Discussion:
Very Important to trace 74.55.63.22.
(too old to reply)
Kulin Remailer
2009-02-02 08:47:00 UTC
Permalink
It is very important that I find who sent the post with the headers
given. I know enough to know it was not sent by a remailer. So it
must be traceable and that the time is real. 74.55.63.22 was the
sender. How do I find who that is if it is a tor? Do I need a
subpoena to break a tor? The person who sent is too stupid to use
a remailer.

Thank you. This could be your lucky day if you can help.

Message from discussion What's going on?

View parsed - Show only message text

Subject: What's going on?
From: ***@gmail.com
Date: Sun, 1 Feb 2009 18:51:57 -0800 (PST)
Organization: http://groups.google.com
Lines: 318
Message-ID:
<a3e97a30-0282-4098-893a-***@r36g2000prf.googlegroups.com>
NNTP-Posting-Host: 74.55.63.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1233543117 2158 127.0.0.1 (2 Feb 2009 02:51:57
GMT)
X-Complaints-To: groups-***@google.com
NNTP-Posting-Date: Mon, 2 Feb 2009 02:51:57 +0000 (UTC)
Complaints-To: groups-***@google.com
Injection-Info: r36g2000prf.googlegroups.com; posting-host=74.55.63.22;
posting-account=nHWbnAoAAABvO6XFMXMVU9Yoz0Z8PCtS
User-Agent: G2/1.0
Newsgroups: rec.games.chess.politics
Path:
g2news1.google.com!news1.google.com!postnews.google.com!r36g2000prf.googleg
roups.com!not-for-mail

--------------------------------------------------
Sent via https://www.cotse.net/cgi-bin/mixnews.cgi
Free web portal for anonymous email
1PW
2009-02-02 13:03:57 UTC
Permalink
Post by Kulin Remailer
It is very important that I find who sent the post with the headers
given. I know enough to know it was not sent by a remailer. So it
must be traceable and that the time is real. 74.55.63.22 was the
sender. How do I find who that is if it is a tor? Do I need a
subpoena to break a tor? The person who sent is too stupid to use
a remailer.
Thank you. This could be your lucky day if you can help.
Message from discussion What's going on?
View parsed - Show only message text
Subject: What's going on?
Date: Sun, 1 Feb 2009 18:51:57 -0800 (PST)
Organization: http://groups.google.com
Lines: 318
NNTP-Posting-Host: 74.55.63.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1233543117 2158 127.0.0.1 (2 Feb 2009 02:51:57
GMT)
NNTP-Posting-Date: Mon, 2 Feb 2009 02:51:57 +0000 (UTC)
Injection-Info: r36g2000prf.googlegroups.com; posting-host=74.55.63.22;
posting-account=nHWbnAoAAABvO6XFMXMVU9Yoz0Z8PCtS
User-Agent: G2/1.0
Newsgroups: rec.games.chess.politics
g2news1.google.com!news1.google.com!postnews.google.com!r36g2000prf.googleg
roups.com!not-for-mail
--------------------------------------------------
Sent via https://www.cotse.net/cgi-bin/mixnews.cgi
Free web portal for anonymous email
Hello:

Just using the simplest of Internet tools and assuming that no remailer
nor Tor was used: then the IP address 74.55.63.22 goes back to a system
subscribing to THEPLANET.COM INTERNET SERVICES, in or around Houston
Texas, and its IP name might be 16.3f.374a.static.theplanet.com

However, as you readily pointed out, the message could have been
Torified. Given the basics of Tor, we know that between systems, an
email moving through a Tor network is encrypted, and only portions are
in plaintext.

One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.

