IP Addresses

[Guest ~BD~]

I missed the 207.46.193.207 entry the first time round, apologies for that.

Though it doesn't have a PTR record (doesn't resolve to a hostname), that IP belongs to Microsoft, so does not belong to yourself.

http://hosts-file.net/?s=207%2E46%2E193%2E207

Unless the 10.x address is your internal IP (you can find this out via Start > Run, entering: CMD, clicking OK and entering: ipconfig /all), I've no idea why the header does not include your IP, as this is almost always the case.

OK - thanks.

I checked ipconfig /all as suggested.

My IP address is stated as being 10.227.221.123

Primary WINS server 10.11.12.13 with Secondary WINS being 10.11.12.14

Yet this doesn't relate to the IP address I'm given when I go to http://mysteryfcm.co.uk/?mode=IP where it says my IP is 217.171.129.73

Yup - I'm still confused! Further help/advice will be welcomed.

Sorry for the delay in responding - boating on a flooded river Severn took precedence!

Dave

[MysteryFCM]

The 10.x address is your internal address, which is not public facing and thus, why it's not detected

[YoKenny1]

~BD~ please read about IP2

IP2 is a small program that you can use to determine your IP addresses - both WAN and LAN.

http://keir.net/ip2.html

[Guest ~BD~]

~BD~ please read about IP2

http://keir.net/ip2.html

Hi YoKenny1 - thank you.

I've run IP2 again - now my IP address is showing as 92.41.2.179

I'm afraid that I'm really getting lost with this. If my IP address changes, how on earth can anyone identify me by my IP address?

Thanks for any further guidance!

Dave

[Guest ~BD~]

Similar site with very little advertising compared to the others. Not as bare as the one above though.

http://whatsmyip.net/

Seems I didn't thank you for your post, AdvancedSetup - my apologies! Thank you

I've just checked with 'your' site - it gives my IP as being 205.188.116.15

Ah well!

Dave

EDIT: That was using AOL browser. Using IE7 it shows 217.171.129.77 - beyond me, I fear!!

[YoKenny1]

Hi Steven.

I'd be most grateful if you would review the Header Details I've added below and advise me just which of the IP addresses refer to my computer. None appear to be the same as others in this thread.

Perhaps I'm being unbelievably 'thick' today!

TIA

Dave

Thread-Topic: Just discovered this site - anyone familiar?

thread-index: AckBygm3yVxr0CoCQFy+fJaca2/OcA==

X-WBNR-Posting-Host: 207.46.193.207

From: =?Utf-8?B?Qm9hdGVyRGF2ZQ==?= <BoaterDave@discussions.microsoft.com>

References: <#G8c8NRAJHA.1180@TK2MSFTNGP04.phx.gbl> <uUW5VjZAJHA.1184@TK2MSFTNGP04.phx.gbl>

Subject: Re: Just discovered this site - anyone familiar?

Date: Tue, 19 Aug 2008 00:06:01 -0700

Lines: 57

Message-ID: <31A66BE5-4413-47E0-9236-36F5ABB69BA9@microsoft.com>

MIME-Version: 1.0

Content-Type: text/plain;

charset="Utf-8"

Content-Transfer-Encoding: 7bit

X-Newsreader: Microsoft CDO for Windows 2000

That's Microsoft's on-line interface into their newsgroups if I remember correctly.

I'm afraid that I'm really getting lost with this. If my IP address changes, how on earth can anyone identify me by my IP address?

Anything to do with AOL is a mystery to me as to why anyone would use them unless of course that is the only way you can get on the Internet.

Back to watching The Simpsons on Globa TV.

[Guest ~BD~]

That's Microsoft's on-line interface into their newsgroups if I remember correctly.

Anything to do with AOL is a mystery to me as to why anyone would use them unless of course that is the only way you can get on the Internet.

Back to watching The Simpsons on Globa TV.

Many thanks for your comments. YoKenny1.

You carry on with your TV - we've got to do 30 locks today! (Tardebigge)

Dave

[Guest ~BD~]

Oh dear!

Today My IP address is 92.22.178.225 according to all the sites mentioned in this thread

(and confirmed by David H Lipman in microsoft.public.security.virus and microsoft.public.security.homeusers. The thread is called 'Weird copy/paste situation - virus?')

