OT - Status of rec.woodworking

"Bay Area Dave" <[email protected]> wrote in message
news:[email protected]...
> >
> I'll be glad to change my fake domain name to whatever will
> make everybody happy. :)
>
>

How 'bout [email protected]
Greg

In article <[email protected]>,
Robert Bonomi <[email protected]> wrote:

> 'Samuel T.' is either the troll himself (about 99.9999% probable), or a
> blithering idiot who doesn't _actually_ know squat about reading headers.

The two aren't mutually exclusive, Robert.

;-)

--
Formosa's Law: "The truly insane have enough on their plates without us adding
to it."

In article <[email protected]>,
<[email protected]> wrote:
>To all participants of the rec.woodworking whom have been affected by
>the trolls I offer the following report from my observations. I have
>been studying this group for the past 6 or 7 months since I learned
>about the rec.woodworking troll problem in NANAU.
>
>It seems that at least two of the most recent troll attack posts have
>come from the same NNTP posting IP address as one of your regular NG
>users who goes by the nickname of "Bay Area Dave".
>
>I will post several message IDs for header examination. Just go to
>Http://groups.google.com and do an advanced search by message ID for
>each message ID below.
>
>Friday morning a troll post from screen name "The Source":
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.3.188
>
>The evening before this troll post was made, Bay Area Dave made a post
>from the exact same IP address:
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.3.188
>
>Coincidence? Read on.
>
>Later Friday evening another troll post appeared under the screen name
>"Big Mouth" with a list of names of many of the regular posters of this
>newsgroup with their unprotected e-mail address listed next to each
>name. The message was crossposted to the alt.spam newsgroup in an
>obviously malicious attempt to have all of these e-mail addresses
>harvested and added to spam mailing lists.
>Message ID:
><[email protected]>
>Came from IP address
>4.246.36.207
>
>Just a couple hours before this troll post made, Bay Area Dave made two
>posts from the exact same IP address:
>Message ID:
><[email protected]>
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.36.207
>
>Is Bay Area Dave one of the major trolls of this newsgroup? This
>can not be answered with certainty, however I've demonstrated above that
>he HAS trolled here. He has certainly shown that he likes to be a
>skin changer and that he has been known to lash out at people
>unnecessarily.
>
>Thank you for your time. I hope this information will be helpful to the
>NG community.
>
>-Samuel T.
>

'Samuel T' is full of it. the 'troll' posts were sent by *email*, through
a mail-to-news gateway. *email* doesn't support a 'NNTP-Posting-Host' header.
That is the exclusive domain of a _news_ server.

Furthermore, the header on the troll posts is 'X-NNTP-Posting-Host', which is
_not_at_all_ the same as 'NNTP-Posting-Host'.

The 'X-' header _must_ have been added _by_the_troll_ *before* sending his
e-mail.


I _wonder_ how 'Samuel T' came to be aware of that 'addition'. Well, not
really. <wry grin>

"Bay Area Dave" <[email protected]> wrote in message
news:[email protected]...
> I'm not the troll. nor is Mark and Juanita. nor Dave
> Balderstone. nor the few others the idiot has impersonated.
> Anyone who thinks it's me is more stupid than the troll
> himself...

I gather you didn't read the post then, I was actually defending you. Mind
you, if you *were* the troll, I'd expect you to reply the way you did!

Greg

so why would he do that if the Organization shows up as
Dizum? that's a dead giveaway that HE isn't ME, so what's
the point of spoofing an IP? We need some new laws!!

dave

Swingman wrote:

> "Bay Area Dave" wrote in message
>
>>you're funny! YOU are the troll or a troll sympathizer.
>>I'm just one of several folks here who have been
>>impersonated, you flaming NUT CASE!
>>
>>How could the troll post from the same IP address is me?
>>I'm not a internet expert, but I'll go out on a limb and say
>>it's not possible. Or ARE there ways for a hacker to fake
>>an IP on a message? Doug Miller might know the answer.
>>Doug, is it possible for someone to fake the IP?
>
>
> The line the troll (or someone fooled by the troll) is using for proof :
>
> X-NNTP-Posting-Host: 4.246.3.188
>
> Can be EASILY added to an NNTP message header by anyone knowledgeable enough
> to do so
>
> ... don't worry about it. It is the usual troll BS, he just looked at the
> message header in one of your posts and picked an ip address for a similar
> address block to yours, nothing clever about it.
>

