/a
Default These annoying recipes


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?


--
geoff
  #2   Report Post  
Lee
 
Posts: n/a
Default

raden wrote:

There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?



The German news server is filtering them out.
Checking on NTL's server though, ISWYM

Presumably it makes someone happy somewhere...

Lee
--
Email address is valid, but is unlikely to be read.
  #3   Report Post  
Al Reynolds
 
Posts: n/a
Default

"raden" wrote in message
...

There seem to be a lot of posts purporting to be from the previous poster
in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?



Answer courtesy of Jeff C on rec.autos.makers.honda:
That was a forged post by a USENET vandal known as "hipcrime". Dippy
hates USENET, and especially it hates news.admin.net-abuse.email, so
it wrote a piece of abuseware known as "newsagent" that allows it to
forge supercede posts and force follow-ups to flood NANAE with
thousands of "WTF" posts such as yours.

What to do about it is simple. First, look at the headers of a few
forged posts, and filter on the commonly identifiable elements. Lately
dipy's been abusing news servers in northern Europe. If you subscribe
to a service such as Supernews, the filtering is already done for you.
Second, if you feel you NUST reply to a dippyspew post, look very
carefully at where the post will be sent before you send it. This will
ensure that you don't accidentally pollute another group thus doing
dippy's vandalism for it. Third, now that you're immune to this id10t,
join in the defense by posting a message similar to this one whenever
you see a dippyspew in your newsgroup. The more people who know about
dippy, the less damage it can do.


HTH,
Al


  #4   Report Post  
Andy Hall
 
Posts: n/a
Default

On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?


Late last night, yes, nothing much today.

They appear to be forged headers created by harvesting name details
and injecting messages into appropriately open news servers.

Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.

Unfortunately, the Usenet environment doesn't have quite so much
protection as email servers can have. Equally, this type of attack
does not seem to be too prevalent (at least not in the newsgroups I
read).





--

..andy

To email, substitute .nospam with .gl
  #5   Report Post  
Al Reynolds
 
Posts: n/a
Default


"Andy Hall" wrote in message
...
On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?


Late last night, yes, nothing much today.

They appear to be forged headers created by harvesting name details
and injecting messages into appropriately open news servers.

Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.

Unfortunately, the Usenet environment doesn't have quite so much
protection as email servers can have. Equally, this type of attack
does not seem to be too prevalent (at least not in the newsgroups I
read).


More at:
http://www.spamfaq.net/terminology.s...sgroup_attacks

Some news servers run software to filter them out, but
not most because, as you say, the attack is an uncommon
one (except on news.admin.net-abuse.email).

Al




  #6   Report Post  
John Rumm
 
Posts: n/a
Default

Andy Hall wrote:


Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.


I noted that the plusnet server had killed them before I saw them,
however there was an interesting side effect, in that the original
"mice" thread headers were also removed from the server as well. I only
noticed when I synched another copy of Mozilla on another PC that the
whole thread had vanished, yet I can still access the original messages
from my cached thread headers on this PC.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
  #7   Report Post  
Peter Scott
 
Posts: n/a
Default


"Andy Hall" wrote in message
...
On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?


Late last night, yes, nothing much today.

They appear to be forged headers created by harvesting name details
and injecting messages into appropriately open news servers.

Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.


I just had a report from, I guess, the moderator of news.karlvalentin.de
that some recipes had been posted appearing to come from my email
address by the following route:

news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP
address also left out.mismatch

I don't know if this means anything to anyone. I have the email ID but am
unsure whether it is wise to post it, so haven't.

Someone targetted me once about ten years ago. Very irritating. Sys admin at
the place I worked tried to trace it but I had left it too long because I
was baffled.

Peter Scott


  #9   Report Post  
Andy Hall
 
Posts: n/a
Default

On Mon, 27 Dec 2004 15:21:21 -0000, "Peter Scott"
wrote:


"Andy Hall" wrote in message
.. .
On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?


Late last night, yes, nothing much today.

They appear to be forged headers created by harvesting name details
and injecting messages into appropriately open news servers.

Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.


I just had a report from, I guess, the moderator of news.karlvalentin.de
that some recipes had been posted appearing to come from my email
address by the following route:

news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP
address also left out.mismatch

I don't know if this means anything to anyone. I have the email ID but am
unsure whether it is wise to post it, so haven't.

Someone targetted me once about ten years ago. Very irritating. Sys admin at
the place I worked tried to trace it but I had left it too long because I
was baffled.

Peter Scott



I would write back to him, pointing out that it appears that your
address has been spoofed and that there are a whole bunch of recipe
posts in different groups appearing to come from legitimate sources.
You might like also to draw his attention to your legitimate posts to
this and other groups to establish that in probability, you are not a
bad lad.




--

..andy

To email, substitute .nospam with .gl
  #10   Report Post  
Michael Mcneil
 
Posts: n/a
Default

"raden" wrote in message



There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes


From: http://www.netrn.net/computing.htm

Your IP address is the number assigned by your internet service provider
(ISP) that identifies your computer as you surf the web. An IP address
usually looks like this: 111.222.333.444. It may have less digits in
each field.

If you want to know your computer's IP address IPChicken will tell you:
http://www.ipchicken.com/ You can also find it by clicking start,
run, typing cmd, (in Win XP), hit enter, then type in "ipconfig" without
the quotes.

The important thing to know about your IP address is that it is recorded
at every website you visit and is shown in the header of every email
that you send. However your IP address cannot be traced to you as in
individual. It can be looked up at http://www.arin.net/whois.