Does the expression: IP PTR:IP does not resolve to a hostname have any significance with regard to what I'm being told?

Thanks

Dave

XPH SP3 and all updates * KAV7 * Using AOL 9VR

[JeanInMontana]

What is your concern with your IP address? You use AOL and they will change your IP every time you connect through them to the real internet. What IP are you getting the no host name message on?

[Guest ~BD~]

What is your concern with your IP address? You use AOL and they will change your IP every time you connect through them to the real internet. What IP are you getting the no host name message on?

It's a long story, Jean!

Here's a post from a thread I started more than a year ago (read bottom first): the thread is still available here:

http://ms-os.com/virus-information/90006-t...es-dilemma.html

Re: The newbie's dilemma!

"he had his identity stolen" ............ that is TRUE.

'Trojan.Java.ByteVer.R' was identified as the culprit.

"and rather than blame his own inexperience on line, he insists 'we' did it

and he's going to prove it." ........... that is NOT true!

Recognising my inexperience, I set out to determine more about 'malware' and

try to discover just *how* I may have got a Trojan on my PC. I thought that

I had been careful, using Zone Alarm, AVG anti-virus, Ad-Aware and Spybot

amongst others. Oh yes, and a new facility then called Prevx. Insufficient

protection as it turned out!

Few stones have been left unturned (just google for BoaterDave and you'll

find many hundreds of my posts - I didn't ever think to do that less than

two years ago - how naive was that! <g>).

A suspicious email invited me to A/C U2U. I went simply out of curiosity. I

asked many questions. Although I learnt a great deal from many helpful

people, some questions drew a blank and some folk became irritated. A person

or persons unknown was later able, somehow, to disable my PC whilst I was

connected to U2U through a modem and OE6. Not once, but on a number of

occasions. My quest is to determine just *how* it was done. By whom is

another matter, probably best left to the police.

Any help will be much appreciated.

David

************************************************** **********************************

"Troll_Lady" <TL@Invalid.anywhere.nowhere.inalid.net> wrote in message

news:utadnaBwYJjPC0_bnZ2dneKdnZydnZ2d@bright.net.. .

> www.annexcafe.com

> newsgroups & chat. private server. registration needed.

>

> www.dogagent.com

> newsgroups on a private server, open to the public.

>

> both servers friendly to each other, both carry groups for the other in

> case

> one is down for whatever reason. both will honor each others bans.

>

> this is suspicious to BD.

>

> he is even more suspicious because he doesn't understand how i can be

> staff

> for both servers.

>

> he had his identity stolen and rather than blame his own inexperience on

> line, he insists 'we' did it and he's going to prove it.

>

> TL Troll Lady is an Administrator at Annexcafe.com & Dogagent.com

<snip>

I suppose my point to you is that the heirarchy at www.annexcafe.com were absolutely adamant that they were able to track my movements, and attribute posts to me (regardless of my selected user name) by identifying me by my IP address.

You have stated here that my IP address changes each time I connect via AOL. You have confirmed that in your statement above. It follows, therefore, that 'someone' was tracking my movements by some other means!

The 'no host message' is given using Stevens facility (earlier in this thread) on 92.22.178.225

If it helps, I'm back home again now and using XPHome SP3 * KAV7 * Wireless connection to Netgear router * AOL 9.0VR

I hope that's sufficient for now!

Dave

[JeanInMontana]

What I see is your identity was stolen via a trojan. Your IP address had nothing to do with that.

Your activity can be tracked via IP to a point, but only by people on forums with the right permissions are able to see your IP. The software in this forum will track every post you have made here and what the IP was for that post. What they are talking about in the post you put up, is one person is in a position at two sites that allows her to see your IP address at those sites.

Steven's tool resolves website IP's only. Your IP is not a website so it comes up as null.

I hope this helps you understand a bit.

[Guest ~BD~]

What I see is your identity was stolen via a trojan. Your IP address had nothing to do with that.

Your activity can be tracked via IP to a point, but only by people on forums with the right permissions are able to see your IP. The software in this forum will track every post you have made here and what the IP was for that post. What they are talking about in the post you put up, is one person is in a position at two sites that allows her to see your IP address at those sites.