Bay Area Dave wrote:

> you're funny! YOU are the troll or a troll sympathizer. I'm just one of
> several folks here who have been impersonated, you flaming NUT CASE!
>
> How could the troll post from the same IP address is me? I'm not a
> internet expert, but I'll go out on a limb and say it's not possible.
> Or ARE there ways for a hacker to fake an IP on a message? Doug Miller
> might know the answer. Doug, is it possible for someone to fake the IP?
>
> dave
>
> [email protected] wrote:
>
>> To all participants of the rec.woodworking whom have been affected by
>> the trolls I offer the following report from my observations. I have
>> been studying this group for the past 6 or 7 months since I learned
>> about the rec.woodworking troll problem in NANAU.
>>
>> It seems that at least two of the most recent troll attack posts have
>> come from the same NNTP posting IP address as one of your regular NG
>> users who goes by the nickname of "Bay Area Dave".
>>
>> I will post several message IDs for header examination. Just go to
>> Http://groups.google.com and do an advanced search by message ID for
>> each message ID below.
>>
>> Friday morning a troll post from screen name "The Source":
>> Message ID:
>> <[email protected]>
>> Came from IP address:
>> 4.246.3.188
>>
>> The evening before this troll post was made, Bay Area Dave made a post
>> from the exact same IP address:
>> Message ID:
>> <[email protected]>
>> Came from IP address:
>> 4.246.3.188
>>
>> Coincidence? Read on.
>>
>> Later Friday evening another troll post appeared under the screen name
>> "Big Mouth" with a list of names of many of the regular posters of this
>> newsgroup with their unprotected e-mail address listed next to each
>> name. The message was crossposted to the alt.spam newsgroup in an
>> obviously malicious attempt to have all of these e-mail addresses
>> harvested and added to spam mailing lists.
>> Message ID:
>> <[email protected]>
>> Came from IP address
>> 4.246.36.207
>>
>> Just a couple hours before this troll post made, Bay Area Dave made two
>> posts from the exact same IP address:
>> Message ID:
>> <[email protected]>
>> Message ID:
>> <[email protected]>
>> Came from IP address:
>> 4.246.36.207
>>
>> Is Bay Area Dave one of the major trolls of this newsgroup? This
>> can not be answered with certainty, however I've demonstrated above that
>> he HAS trolled here. He has certainly shown that he likes to be a
>> skin changer and that he has been known to lash out at people
>> unnecessarily.
>>
>> Thank you for your time. I hope this information will be helpful to the
>> NG community.
>>
>> -Samuel T.
>>
>


Headers are quite easy to add in many clients. Some usenet services will
let you add your own headers by demarcating them with colons or other
tags. If you're tired of being spoofed, start signing your messages with
pgp or get an account at spoofproof.org (it's free). Trolls are a fact
of life, and their sole reason for existance is to be obnoxious.

--
-linux_lad
To verify that this post isn't forged, click here:
http://www.spoofproof.org/verify.php?sig=b9d0c87f1b574b1322337ddf7d759f9d

good point, Rossco.

dave

Rossco in Oshawa wrote:

> This entire message was likely a cut and paste job! A little time and
> effort spent by anyone who can read headers could fake ANY IP address as the
> alleged source.
>
>
> In news:[email protected],
> Swingman <[email protected]> typed:
>
>>"Bay Area Dave" wrote in message
>>
>>>you're funny! YOU are the troll or a troll sympathizer.
>>>I'm just one of several folks here who have been
>>>impersonated, you flaming NUT CASE!
>>>
>>>How could the troll post from the same IP address is me?
>>>I'm not a internet expert, but I'll go out on a limb and say
>>>it's not possible. Or ARE there ways for a hacker to fake
>>>an IP on a message? Doug Miller might know the answer.
>>>Doug, is it possible for someone to fake the IP?
>>
>>The line the troll (or someone fooled by the troll) is using for
>>proof :
>>
>>X-NNTP-Posting-Host: 4.246.3.188
>>
>>Can be EASILY added to an NNTP message header by anyone knowledgeable
>>enough to do so
>>
>> ... don't worry about it. It is the usual troll BS, he just looked
>>at the message header in one of your posts and picked an ip address
>>for a similar address block to yours, nothing clever about it.
>
>

that's correct. I'm in sunny SJ.