HTH

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
Ari©
2009-02-02 16:27:37 UTC
Permalink
Post by 1PW
Post by Kulin Remailer
It is very important that I find who sent the post with the headers
given. I know enough to know it was not sent by a remailer. So it
must be traceable and that the time is real. 74.55.63.22 was the
sender. How do I find who that is if it is a tor? Do I need a
subpoena to break a tor? The person who sent is too stupid to use
a remailer.
Thank you. This could be your lucky day if you can help.
Message from discussion What's going on?
View parsed - Show only message text
Subject: What's going on?
Date: Sun, 1 Feb 2009 18:51:57 -0800 (PST)
Organization: http://groups.google.com
Lines: 318
NNTP-Posting-Host: 74.55.63.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1233543117 2158 127.0.0.1 (2 Feb 2009 02:51:57
GMT)
NNTP-Posting-Date: Mon, 2 Feb 2009 02:51:57 +0000 (UTC)
Injection-Info: r36g2000prf.googlegroups.com; posting-host=74.55.63.22;
posting-account=nHWbnAoAAABvO6XFMXMVU9Yoz0Z8PCtS
User-Agent: G2/1.0
Newsgroups: rec.games.chess.politics
g2news1.google.com!news1.google.com!postnews.google.com!r36g2000prf.googleg
roups.com!not-for-mail
--------------------------------------------------
Sent via https://www.cotse.net/cgi-bin/mixnews.cgi
Free web portal for anonymous email
Just using the simplest of Internet tools and assuming that no remailer
nor Tor was used: then the IP address 74.55.63.22 goes back to a system
subscribing to THEPLANET.COM INTERNET SERVICES, in or around Houston
Texas, and its IP name might be 16.3f.374a.static.theplanet.com
However, as you readily pointed out, the message could have been
Torified. Given the basics of Tor, we know that between systems, an
email moving through a Tor network is encrypted, and only portions are
in plaintext.
One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.
HTH
Pete
Explain how you spoof this IP.
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".
Stray Cat
2009-02-02 17:13:40 UTC
Permalink
On Mon, 2 Feb 2009 11:27:37 -0500, Ari© <***@gmail.com>
wrote:

Snip..
Post by Ari©
Post by 1PW
One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.
HTH
Pete
Explain how you spoof this IP.
The same way I just did.
Borked Pseudo Mailed
2009-02-02 18:40:05 UTC
Permalink
Post by Stray Cat
Post by Ari©
Post by 1PW
One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.
Explain how you spoof this IP.
The same way I just did.
Yeah, but you don't post through Google. You can forge headers and preload
paths as you like. The message in question was posted through Google and
they don't allow setting NNTP-Posting-Host or their own Injection-Info
headers. See:
http://groups.google.com/group/rec.games.chess.politics/msg/cabfa0646721808a?dmode=source

Spoofing IP adresses on TCP connections is hard unless you happen to have
access to the network path. Successfully posting an article from a forged
source address outside the network path is practically impossible.
Stray Cat
2009-02-02 19:08:03 UTC
Permalink
On Mon, 2 Feb 2009 11:40:05 -0700 (MST), Borked Pseudo Mailed
Post by Borked Pseudo Mailed
Post by Stray Cat
Post by Ari©
Post by 1PW
One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.
Explain how you spoof this IP.
The same way I just did.
Yeah, but you don't post through Google. You can forge headers and preload
paths as you like. The message in question was posted through Google and
they don't allow setting NNTP-Posting-Host or their own Injection-Info
http://groups.google.com/group/rec.games.chess.politics/msg/cabfa0646721808a?dmode=source
Spoofing IP adresses on TCP connections is hard unless you happen to have
access to the network path. Successfully posting an article from a forged
source address outside the network path is practically impossible.
The message in question was posted through Google because it contains
headers that implicate Google, or so one would think or be led to
think.

I could add those same headers to my posts too, but that doesn't mean
the headers or the post originated at Google. Anyone who really knows
what they are looking at can see the differences. But they can't tell
where certain headers came from - the user who made the post, or the
server that accepted the post.
Borked Pseudo Mailed
2009-02-03 11:24:23 UTC
Permalink
Post by Stray Cat
On Mon, 2 Feb 2009 11:40:05 -0700 (MST), Borked Pseudo Mailed
Post by Borked Pseudo Mailed
Yeah, but you don't post through Google. You can forge headers and preload
paths as you like. The message in question was posted through Google and
they don't allow setting NNTP-Posting-Host or their own Injection-Info
http://groups.google.com/group/rec.games.chess.politics/msg/cabfa0646721808a?dmode=source
The message in question was posted through Google because it contains
headers that implicate Google, or so one would think or be led to
think.
You didn't bother to follow the link, did you?
Post by Stray Cat
I could add those same headers to my posts too, but that doesn't mean
the headers or the post originated at Google. Anyone who really knows
what they are looking at can see the differences. But they can't tell
where certain headers came from - the user who made the post, or the
server that accepted the post.
If you examine the Path: header in the message at google groups, would you
care to explain how to spoof it? There is no other server except google in
the path. Even if you'd peer directly with google, an injected message
would look different.
Stray Cat
2009-02-03 14:40:42 UTC
Permalink
On Tue, 3 Feb 2009 04:24:23 -0700 (MST), Borked Pseudo Mailed
Post by Borked Pseudo Mailed
If you examine the Path: header in the message at google groups, would you
care to explain how to spoof it? There is no other server except google in
the path. Even if you'd peer directly with google, an injected message
would look different.
Complete path replacement is not possible by the poster. Preloads are.
Borked Pseudo Mailed
2009-02-03 15:14:50 UTC
Permalink
Post by Stray Cat
On Tue, 3 Feb 2009 04:24:23 -0700 (MST), Borked Pseudo Mailed
Post by Borked Pseudo Mailed
If you examine the Path: header in the message at google groups, would you
care to explain how to spoof it? There is no other server except google in
the path. Even if you'd peer directly with google, an injected message
would look different.
Complete path replacement is not possible by the poster. Preloads are.
Exactly what I said. Preloads would look different in Google Groups, even
if you had a direct peering with google and spoof the path in order to make
it look as it was posted through GG.