Steven's tool resolves website IP's only. Your IP is not a website so it comes up as null.

I hope this helps you understand a bit.

Thanks for your reply Jean. It is good of you to give me another viewpoint!

I totally agree with your first comment. The aim of the posts was to give you a brief synopsis of where I am coming from.

Maybe I wasn't quite clear in my explanation. If, as you said, my IP address keeps on changing - and I change my posting name - how could a sysop possibly know it was me by an IP address?!! Rhetorical question really

I think I'd like to learn a bit more about how Steven's tool works. Perhaps he'll pop in and tell me!

Thanks for listening - at least you have some traffic reading this thread!

Dave

PS Please will you list every IP address you have received in relation to my posts here at Malwarebytes. Thank you, Jean.

[MysteryFCM]

Steven's tool resolves website IP's only. Your IP is not a website so it comes up as null.

It actually resolves any IP address that has a PTR record, website or otherwise

[MysteryFCM]

Maybe I wasn't quite clear in my explanation. If, as you said, my IP address keeps on changing - and I change my posting name - how could a sysop possibly know it was me by an IP address?!! Rhetorical question really

The vast majority of ACP's (Admin Control Panels), log user changes (e.g. "UserX changed username to UserY")

I think I'd like to learn a bit more about how Steven's tool works. Perhaps he'll pop in and tell me!

It simply obtains your IP address and obtains it's PTR record.

[AdvancedSetup]

Let me see if I can shed a little light on the subject.

Most computers in the World are not directly connected to the Internet and they obtain Internet access by using network address translation (NAT)

Basically your computer will use a private non routeable IP range such as one of these

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):

10.0.0.0

[Guest ~BD~]

It actually resolves any IP address that has a PTR record, website or otherwise

Thanks Steven.

I found this:-

Not every IP address has a corresponding PTR record. In fact, if you took a random sampling of addresses your firewall blocked because they were up to no good, you'd probably find most have no PTR record - a dig -x gets you no information. That's also apt to be true for mail spammers, or their PTR doesn't match up: if you do a dig -x on their IP you get a result, but if you look up that result you might not get the same IP you started with.

That's why PTR records have become important. Originally, PTR records were just intended as a convenience, and perhaps as a way to be neat and complete. There still are no requirements that you have a PTR record or that it be accurate, but because of the abuse of the internet by spammers, certain conventions have grown up. For example, you may not be able to send email to some sites if you don't have a valid PTR record, or if your pointer is "generic"

Source: http://aplawrence.com/Blog/B961.html

I'm going to assume then, for the time-being, that all these changes are occurring simply because my ISP is AOHell

Dave

[Guest ~BD~]

The vast majority of ACP's (Admin Control Panels), log user changes (e.g. "UserX changed username to UserY")

Again, thanks Steven.

I've had absolutely no contact with ACP's - ever! I found a demo. one to play with here:- http://demo.vbulletin.com/

I can see that if so inclined there is much that may be monitored!

You may well know different, but .............

Having been banned by Annexcafe (before they invoked password enrolment) and gone elsewhere, changed my username and my IP address (effected too by unplugging my phone line from the master socket) I still do not understand how the Administrators could possibly identify me. It would surely be like a new user making a simple post.

I still maintain the view that they had other means of identifying me! (Cookies? Some other way?)

Perhaps if you are knowledgeable about such things, you could enrol there, sign up to the computer enthusiasts groups (called User2User - one in the USA and one here in the UK) and ask some testing questions. You might enjoy it!

Dave

[Guest ~BD~]

Let me see if I can shed a little light on the subject.

Most computers in the World are not directly connected to the Internet and they obtain Internet access by using network address translation (NAT)

Basically your computer will use a private non routeable IP range such as one of these

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):

10.0.0.0

[AdvancedSetup]

Well AOL used to be the best interface for noobie computer users as it sort of held their hand on getting around on their own. There were others that tried to do similar but no one was as good at it. Actual Technicians or users that had experience grew to despise AOL due to how it operated and their mass CD mail marketing schemes, etc.