dave

Dave Hinz wrote:

> On Sun, 25 Apr 2004 05:00:26 -0700, <[email protected]> <[email protected]> wrote:
>
>>It seems that at least two of the most recent troll attack posts have
>>come from the same NNTP posting IP address as one of your regular NG
>>users who goes by the nickname of "Bay Area Dave".
>
>
>>4.246.36.207
>
>
> That's a dialup IP address in San Jose, specifically:
> Name: dialup-4.246.36.207.Dial1.SanJose1.Level3.net
>
> As such, that IP is probably the client rather than a remote
> (shared) newsserver.
>

The funny thing is that he is now so OBVIOUS...


"Bay Area Dave" <[email protected]> wrote in message
news:[email protected]...
> :) That would be doing the impossible, Leon! <g> The guy
> loves attention and disruption of the NG. I wonder what
> other groups he harasses?
>
> dave
>
> Leon wrote:
>
> > I agree with you Greg. While the announcement sounds interesting, this
post
> > is not totally unlike the Troll posts, appearing to be from some one
> > legitimate. How can we verify that this is not a troll attack against
Dave?
> >
> >
> >
>

I agree with you Greg. While the announcement sounds interesting, this post
is not totally unlike the Troll posts, appearing to be from some one
legitimate. How can we verify that this is not a troll attack against Dave?

the authenticated user is "john". what EXACTLY does that
prove? I'm not being sarcastic, I'm asking sincerely, to
try to understand this stuff; what is the point of
"authenticating" message to a newsgroup? guys are so lazy
they won't even check for dizum in the header before dissing
someone who has been spoofed. it all seems useless, but
maybe you can shed some more light on this subject of
combating impersonators. thanks! BTW, the idiot is so
outrageous it boggles my mind that anyone would think his
messages are from the impersonated posters.

dave

-linux_lad wrote:

> Bay Area Dave wrote:
>
>> you're funny! YOU are the troll or a troll sympathizer. I'm just one
>> of several folks here who have been impersonated, you flaming NUT CASE!
>>
>> How could the troll post from the same IP address is me? I'm not a
>> internet expert, but I'll go out on a limb and say it's not possible.
>> Or ARE there ways for a hacker to fake an IP on a message? Doug
>> Miller might know the answer. Doug, is it possible for someone to fake
>> the IP?
>>
>> dave
>>
>> [email protected] wrote:
>>
>>> To all participants of the rec.woodworking whom have been affected by
>>> the trolls I offer the following report from my observations. I have
>>> been studying this group for the past 6 or 7 months since I learned
>>> about the rec.woodworking troll problem in NANAU.
>>>
>>> It seems that at least two of the most recent troll attack posts have
>>> come from the same NNTP posting IP address as one of your regular NG
>>> users who goes by the nickname of "Bay Area Dave".
>>>
>>> I will post several message IDs for header examination. Just go to
>>> Http://groups.google.com and do an advanced search by message ID for
>>> each message ID below.
>>>
>>> Friday morning a troll post from screen name "The Source":
>>> Message ID:
>>> <[email protected]>
>>> Came from IP address:
>>> 4.246.3.188
>>>
>>> The evening before this troll post was made, Bay Area Dave made a post
>>> from the exact same IP address:
>>> Message ID:
>>> <[email protected]>
>>> Came from IP address:
>>> 4.246.3.188
>>>
>>> Coincidence? Read on.
>>>
>>> Later Friday evening another troll post appeared under the screen name
>>> "Big Mouth" with a list of names of many of the regular posters of this
>>> newsgroup with their unprotected e-mail address listed next to each
>>> name. The message was crossposted to the alt.spam newsgroup in an
>>> obviously malicious attempt to have all of these e-mail addresses
>>> harvested and added to spam mailing lists.
>>> Message ID:
>>> <[email protected]>
>>> Came from IP address
>>> 4.246.36.207
>>>
>>> Just a couple hours before this troll post made, Bay Area Dave made two
>>> posts from the exact same IP address:
>>> Message ID:
>>> <[email protected]>
>>> Message ID:
>>> <[email protected]>
>>> Came from IP address:
>>> 4.246.36.207
>>>
>>> Is Bay Area Dave one of the major trolls of this newsgroup? This
>>> can not be answered with certainty, however I've demonstrated above that
>>> he HAS trolled here. He has certainly shown that he likes to be a
>>> skin changer and that he has been known to lash out at people
>>> unnecessarily.
>>>
>>> Thank you for your time. I hope this information will be helpful to the
>>> NG community.
>>>
>>> -Samuel T.
>>>
>>
>
>
> Headers are quite easy to add in many clients. Some usenet services will
> let you add your own headers by demarcating them with colons or other
> tags. If you're tired of being spoofed, start signing your messages with
> pgp or get an account at spoofproof.org (it's free). Trolls are a fact
> of life, and their sole reason for existance is to be obnoxious.
>
> --
> -linux_lad
> To verify that this post isn't forged, click here:
> http://www.spoofproof.org/verify.php?sig=b9d0c87f1b574b1322337ddf7d759f9d
>

