Got a guy on another bulletin board (http://forums.roadfly.com/forums/politics-lounge/forum.php) that posts under the name "SpacialCabbage", whatever the hell that means. Anyway, his IP appears to becoming from a different address everytime he posts. Just wondering what spoofing tool he's using to do this. Any ideas?

Jeez, no techies out there can answer this??

It could be his IP is dynamic so everytime he connects to the internet it changes (IE dialup or DSL). However if its whois lookup is changing to different providers/ areas he may actually be spoofing.

Probably a web proxy or dynamic IP. It's so simple to spoof your IP.

If your looking for tools check out packetstormsecurity.org.

If they are the same except for the last grouping or two, then it's just a dynamic address.  If they are completely different then he's just going through open public proxies.

Give me the range of IP addresses that you see.

If its 198.162.x.x   X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up.

post some of the IP's and I will break it down further for you.

aliens

www.dnsstuff.com

Run the IP address through the IP tools here.

It will most likely show up as dynamic addresses from a dial-up provider.  I wouldn't even raise an eyebrow unless these tools say he's in Cambodia one night, and Boston the next night.

Quoted: Got a guy on another bulletin board (http://forums.roadfly.com/forums/politics-lounge/forum.php) that posts under the name "SpacialCabbage", whatever the hell that means. Anyway, his IP appears to becoming from a different address everytime he posts. Just wondering what spoofing tool he's using to do this. Any ideas?

AOL

Quoted: Give me the range of IP addresses that you see. If its 198.162.x.x   X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up. post some of the IP's and I will break it down further for you.

I think you mean 192.168.x.x.  If that's the case then you would never see those IP's logged live since they cannot be routed on the Internet.

If you are seeing a RFC 1631 address, then the guy is posting from the same subnet the web server is on.

Quoted: If you are seeing a RFC 1631 address, then the guy is posting from the same subnet the web server is on.

RFC 1918 are the addresses actually.

NERRRDDDSSSS

Quoted: Give me the range of IP addresses that you see. If its 198.162.x.x   X's being different digits beteen 0 and 255.. then his most likely using nat at home. If they are different 32.x.x.x addressing its most likely AOL or some other Dial-up. post some of the IP's and I will break it down further for you.

It's not a single ISP. It's all over the planet...


posted from: Host: 24-48-92-131.lndnnh.adelphia.net IP: 24.48.92.131
posted from: Host: tor01.nycbug.org IP: 64.90.179.108
posted from: Host: trip.cc.gt.atl.ga.us IP: 199.77.129.53
posted from: Host: host2.gigabytenet.com IP: 207.44.180.3
posted from: Host: c48185.upc-c.chello.nl IP: 212.187.48.185
posted from: Host: IP: 154.35.1.8
posted from: Host: tripwire.cs.ucla.edu IP: 131.179.224.133
posted from: Host: trip.cc.gt.atl.ga.us IP: 199.77.129.53
posted from: Host: ip-162-162.powernet.bg IP: 194.145.162.162
posted from: Host: ip68-4-97-137.oc.oc.cox.net IP: 68.4.97.137
posted from: Host: wg213.waag.org IP: 195.169.149.213
posted from: Host: ns.km20749-20.keymachine.de IP: 84.19.182.23

Doode is hopping around like a jackrabbit from post to post, seconds apart. What the hell kind of spoofage is that? No re-authentication necessary as traffic comes from different paths

I like it. I want it for my bag of tools!!!

Quoted: img164.imageshack.us/img164/5040/nerds5tk.jpg NERRRDDDSSSS

google for public proxy and have the same kind of fun

Bingo. I got it.   www.proxy.org

A constantly rotating IP. Thanks for all your help.

Looking at those IPs, he may have trojans installed on home computers and be tunneling through them.