In this case, there is no preload.

Path: g2news2.google.com!postnews.google.com!r36g2000prf.googlegroups.com!not-for-mail

HTH
Ari©
2009-02-03 07:10:41 UTC
Permalink
Post by Stray Cat
Snip..
Post by Ari©
Post by 1PW
One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.
HTH
Pete
Explain how you spoof this IP.
The same way I just did.
lol

Grow up.
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".
Ari©
2009-02-02 16:30:08 UTC
Permalink
Post by Kulin Remailer
It is very important that I find who sent the post with the headers
given. I know enough to know it was not sent by a remailer. So it
must be traceable and that the time is real.
You don't know any of that.
Post by Kulin Remailer
74.55.63.22 was the
sender.
It's an IP address which is from, maybe, the originating ISP service.
Nothing else.
Post by Kulin Remailer
How do I find who that is if it is a tor? Do I need a
subpoena to break a tor?
No, you need a stick of dynamite.
Post by Kulin Remailer
The person who sent is too stupid to use
a remailer.
Thank you. This could be your lucky day if you can help.
What do I get?
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".
Ed
2009-02-04 06:30:31 UTC
Permalink
Post by Ari©
Post by Kulin Remailer
It is very important that I find who sent the post with
the headers given. I know enough to know it was not sent
by a remailer. So it must be traceable and that the time
is real.
You don't know any of that.
Post by Kulin Remailer
74.55.63.22 was the sender.
It's an IP address which is from, maybe, the originating
ISP service. Nothing else.
Post by Kulin Remailer
How do I find who that is if it is a tor? Do I need a
subpoena to break a tor?
No, you need a stick of dynamite.
Or maybe a magic wand
Post by Ari©
Post by Kulin Remailer
The person who sent is too stupid to use
a remailer.
Thank you. This could be your lucky day if you can help.
What do I get?
--
http://blogdoofus.com
http://tinfoilchef.com
http://www.domaincarryout.com
Ari©
2009-02-06 17:25:04 UTC
Permalink
Post by Ed
Post by Ari©
Post by Kulin Remailer
It is very important that I find who sent the post with
the headers given. I know enough to know it was not sent
by a remailer. So it must be traceable and that the time
is real.
You don't know any of that.
Post by Kulin Remailer
74.55.63.22 was the sender.
It's an IP address which is from, maybe, the originating
ISP service. Nothing else.
Post by Kulin Remailer
How do I find who that is if it is a tor? Do I need a
subpoena to break a tor?
No, you need a stick of dynamite.
Or maybe a magic wand
I think your idea would work better than my dynamite. Considering
neither will work. that is. lol
--
Meet Ari! http://tr.im/1fa3
"To get concrete results, you have to be confrontational".
Nobody Important
2009-02-02 22:42:47 UTC
Permalink
Post by Kulin Remailer
ubject: What's going on?
Date: Sun, 1 Feb 2009 18:51:57 -0800 (PST)
Organization: http://groups.google.com
Lines: 318
NNTP-Posting-Host: 74.55.63.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1233543117 2158 127.0.0.1 (2 Feb 2009 02:51:57
GMT)
NNTP-Posting-Date: Mon, 2 Feb 2009 02:51:57 +0000 (UTC)
Injection-Info: r36g2000prf.googlegroups.com; posting-host=74.55.63.22;
posting-account=nHWbnAoAAABvO6XFMXMVU9Yoz0Z8PCtS
User-Agent: G2/1.0
Newsgroups: rec.games.chess.politics
g2news1.google.com!news1.google.com!postnews.google.com!r36g2000prf.googleg
roups.com!not-for-mail
--------------------------------------------------
Sent via https://www.cotse.net/cgi-bin/mixnews.cgi
Free web portal for anonymous email
This certainly wasn't sent via www.cotse.net, cotse's interface doesn't
add any tags to posts. Someone had to have manually added that.
Dave U. Random
2009-02-03 01:29:22 UTC
Permalink
Reposted from alt.privacy, of interest some body in RGCP?
It is a TOR node in Houston. So who is trying to pretend
they are some body in Houston? Or fluke? You decide. Can
I claim the $20 million? I run a remailer that keeps logs
and allows trakbak. It is called.. EELBASH.