When you type in the set of numbers it will show the netblock or range
of numbers in which yours is located. It may list the name of your ISP.
It might or might not give a clue to the area where you live.

The only way to prevent your IP address from being visible on the web is
to use a proxy or service such as Anonymizer to mask your identify while
you surf.



--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG


  #11   Report Post  
John Rumm
 
Posts: n/a
Default

Michael Mcneil wrote:

From: http://www.netrn.net/computing.htm

Your IP address is the number assigned by your internet service provider
(ISP) that identifies your computer as you surf the web. An IP address


All of which kind of pre-supposes that the message was not relayed via a
botnet, or used IP source address spoofing on a network that does not
implement egress filtering (i.e most of them!)

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
  #12   Report Post  
Peter Scott
 
Posts: n/a
Default


"Andy Hall" wrote in message
...
On Mon, 27 Dec 2004 15:21:21 -0000, "Peter Scott"
wrote:


"Andy Hall" wrote in message
. ..
On Sun, 26 Dec 2004 19:47:23 GMT, raden wrote:


There seem to be a lot of posts purporting to be from the previous
poster in a thread containing weird recipes

Is everybody else getting them, and does anybody know what's going on ?

Late last night, yes, nothing much today.

They appear to be forged headers created by harvesting name details
and injecting messages into appropriately open news servers.

Some ISPs do address range limitations to prevent their news servers
being used by other than their customers, but there are enough open
ones around and this is before getting into use of trojan plants on
legitimate machines being used to relay posts to look legitimate.


I just had a report from, I guess, the moderator of news.karlvalentin.de
that some recipes had been posted appearing to come from my email
address by the following route:

news.karlvalentin.de!news.qymp.de!news-out.nuthinbutnews.com!propagator2-sterling.newsfeeds.com!news-in.newsfeeds.com!newsfeed.icl.net!feed.news.tiscal i.de!newsfeed01.sul.t-online.de!newsfeed00.sul.t-online.de!t-online.de!tiscali!newsfeed1.ip.tiscali.net!border2 .nntp.ams.giganews.com!nntp.giganews.com!lightspee d.eweka.nl!newsfeed.multikabel.nl!feeder.news-service.com!psinet-eu-nl!my.address.left.out.just.in.case!IP
address also left out.mismatch

I don't know if this means anything to anyone. I have the email ID but am
unsure whether it is wise to post it, so haven't.

Someone targetted me once about ten years ago. Very irritating. Sys admin
at
the place I worked tried to trace it but I had left it too long because I
was baffled.

Peter Scott



I would write back to him, pointing out that it appears that your
address has been spoofed and that there are a whole bunch of recipe
posts in different groups appearing to come from legitimate sources.
You might like also to draw his attention to your legitimate posts to
this and other groups to establish that in probability, you are not a
bad lad.


Helpful advice- thanks

I have emailed already. Difficult to prove these things though.
I could be a schizophrenic and have a straight and a strange side couldn't
I?
Does anyone know of a feasible way to track down the nutters who send
these things? Could this be the subject of an RFC?

Peter Scott


  #13   Report Post  
The Natural Philosopher
 
Posts: n/a
Default

John Rumm wrote:

Michael Mcneil wrote:

From: http://www.netrn.net/computing.htm

Your IP address is the number assigned by your internet service provider
(ISP) that identifies your computer as you surf the web. An IP address



All of which kind of pre-supposes that the message was not relayed via a
botnet, or used IP source address spoofing on a network that does not
implement egress filtering (i.e most of them!)


Doen';t really matter that much, since at some level the nntp posting
host is in the path, and you can generally work from there.

Ip source address spoofing is rather hard to use to implement a stream
connection, as if you fake where you are coming from, the ack packets
won;t get back to you.

Yoi may be ale to take over a nearby addres, but you can't fake one
across teh other side of teh world.

Most boundary routers are VERY tight on stuff like that.
  #14   Report Post  
John Rumm
 
Posts: n/a
Default

The Natural Philosopher wrote:

Doen';t really matter that much, since at some level the nntp posting
host is in the path, and you can generally work from there.


To an extent, assuming someone is not running their own NNTP host on a
"owned" computer, or hiding behind a proxy on one etc.

Ip source address spoofing is rather hard to use to implement a stream
connection, as if you fake where you are coming from, the ack packets
won;t get back to you.


This is true... it a more useful technique for DDoS attacks than for
things like two way traffic (i.e. TCP connections).

Yoi may be ale to take over a nearby addres, but you can't fake one
across teh other side of teh world.

Most boundary routers are VERY tight on stuff like that.


They are getting better. They have always been pretty tight on
preventing external IP address blocks get access to services provided
for subscribers (although there are still some ISPs that don't care).

The reverse situation however is still much more patchy (i.e. preventing
exit of packets apparently originated from an IP address range that
really ought not to be in the network segment) since this is a
technically much harder problem to solve as an afterthought (i.e. you
need to have started with a well planned and segmented network in the
first place, rather than having "grown" one organically as your demand
increased.

(The thrust of my post was really to highlight that post containing a
snippet of "Noddy learns IP", was (while interesting to some), pretty
pointless as a practical solution to the problem).

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
New lights, noisy ballast- it's annoying. IRONDOG Home Repair 6 May 14th 04 06:54 PM
Electropolishing recipes, version two Carl Ijames Metalworking 3 April 19th 04 02:25 AM
wild ass kitchen concept . Mike Hide Woodworking 23 August 5th 03 11:28 PM


All times are GMT +1. The time now is 07:09 PM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 DIYbanter.
The comments are property of their posters.
 

About Us

"It's about DIY & home improvement"