This entire message was likely a cut and paste job! A little time and
effort spent by anyone who can read headers could fake ANY IP address as the
alleged source.


In news:[email protected],
Swingman <[email protected]> typed:
> "Bay Area Dave" wrote in message
>> you're funny! YOU are the troll or a troll sympathizer.
>> I'm just one of several folks here who have been
>> impersonated, you flaming NUT CASE!
>>
>> How could the troll post from the same IP address is me?
>> I'm not a internet expert, but I'll go out on a limb and say
>> it's not possible. Or ARE there ways for a hacker to fake
>> an IP on a message? Doug Miller might know the answer.
>> Doug, is it possible for someone to fake the IP?
>
> The line the troll (or someone fooled by the troll) is using for
> proof :
>
> X-NNTP-Posting-Host: 4.246.3.188
>
> Can be EASILY added to an NNTP message header by anyone knowledgeable
> enough to do so
>
> ... don't worry about it. It is the usual troll BS, he just looked
> at the message header in one of your posts and picked an ip address
> for a similar address block to yours, nothing clever about it.

:) That would be doing the impossible, Leon! <g> The guy
loves attention and disruption of the NG. I wonder what
other groups he harasses?

dave

Leon wrote:

> I agree with you Greg. While the announcement sounds interesting, this post
> is not totally unlike the Troll posts, appearing to be from some one
> legitimate. How can we verify that this is not a troll attack against Dave?
>
>
>

"Leon" <[email protected]> wrote in message news:<[email protected]>...
> I agree with you Greg. While the announcement sounds interesting, this post
> is not totally unlike the Troll posts, appearing to be from some one
> legitimate. How can we verify that this is not a troll attack against Dave?

Unfortunately there is a big problem with the NNTP protocols, they are
not designed to work for large groups. The basic model was simply to
take a bunch of mailing lists and send them together in one feed to save
bandwidth. Kinda ironic given the amount of bandwidth NNTP chews up without
any purpose at all.

The only way to deal with trolls is to have a decent authentication and
moderation system built into the forum. Slashdot is a good example of a
relatively troll free forum (if you browse at +1 or above).

The emergence of RSS may provide a means of improving on NNTP, possibly.
There are still big problems to be solved.


Phill

In article <[email protected]>,
<[email protected]> wrote:
>To all participants of the rec.woodworking whom have been affected by
>the trolls I offer the following report from my observations. I have
>been studying this group for the past 6 or 7 months since I learned
>about the rec.woodworking troll problem in NANAU.
>
>It seems that at least two of the most recent troll attack posts have
>come from the same NNTP posting IP address as one of your regular NG
>users who goes by the nickname of "Bay Area Dave".
>
>I will post several message IDs for header examination. Just go to
>Http://groups.google.com and do an advanced search by message ID for
>each message ID below.
>
>Friday morning a troll post from screen name "The Source":
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.3.188
>
>The evening before this troll post was made, Bay Area Dave made a post
>from the exact same IP address:
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.3.188
>
>Coincidence? Read on.
>
>Later Friday evening another troll post appeared under the screen name
>"Big Mouth" with a list of names of many of the regular posters of this
>newsgroup with their unprotected e-mail address listed next to each
>name. The message was crossposted to the alt.spam newsgroup in an
>obviously malicious attempt to have all of these e-mail addresses
>harvested and added to spam mailing lists.
>Message ID:
><[email protected]>
>Came from IP address
>4.246.36.207
>
>Just a couple hours before this troll post made, Bay Area Dave made two
>posts from the exact same IP address:
>Message ID:
><[email protected]>
>Message ID:
><[email protected]>
>Came from IP address:
>4.246.36.207
>
>Is Bay Area Dave one of the major trolls of this newsgroup? This
>can not be answered with certainty, however I've demonstrated above that
>he HAS trolled here. He has certainly shown that he likes to be a
>skin changer and that he has been known to lash out at people
>unnecessarily.
>
>Thank you for your time. I hope this information will be helpful to the
>NG community.
>
>-Samuel T.
>