From: 1PW <***@nby.pbz>
Newsgroups: alt.privacy.anon-server,alt.security.pgp,alt.privacy
Subject: Re: Very Important to trace 74.55.63.22.
Date: Mon, 02 Feb 2009 05:03:57 -0800
Organization: Little or none
Lines: 64
Message-ID: <gm6r01$7v7$***@nntp.motzarella.org>
References: <***@reece.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: news.eternal-september.org
U2FsdGVkX1+xu5Do/aPxY3U53Y2Ca/EYcFH3tBZowHwJLw4mRxD5DdPafeSrpakI4KKr9Orwag+
73MBd+PLVOnCcM+ItPna2ooQREQEul2E2+YyWXHp3CqFIkPhb4Sox
X-Complaints-To: Please send complaints to ***@motzarella.org with full
headers
NNTP-Posting-Date: Mon, 2 Feb 2009 13:04:01 +0000 (UTC)
In-Reply-To: <***@reece.net.au>
X-Auth-Sender: U2FsdGVkX1+Zi6HbQ4w4N82Hy7HSYQfg
Cancel-Lock: sha1:gAsMPJv/S1AVJ46hnTQzuwLVtKI=
Post by Kulin Remailer
It is very important that I find who sent the post with the headers
given. I know enough to know it was not sent by a remailer. So it
must be traceable and that the time is real. 74.55.63.22 was the
sender. How do I find who that is if it is a tor? Do I need a
subpoena to break a tor? The person who sent is too stupid to use
a remailer.
Thank you. This could be your lucky day if you can help.
Message from discussion What's going on?
View parsed - Show only message text
Subject: What's going on?
Date: Sun, 1 Feb 2009 18:51:57 -0800 (PST)
Organization: http://groups.google.com
Lines: 318
NNTP-Posting-Host: 74.55.63.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1233543117 2158 127.0.0.1 (2 Feb 2009 02:51:57
GMT)
NNTP-Posting-Date: Mon, 2 Feb 2009 02:51:57 +0000 (UTC)
Injection-Info: r36g2000prf.googlegroups.com; posting-host=74.55.63.22;
posting-account=nHWbnAoAAABvO6XFMXMVU9Yoz0Z8PCtS
User-Agent: G2/1.0
Newsgroups: rec.games.chess.politics
g2news1.google.com!news1.google.com!postnews.google.com!r36g2000prf.googleg
roups.com!not-for-mail
--------------------------------------------------
Sent via https://www.cotse.net/cgi-bin/mixnews.cgi
Free web portal for anonymous email
Hello:

Just using the simplest of Internet tools and assuming that no remailer
nor Tor was used: then the IP address 74.55.63.22 goes back to a system
subscribing to THEPLANET.COM INTERNET SERVICES, in or around Houston
Texas, and its IP name might be 16.3f.374a.static.theplanet.com

However, as you readily pointed out, the message could have been
Torified. Given the basics of Tor, we know that between systems, an
email moving through a Tor network is encrypted, and only portions are
in plaintext.

One must also reason that IP "spoofing" may have been in use, and that
the 74.55.63.22 IP address could be a forgery.

HTH

Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]


Some Remailer Utilities - Use With Linux

These are at http://eelsend.yi.org:8000/remstuff.html


Coverup - Sends dummy traffic

Reminfo - How to use mixmaster as a client or remailer

Mozipan - Use Mixmaster With Pan, Sylpheed, and Mozilla


Coverup generates cover traffic at an interval you select. There is no
way for an observer to tell if the traffic is real or dummy.
This is for linux. Stealthmonger has a windows version (coverup is based
on his idea of always sending traffic, but automatically substituting
dummy messages when real ones are not available).

Reminfo is useful advice on how to set up mixmaster under linux.

Mozipan, used under linux, makes sending messages via mixmaster much more
flexible and elegant than using the ncurses interface that comes with
mixmaster, especially when you are replying to a message.

It works with Pan, Sylpheed, and Mozilla. If some guru were to write a
'socket' that acts as a gateway between the client and the nntp server, a
script like this could be made to work with any client. It might be a
good Winter project for a guru with time on his hands.


Download the utilities at http://eelsend.yi.org:8000/remstuff.html
Loading...