OT - Status of rec.woodworking

Page 1 of 2  
To all participants of the rec.woodworking whom have been affected by the trolls I offer the following report from my observations. I have been studying this group for the past 6 or 7 months since I learned about the rec.woodworking troll problem in NANAU.
It seems that at least two of the most recent troll attack posts have come from the same NNTP posting IP address as one of your regular NG users who goes by the nickname of "Bay Area Dave".
I will post several message IDs for header examination. Just go to Http://groups.google.com and do an advanced search by message ID for each message ID below.
Friday morning a troll post from screen name "The Source": Message ID:
Came from IP address: 4.246.3.188
The evening before this troll post was made, Bay Area Dave made a post from the exact same IP address: Message ID:
Came from IP address: 4.246.3.188
Coincidence? Read on.
Later Friday evening another troll post appeared under the screen name "Big Mouth" with a list of names of many of the regular posters of this newsgroup with their unprotected e-mail address listed next to each name. The message was crossposted to the alt.spam newsgroup in an obviously malicious attempt to have all of these e-mail addresses harvested and added to spam mailing lists. Message ID:
Came from IP address 4.246.36.207
Just a couple hours before this troll post made, Bay Area Dave made two posts from the exact same IP address: Message ID:
Message ID:
Came from IP address: 4.246.36.207
Is Bay Area Dave one of the major trolls of this newsgroup? This can not be answered with certainty, however I've demonstrated above that he HAS trolled here. He has certainly shown that he likes to be a skin changer and that he has been known to lash out at people unnecessarily.
Thank you for your time. I hope this information will be helpful to the NG community.
-Samuel T.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Elaborate set-up or the truth?
The IPs seem to indicate this anonymous "benefactor" has presented a *grain* of truth. The hosts do indeed appear similar.
However, skimming news.admin.net-abuse.usenet doesn't show a recent conversation on wreck trolls, last comment was in mid Feb.
BTW, why is it the OP has no NNTP-Posting-Host info himself?
BAD used to post under 68.120.???.???, recently he seems to be using 4.246.???.??? as the OP states.
System configuration seems to match (for what that's worth) he sent a post recently with: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
On 18 Nov 2003: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
I think some expert netsleuths should spend a little time verifying this, just to make sure a kangaroo court doesn't hang an innocent party. After all, the best way to mislead someone is with a partial truth.
What say the experts?
Greg
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I'm not the troll. nor is Mark and Juanita. nor Dave Balderstone. nor the few others the idiot has impersonated. Anyone who thinks it's me is more stupid than the troll himself...
dave
Greg Millen wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
See his site - he has the FULL addresses there that can be used.
Pop
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Pop Rivet" wrote in message

That's come up a number of times down through the years and it's a long known fact that the advertisers who own nospam.com do not operate an e-mail server ... probably for a damn good reason.
--
www.e-woodshop.net
Last update: 4/13/04
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
interesting. thank you. I didn't see the alternative domain names to use that you said are at heypete.com. could you be more specific by posting the link? thanks.
I'll be glad to change my fake domain name to whatever will make everybody happy. :)
dave
Pop Rivet wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Greg
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I gather you didn't read the post then, I was actually defending you. Mind you, if you *were* the troll, I'd expect you to reply the way you did!
Greg
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
I agree with you Greg. While the announcement sounds interesting, this post is not totally unlike the Troll posts, appearing to be from some one legitimate. How can we verify that this is not a troll attack against Dave?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
:) That would be doing the impossible, Leon! <g> The guy loves attention and disruption of the NG. I wonder what other groups he harasses?
dave
Leon wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The funny thing is that he is now so OBVIOUS...

post
Dave?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Unfortunately there is a big problem with the NNTP protocols, they are not designed to work for large groups. The basic model was simply to take a bunch of mailing lists and send them together in one feed to save bandwidth. Kinda ironic given the amount of bandwidth NNTP chews up without any purpose at all.
The only way to deal with trolls is to have a decent authentication and moderation system built into the forum. Slashdot is a good example of a relatively troll free forum (if you browse at +1 or above).
The emergence of RSS may provide a means of improving on NNTP, possibly. There are still big problems to be solved.
Phill
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That's a dialup IP address in San Jose, specifically: Name:    dialup-4.246.36.207.Dial1.SanJose1.Level3.net
As such, that IP is probably the client rather than a remote (shared) newsserver.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
that's correct. I'm in sunny SJ.
dave
Dave Hinz wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
This clown posted a similar troll on a digital camera group.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
you're funny! YOU are the troll or a troll sympathizer. I'm just one of several folks here who have been impersonated, you flaming NUT CASE!
How could the troll post from the same IP address is me? I'm not a internet expert, but I'll go out on a limb and say it's not possible. Or ARE there ways for a hacker to fake an IP on a message? Doug Miller might know the answer. Doug, is it possible for someone to fake the IP?
dave
snipped-for-privacy@no-spam.me wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
...

say
... Not Dave, but... Yes, it is possible. Also not difficult for those with the right applications.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
sigh... great! [sarcastically, of course]
dave
Pop Rivet wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

DAGS on "IP address spoofing".

Yep.
-- Regards, Doug Miller (alphageek-at-milmac-dot-com)
For a copy of my TrollFilter for NewsProxy/Nfilter, send email to autoresponder at filterinfo-at-milmac-dot-com You must use your REAL email address to get a response.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Bay Area Dave" wrote in message

The line the troll (or someone fooled by the troll) is using for proof :
X-NNTP-Posting-Host: 4.246.3.188
Can be EASILY added to an NNTP message header by anyone knowledgeable enough to do so
... don't worry about it. It is the usual troll BS, he just looked at the message header in one of your posts and picked an ip address for a similar address block to yours, nothing clever about it.
--
www.e-woodshop.net
Last update: 4/13/04
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.