Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 3/18/2006 8:16:01 AM EDT

Got a guy on another bulletin board (http://forums.roadfly.com/forums/politics-lounge/forum.php) that posts under the name "SpacialCabbage", whatever the hell that means. Anyway, his IP appears to becoming from a different address everytime he posts. Just wondering what spoofing tool he's using to do this. Any ideas?
Link Posted: 3/18/2006 1:33:58 PM EDT

Jeez, no techies out there can answer this??
Link Posted: 3/18/2006 1:35:15 PM EDT
It could be his IP is dynamic so everytime he connects to the internet it changes (IE dialup or DSL). However if its whois lookup is changing to different providers/ areas he may actually be spoofing.
Link Posted: 3/18/2006 1:53:32 PM EDT
Probably a web proxy or dynamic IP. It's so simple to spoof your IP.

If your looking for tools check out packetstormsecurity.org.
Link Posted: 3/18/2006 1:55:21 PM EDT
If they are the same except for the last grouping or two, then it's just a dynamic address. If they are completely different then he's just going through open public proxies.
Link Posted: 3/18/2006 2:13:30 PM EDT
Give me the range of IP addresses that you see.

If its 198.162.x.x X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up.

post some of the IP's and I will break it down further for you.
Link Posted: 3/18/2006 2:15:34 PM EDT
aliens
Link Posted: 3/18/2006 2:27:36 PM EDT
www.dnsstuff.com

Run the IP address through the IP tools here.

It will most likely show up as dynamic addresses from a dial-up provider. I wouldn't even raise an eyebrow unless these tools say he's in Cambodia one night, and Boston the next night.
Link Posted: 3/18/2006 2:47:44 PM EDT

Originally Posted By No-Worries:
Got a guy on another bulletin board (http://forums.roadfly.com/forums/politics-lounge/forum.php) that posts under the name "SpacialCabbage", whatever the hell that means. Anyway, his IP appears to becoming from a different address everytime he posts. Just wondering what spoofing tool he's using to do this. Any ideas?



AOL
Link Posted: 3/18/2006 2:56:44 PM EDT

Originally Posted By DanSharp:
Give me the range of IP addresses that you see.

If its 198.162.x.x X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up.

post some of the IP's and I will break it down further for you.



I think you mean 192.168.x.x. If that's the case then you would never see those IP's logged live since they cannot be routed on the Internet.
Link Posted: 3/18/2006 2:58:54 PM EDT
If you are seeing a RFC 1631 address, then the guy is posting from the same subnet the web server is on.
Link Posted: 3/18/2006 3:02:41 PM EDT

Originally Posted By falaholic1:
If you are seeing a RFC 1631 address, then the guy is posting from the same subnet the web server is on.



RFC 1918 are the addresses actually.
Link Posted: 3/18/2006 3:09:21 PM EDT


NERRRDDDSSSS
Link Posted: 3/18/2006 4:33:50 PM EDT

Originally Posted By DanSharp:
Give me the range of IP addresses that you see.

If its 198.162.x.x X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up.

post some of the IP's and I will break it down further for you.



It's not a single ISP. It's all over the planet...


posted from: Host: 24-48-92-131.lndnnh.adelphia.net IP: 24.48.92.131
posted from: Host: tor01.nycbug.org IP: 64.90.179.108
posted from: Host: trip.cc.gt.atl.ga.us IP: 199.77.129.53
posted from: Host: host2.gigabytenet.com IP: 207.44.180.3
posted from: Host: c48185.upc-c.chello.nl IP: 212.187.48.185
posted from: Host: IP: 154.35.1.8
posted from: Host: tripwire.cs.ucla.edu IP: 131.179.224.133
posted from: Host: trip.cc.gt.atl.ga.us IP: 199.77.129.53
posted from: Host: ip-162-162.powernet.bg IP: 194.145.162.162
posted from: Host: ip68-4-97-137.oc.oc.cox.net IP: 68.4.97.137
posted from: Host: wg213.waag.org IP: 195.169.149.213
posted from: Host: ns.km20749-20.keymachine.de IP: 84.19.182.23

Doode is hopping around like a jackrabbit from post to post, seconds apart. What the hell kind of spoofage is that? No re-authentication necessary as traffic comes from different paths

I like it. I want it for my bag of tools!!!
Link Posted: 3/18/2006 4:42:32 PM EDT

Originally Posted By MuRDoC:
img164.imageshack.us/img164/5040/nerds5tk.jpg

NERRRDDDSSSS



Link Posted: 3/18/2006 4:45:54 PM EDT
google for public proxy and have the same kind of fun
Link Posted: 3/27/2006 3:31:32 PM EDT


Bingo. I got it. www.proxy.org

A constantly rotating IP. Thanks for all your help.
Link Posted: 3/27/2006 3:33:26 PM EDT
Looking at those IPs, he may have trojans installed on home computers and be tunneling through them.
Top Top