'Samuel T.' is either the troll himself (about 99.9999% probable), or a
blithering idiot who doesn't _actually_ know squat about reading headers.

His so-called 'evidence' relies on an 'X-NNTP-Posting-Host' header (which
is *not* the same as the genuine 'NNTP-Posting-Host' header), and which occurs
in messages posted via a mail-to-news gateway, and sent *as*email* to that
point through the sneakemail (anonymous email account service) _mail_server_.
The putative posting-host header was added_before_ the message got to the
mail-to-news gateway. Since mail-servers _don-t_ insert any such header,
it _must_ have been inserted by the *originator* of the message, before
sending that _email_.


EVERYTHING ELSE The original poster 'speculates' about can be similarly
discounted. Since his basic "facts" are proven to be 'not trustworthy'.

In article <[email protected]>,
Bay Area Dave <[email protected]> wrote:
>so why would he do that if the Organization shows up as
>Dizum? that's a dead giveaway that HE isn't ME, so what's
>the point of spoofing an IP? We need some new laws!!

Unfortunately, he's found a new/additional avenue, not involving dizum.

sigh... great! [sarcastically, of course]

dave

Pop Rivet wrote:

> ...
>
>>How could the troll post from the same IP address is me?
>>I'm not a internet expert, but I'll go out on a limb and
>
> say
>
>>it's not possible. Or ARE there ways for a hacker to fake
>>an IP on a message? Doug Miller might know the answer.
>>Doug, is it possible for someone to fake the IP?
>
> ...
> Not Dave, but...
> Yes, it is possible. Also not difficult for those with the
> right applications.
>
>

On Sun, 25 Apr 2004 05:00:26 -0700, <[email protected]> <[email protected]> wrote:
>
> It seems that at least two of the most recent troll attack posts have
> come from the same NNTP posting IP address as one of your regular NG
> users who goes by the nickname of "Bay Area Dave".

> 4.246.36.207

That's a dialup IP address in San Jose, specifically:
Name: dialup-4.246.36.207.Dial1.SanJose1.Level3.net

As such, that IP is probably the client rather than a remote
(shared) newsserver.

"Bay Area Dave" wrote in message
> so why would he do that if the Organization shows up as
> Dizum? that's a dead giveaway that HE isn't ME, so what's
> the point of spoofing an IP?

So they can't be tracked ... spammers are famous for it.

>We need some new laws!!

Won't work ... you can't legislate morality, or the Internet.

It will eventually take a new ip protocol to get the thing done propoerly
... the guys who invented the underpinnings of the 'Internet" were idealist
to a large extent and did not foresee the need to arm the protocols against
human meanness and greed.

--
www.e-woodshop.net
Last update: 4/13/04

...
> How could the troll post from the same IP address is me?
> I'm not a internet expert, but I'll go out on a limb and
say
> it's not possible. Or ARE there ways for a hacker to fake
> an IP on a message? Doug Miller might know the answer.
> Doug, is it possible for someone to fake the IP?
...
Not Dave, but...
Yes, it is possible. Also not difficult for those with the
right applications.

Elaborate set-up or the truth?

The IPs seem to indicate this anonymous "benefactor" has presented a *grain*
of truth. The hosts do indeed appear similar.

However, skimming news.admin.net-abuse.usenet doesn't show a recent
conversation on wreck trolls, last comment was in mid Feb.

BTW, why is it the OP has no NNTP-Posting-Host info himself?

BAD used to post under 68.120.???.???, recently he seems to be using
4.246.???.??? as the OP states.

