The "lawsuit" - The "All Opinions are Welcome, but Sorry no Instigators" Board

Date: Thu Apr 15 1:14 AM, 2004

The "lawsuit"

Date: Thu Apr 15 7:10 AM, 2004

Of course, if the address were 'spoofed', it would not have matched the address that tED was posting from in the first place (how would anyone know what it was)?

Also, ISPs have some records that could indicate who and who was not a busy little beaver at the time.

Lastly - is anybody going to believe that someone went through all that effort to 'spoof' an address just to post a message? I don't think there's a 'reasonable doubt' that the message poster was NOT spoofed!

Date: Thu Apr 15 7:17 AM, 2004

Not really the case. With Blind Spoofing you need to have access to a server setup specifically for illegal activity and be technically savvy enough to intercept mid stream packet transfer (MTM spoofing). To be truly blind, you are a pro hacker or work at or have access to an ISP's PRI trunk id's in order to intercept the packet flow address' within them. The only other way is to send random IP address' to a machine and hope one matches up. There is illegal software that can do this, but the good ones are very expensive and highly illegal. You don't buy it at Comp USA.

Further. IP spoofing is used to hack into and infiltrate a server network or desktop for ID theft, information theft and virus introduction, not to post on a lameass noob message board.

IP addresses will easily lead you to the host iSP (whois), you need a court order to approach the ISP for the user. If willful intent of libel, slander or perjury is proven, that court order will be readily granted. Below is taken from a Telecom Dictionary.

Non-Blind Spoofing

This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.

Blind Spoofing

This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and TCP sessions. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.

Man In the Middle Attack

Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient.

Nice try...but those who post lies are easily found.

Date: Thu Apr 15 8:09 AM, 2004

When presenting evidence in a case like this, how is it done?

Is hard-copy simply delivered which shows the IP address & the posted message such as can be viewed by the site Admin?

If this is the method, then why couldn't someone simply falsify such documents to appear to state what they desired?

For example, I could bring up a page that showed my bank account & current balance, and simply save the html to the hard disk, do some quick editing to make my balance show as $1,000,000,000 and then display and print the modified page. This would make it appear that I was on par with Donald Trump, but would be far from the truth.

In essence, a site admin could make it appear, on paper, that any user had posted anything, could they not?

Date: Thu Apr 15 8:12 AM, 2004

quote:

Originally posted by: Network guru
"Of course, if the address were 'spoofed', it would not have matched the address that tED was posting from in the first place (how would anyone know what it was)?

Could easily have been sniffed.

Also, ISPs have some records that could indicate who and who was not a busy little beaver at the time.

Still wouldn't prove that the IP was not spoofed.

Lastly - is anybody going to believe that someone went through all that effort to 'spoof' an address just to post a message?

The effort isn't really that great, especially for some enterprising high school kid with too much time on his hands trying to stir up trouble.

Date: Thu Apr 15 8:18 AM, 2004

Any evidence will be provide by the people who run activeboard under subpoena. They have no reason to falsify evidence, and if they did, they'd be on their way to jail. They keep records. Those records will be brought forth - just as a phone company keeps records and just as your ISP keeps records.

As for the idiot who says that tED's address could have been 'sniffed'. This is not spy vs spy. The people of Rockaway are not 'sniffing' anything of tEDs, least of all his address. Do you think the person who really posted the message broke in to the cable line just outside tED's house so they could sniff his address? Or maybe, they work for Cablevision and sniffed from work. I hope they didn't inhale when they sniffed.

Just a reminder also - hypothetically of course, if someone is accused of posting something and that person then denies they posted it, but it is proven that they did...They will not only be held responsible for what was in the posts, but they will have also been caught lying in a courtroom - not a pleasant thing to have happen....I don't think that anyone is going to risk criminal acts to lie about not posting something.

Date: Thu Apr 15 8:21 AM, 2004

I suppose Ted could hope to get some newbie judge who wasn't already exposed to his troublemaking obnoxious behavior in the past--

Date: Thu Apr 15 10:10 AM, 2004

How many excuses will we hear for spy vs spy methods of pretending to post as someone else. Facts are facts. The accesses were logged by the web host and the ip is verified by the ISP.

The counter of made-up excuses is working overtime though - thanks for giving him something to smile about:

Date: Thu Apr 15 12:02 PM, 2004

Ultimately, it will be up to my lawyer(s), a communications forensics expert, and a judge to sort it all out.