You know, it's possible to use AOL just for the IP. You don't have to use their Interface or anything else. Just get an IP (though onne would assume most places that AOL operates in would be able to get an IP from any local ISP {Internet Service Provider} )

Once you have an IP you can use Internet Explorer or Firefox or any other browser you like.

One of the reasons they can tell is that whomever "knew" it was you, also had access to the Server logs and not just the BBS logs. In those logs when you connect to any Website it displays information about your computer.

Use Internet Explorer and visit this site to get an idea of what it tells every site you visit: Browser Report

There is no 100% sure method of operating anonymously on the Internet unless you're very advanced in knowing how it all works.

0. Start reading and learning more about your computer and how it works.

1. Quit using IE

2. Use a good Firewall

3. Use proxying software

4. Use Firefox with NoScript and AdBlockPlus addons

5. Use a program like CCleaner and clean your system every day

.

[JeanInMontana]

It actually resolves any IP address that has a PTR record, website or otherwise

And what is a PTR record? And why did BD get that response? We all get to learn from this one.

@ BD I think Steven explained how the IP even with a user name change can be traced very well, if not keep asking. Most sites I help manage do not allow user name change without an Admin or Moderator assisting. Which brings me to a question for you, why do you want to hide your posts on these forums in question? Or am I reading more into this than there is?

Edit #2 Why on earth would you want to stick with AOHELL as ISP? There are lots of options from providers that actually get you straight to the WWW and don't force install crapware on your machine.

[MysteryFCM]

heh PTR = Pointer (e.g. IP > hostname)

[AdvancedSetup]

Most home machines sitting behind a NAT device won't have an entry.

Also many systems actually don't have one on purpose as they want to make it a bit more difficult to locate which helps a little to reduce the attack surface.

There are methods to pretty much prevent tracking but it heavily impacts your network speed to the point that you just don't use them.

Is there something I'm missing here as well? Basically as I read it you're upset that some site banned you? Well as already said, there are methods to track you and it's up to you to read and learn more about how computers interact with each other on a network in order to prevent it in the future. You can't change what's been done already.

Unless you're using a good firewall (and know how to set it) then they could even remotely scan your system to help verify it was in fact you. Most ISPs won't block out scans as they just provide you a connection, how you protect that connection is up to you.

[MysteryFCM]

Err, almost all home lines with a static IP (the customer being behind a NAT has absolutely nothing to do with it), have a PTR record (tis very rare that I find one that doesn't). Infact, it's also rare that I find a dynamic IP that doesn't have a PTR record.

[Guest ~BD~]

One of the reasons they can tell is that whomever "knew" it was you, also had access to the Server logs and not just the BBS logs. In those logs when you connect to any Website it displays information about your computer.

Use Internet Explorer and visit this site to get an idea of what it tells every site you visit: url="http://www.browserreport.com/"]Browser Report

Thank you for yet another comprehensive reply!

Hmmm. Just how would they get that info?

I was aware that although AOL is my ISP I can connect to the Internet through any browser (I was a little shocked when I first found out though!). AOL is one of the top 4 Broadband providers in the UK and I had a feeling that they may well be best placed to filter out some of the 'nasties' at their end (by virtue of their long experience in the field)

I've used Firefox but at present have IE7 and Google Chrome (beta, I know!) as alternatives to the actual AOL browser.

Thank you so much for providing the link to BrowserReport. I've never seen that site before. Until 3 years ago, I really had no idea that this kind of information was provided freely to every web site I visited. It explains why my PC once crashed when I visited a site offering to show the cartoons published in Holland which so upset the Muslim folk! A trap had no doubt been set!

Anyway, I went to the BR site with all three browsers. The one thing that stood out was that AOL - only AOL - reported this information:

http://www.malwarebytes.org/forums/index.php? showtopic=5656&st=40&gopid=27765& #entry27765

I have a feeling still that something is amiss here, but it will be sorted!

Dave

[Guest ~BD~]

Err, almost all home lines with a static IP (the customer being behind a NAT has absolutely nothing to do with it), have a PTR record (tis very rare that I find one that doesn't). In fact, it's also rare that I find a dynamic IP that doesn't have a PTR record.

You have 'hit the nail on the head', Steven!

Why don't I have one? Any ideas?

Dave