System configuration seems to match (for what that's worth) he sent a post
recently with:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624
Netscape/7.1 (ax)

On 18 Nov 2003:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624
Netscape/7.1 (ax)

I think some expert netsleuths should spend a little time verifying this,
just to make sure a kangaroo court doesn't hang an innocent party. After
all, the best way to mislead someone is with a partial truth.

What say the experts?

Greg

This clown posted a similar troll on a digital camera group.

<[email protected]> wrote in message
news:[email protected]...
> To all participants of the rec.woodworking whom have been affected by
> the trolls I offer the following report from my observations. I have
> been studying this group for the past 6 or 7 months since I learned
> about the rec.woodworking troll problem in NANAU.
>
> It seems that at least two of the most recent troll attack posts have
> come from the same NNTP posting IP address as one of your regular NG
> users who goes by the nickname of "Bay Area Dave".
>
> I will post several message IDs for header examination. Just go to
> Http://groups.google.com and do an advanced search by message ID for
> each message ID below.
>
> Friday morning a troll post from screen name "The Source":
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.3.188
>
> The evening before this troll post was made, Bay Area Dave made a post
> from the exact same IP address:
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.3.188
>
> Coincidence? Read on.
>
> Later Friday evening another troll post appeared under the screen name
> "Big Mouth" with a list of names of many of the regular posters of this
> newsgroup with their unprotected e-mail address listed next to each
> name. The message was crossposted to the alt.spam newsgroup in an
> obviously malicious attempt to have all of these e-mail addresses
> harvested and added to spam mailing lists.
> Message ID:
> <[email protected]>
> Came from IP address
> 4.246.36.207
>
> Just a couple hours before this troll post made, Bay Area Dave made two
> posts from the exact same IP address:
> Message ID:
> <[email protected]>
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.36.207
>
> Is Bay Area Dave one of the major trolls of this newsgroup? This
> can not be answered with certainty, however I've demonstrated above that
> he HAS trolled here. He has certainly shown that he likes to be a
> skin changer and that he has been known to lash out at people
> unnecessarily.
>
> Thank you for your time. I hope this information will be helpful to the
> NG community.
>
> -Samuel T.
>

"Bay Area Dave" <[email protected]> wrote in message
news:[email protected]...
> Anyone who thinks it's me is more stupid than the troll
> himself...
>
> dave
...
Errr, you are aware how trollish that sounds, right?

ALSO, are you actually AT nospam.com? If you mean that as a
fictitious name, be aware that your are possibly causing the
real person with that address to receive spam!
Parsing input: nospam.com
host 204.228.229.164 (getting name) = 164.anything.com.


Reporting addresses for www.nospam.com:
[email protected]

That is VERY BAD netiquette!!!! STOP!! Never make up an
email name unless you KNOW it doesn't and WILL NOT exist!

Sorry, but I am an avid spamfighter and SO much spam is sent
to innocent parties because of unthinking things like making
up a name.

Here's a name you can use that's real, but guaranteed to put
everything into the bit bin: [email protected]. It exists
just for the purpose of being phoney. If you don't like
that one, check out heypete.com. He's got a whole slew of
names you can use. Do NOT make up anything "@heypete.com":
See his site - he has the FULL addresses there that can be
used.



Pop

Well, here's a little hint about admin...me:
His post comes from tenlinks.com.
Whois on tenlinks.com shows its complaint address located
at:
[email protected]
Who seems to be the actual hosting site.
That said, it's possible the headers are forged, but not
likely, based on the general makeup of the complete header
area.
The "interesting" part is that this person, with such a
community-minded orientation is hiding behind a fictitious
address and allows no method of contact. Were I to post
such information, in order to give it credibility, I would
add that I could be reached at a throw-away address such as
my dilbert84AThotmailDOTcom account. But I see there is no
hint of corrobating evidence that is easily checked; only
assumptions and opinion.

Pop

PS - I don't read the dilbert account very often unless I am
expecting mail there. So, be aware I'm not expecting mail
there.

In article <[email protected]>, Bay Area Dave <[email protected]> wrote:
>you're funny! YOU are the troll or a troll sympathizer.
>I'm just one of several folks here who have been
>impersonated, you flaming NUT CASE!
>
>How could the troll post from the same IP address is me?

DAGS on "IP address spoofing".

>I'm not a internet expert, but I'll go out on a limb and say
>it's not possible. Or ARE there ways for a hacker to fake
>an IP on a message? Doug Miller might know the answer.
>Doug, is it possible for someone to fake the IP?
>
Yep.


--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)

For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
You must use your REAL email address to get a response.

I'm not the troll. nor is Mark and Juanita. nor Dave
Balderstone. nor the few others the idiot has impersonated.
Anyone who thinks it's me is more stupid than the troll
himself...

dave

Greg Millen wrote:

> Elaborate set-up or the truth?
>
> The IPs seem to indicate this anonymous "benefactor" has presented a *grain*
> of truth. The hosts do indeed appear similar.
>
> However, skimming news.admin.net-abuse.usenet doesn't show a recent
> conversation on wreck trolls, last comment was in mid Feb.
>
> BTW, why is it the OP has no NNTP-Posting-Host info himself?
>
> BAD used to post under 68.120.???.???, recently he seems to be using
> 4.246.???.??? as the OP states.
>
> System configuration seems to match (for what that's worth) he sent a post
> recently with:
> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624
> Netscape/7.1 (ax)
>
> On 18 Nov 2003:
> User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624
> Netscape/7.1 (ax)
>
> I think some expert netsleuths should spend a little time verifying this,
> just to make sure a kangaroo court doesn't hang an innocent party. After
> all, the best way to mislead someone is with a partial truth.
>
> What say the experts?
>
> Greg
>
>
>

In article <250420041639402064%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>In article <[email protected]>,
>Robert Bonomi <[email protected]> wrote:
>
>> 'Samuel T.' is either the troll himself (about 99.9999% probable), or a
>> blithering idiot who doesn't _actually_ know squat about reading headers.
>
>The two aren't mutually exclusive, Robert.
>
>;-)
>
Of course, as a fellow programmer, I immediately recognized Robert's use of
the inclusive OR. Had he meant that "Samuel" was one, or the other, but not
both, I'm sure he would have said that "Samuel" is either the troll himself,
XOR a blithering idiot...

:-)

--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)

For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
You must use your REAL email address to get a response.

you're funny! YOU are the troll or a troll sympathizer.
I'm just one of several folks here who have been
impersonated, you flaming NUT CASE!

How could the troll post from the same IP address is me?
I'm not a internet expert, but I'll go out on a limb and say
it's not possible. Or ARE there ways for a hacker to fake
an IP on a message? Doug Miller might know the answer.
Doug, is it possible for someone to fake the IP?

dave

[email protected] wrote:

> To all participants of the rec.woodworking whom have been affected by
> the trolls I offer the following report from my observations. I have
> been studying this group for the past 6 or 7 months since I learned
> about the rec.woodworking troll problem in NANAU.
>
> It seems that at least two of the most recent troll attack posts have
> come from the same NNTP posting IP address as one of your regular NG
> users who goes by the nickname of "Bay Area Dave".
>
> I will post several message IDs for header examination. Just go to
> Http://groups.google.com and do an advanced search by message ID for
> each message ID below.
>
> Friday morning a troll post from screen name "The Source":
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.3.188
>
> The evening before this troll post was made, Bay Area Dave made a post
> from the exact same IP address:
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.3.188
>
> Coincidence? Read on.
>
> Later Friday evening another troll post appeared under the screen name
> "Big Mouth" with a list of names of many of the regular posters of this
> newsgroup with their unprotected e-mail address listed next to each
> name. The message was crossposted to the alt.spam newsgroup in an
> obviously malicious attempt to have all of these e-mail addresses
> harvested and added to spam mailing lists.
> Message ID:
> <[email protected]>
> Came from IP address
> 4.246.36.207
>
> Just a couple hours before this troll post made, Bay Area Dave made two
> posts from the exact same IP address:
> Message ID:
> <[email protected]>
> Message ID:
> <[email protected]>
> Came from IP address:
> 4.246.36.207
>
> Is Bay Area Dave one of the major trolls of this newsgroup? This
> can not be answered with certainty, however I've demonstrated above that
> he HAS trolled here. He has certainly shown that he likes to be a
> skin changer and that he has been known to lash out at people
> unnecessarily.
>
> Thank you for your time. I hope this information will be helpful to the
> NG community.
>
> -Samuel T.
>

interesting. thank you. I didn't see the alternative
domain names to use that you said are at heypete.com. could
you be more specific by posting the link? thanks.

I'll be glad to change my fake domain name to whatever will
make everybody happy. :)

dave

Pop Rivet wrote:

> "Bay Area Dave" <[email protected]> wrote in message
> news:[email protected]...
>
>> Anyone who thinks it's me is more stupid than the troll
>>himself...
>>
>>dave
>
> ...
> Errr, you are aware how trollish that sounds, right?
>
> ALSO, are you actually AT nospam.com? If you mean that as a
> fictitious name, be aware that your are possibly causing the
> real person with that address to receive spam!
> Parsing input: nospam.com
> host 204.228.229.164 (getting name) = 164.anything.com.
>
>
> Reporting addresses for www.nospam.com:
> [email protected]
>
> That is VERY BAD netiquette!!!! STOP!! Never make up an
> email name unless you KNOW it doesn't and WILL NOT exist!
>
> Sorry, but I am an avid spamfighter and SO much spam is sent
> to innocent parties because of unthinking things like making
> up a name.
>
> Here's a name you can use that's real, but guaranteed to put
> everything into the bit bin: [email protected]. It exists
> just for the purpose of being phoney. If you don't like
> that one, check out heypete.com. He's got a whole slew of
> names you can use. Do NOT make up anything "@heypete.com":
> See his site - he has the FULL addresses there that can be
> used.
>
>
>
> Pop
>
>
>
>

"Pop Rivet" wrote in message

> ALSO, are you actually AT nospam.com? If you mean that as a
> fictitious name, be aware that your are possibly causing the
> real person with that address to receive spam!

That's come up a number of times down through the years and it's a long
known fact that the advertisers who own nospam.com do not operate an e-mail
server ... probably for a damn good reason.

--
www.e-woodshop.net
Last update: 4/13/04

In article <[email protected]>, Bay Area Dave <[email protected]> wrote:
>We all (going out on a limb here) wish you could use your
>programming prowess to put the bozo out of business, Doug. :)
>
Me, too -- but TCP/IP networking isn't my area of expertise. Sorry.

--
Regards,
Doug Miller (alphageek-at-milmac-dot-com)

For a copy of my TrollFilter for NewsProxy/Nfilter,
send email to autoresponder at filterinfo-at-milmac-dot-com
You must use your REAL email address to get a response.

"Bay Area Dave" wrote in message
> you're funny! YOU are the troll or a troll sympathizer.
> I'm just one of several folks here who have been
> impersonated, you flaming NUT CASE!
>
> How could the troll post from the same IP address is me?
> I'm not a internet expert, but I'll go out on a limb and say
> it's not possible. Or ARE there ways for a hacker to fake
> an IP on a message? Doug Miller might know the answer.
> Doug, is it possible for someone to fake the IP?

The line the troll (or someone fooled by the troll) is using for proof :

X-NNTP-Posting-Host: 4.246.3.188

Can be EASILY added to an NNTP message header by anyone knowledgeable enough
to do so

... don't worry about it. It is the usual troll BS, he just looked at the
message header in one of your posts and picked an ip address for a similar
address block to yours, nothing clever about it.

--
www.e-woodshop.net
Last update: 4/13/04

We all (going out on a limb here) wish you could use your
programming prowess to put the bozo out of business, Doug. :)

dave

Doug Miller wrote:

> In article <250420041639402064%dave@N_O_T_T_H_I_S.balderstone.ca>, dave@N_O_T_T_H_I_S.balderstone.ca wrote:
>
>>In article <[email protected]>,
>>Robert Bonomi <[email protected]> wrote:
>>
>>
>>>'Samuel T.' is either the troll himself (about 99.9999% probable), or a
>>>blithering idiot who doesn't _actually_ know squat about reading headers.
>>
>>The two aren't mutually exclusive, Robert.
>>
>>;-)
>>
>
> Of course, as a fellow programmer, I immediately recognized Robert's use of
> the inclusive OR. Had he meant that "Samuel" was one, or the other, but not
> both, I'm sure he would have said that "Samuel" is either the troll himself,
> XOR a blithering idiot...
>
> :-)
>
> --
> Regards,
> Doug Miller (alphageek-at-milmac-dot-com)
>
> For a copy of my TrollFilter for NewsProxy/Nfilter,
> send email to autoresponder at filterinfo-at-milmac-dot-com
> You must use your REAL email address to get a response.
>
>