[purpleman]

Hi. I am dealing with persons and IP addresses I have the following questions:

(1) If someone knows your IP address and they are a good computer programmer, can your IP address be "inserted" and make it look like it is you sending an email or making a posting on the internet? Effectively making it look like you are arguing with yourself? For example... If a bulletin board knows your ip address, then gives it to someone, can they put that ip address into their computer and then go onto a website with your IP Address and make it look like you were there?

(2) If a computer programmer has the following information and skills what could they potentially do to someone who isn't a programmer:
* Know your ip address
* Have a private investigator that is a good friend
* Work for large ISP service companies that I am a customer of
* Knows my employers
* Knows my license plate number
* Is part of a community of over 4000 programmers
* Works for Electronic Arts
* Uses IP addresses in emails that cannot be traced back to the person's computer
* Has access to your website's database particularly your forum's ip address list
* What could someone potentially do with this information?

[bizzar528]

Good info regarding fake IP's when surfing...

http://www.inetprivacy.com/a4proxy/f...dress-spec.htm
http://www.google.com/search?hl=en&l...s+http+request


Good info regarding faking email header information...

http://www.rahul.net/falk/mailtrack.html
http://abuse.msu.edu/email-tracking.html
http://www.google.com/search?hl=en&l...s+email+header


From what I've gathered, most forums keep IP addresses to themselves. Typically, only the moderation and admin staff are the only ones who can see it. If someone is spoofing your ip, then they'd have to have those priviledges and that narrows down who can see it. If your in a community where anyone can get that information, then I'd suggest finding a new community.

But, to basically answer your question; the worst he can do is spoof http requests and email headers. That's about it. I doubt someone will show up on your door step because they know your IP. If they have your name, that's something different. But IP is only useful online.

[curbview.com]

Quote:

Originally Posted by bizzar528

Good info regarding fake IP's when surfing...

http://www.inetprivacy.com/a4proxy/f...dress-spec.htm
http://www.google.com/search?hl=en&l...s+http+request


Good info regarding faking email header information...

http://www.rahul.net/falk/mailtrack.html
http://abuse.msu.edu/email-tracking.html
http://www.google.com/search?hl=en&l...s+email+header


From what I've gathered, most forums keep IP addresses to themselves. Typically, only the moderation and admin staff are the only ones who can see it. If someone is spoofing your ip, then they'd have to have those priviledges and that narrows down who can see it. If your in a community where anyone can get that information, then I'd suggest finding a new community.

But, to basically answer your question; the worst he can do is spoof http requests and email headers. That's about it. I doubt someone will show up on your door step because they know your IP. If they have your name, that's something different. But IP is only useful online.

Can I add that there are certainly a few more ways a person can gain access to your info and I.P. Address. Without incriminating *anyone*, it could be possible for me, er... a person, to add a call to a server/script as a part of my posting AND?OR using a little hack in the "AVATAR" section. It was just pointed out yesterday on a well known site how easy it is to hack I.P.'s through companies using INVISION's software.

Another way is to simply hack the MYSQL database itself. Often, GOOGLE HACKING is the method of choice as people often use the same username on different forums. Though you have never mentioned your place of work nor address on one site, you may have on another.

To spoof your IP and post a message on a forum is not that hard with the write script/application either. I will show you an example below, (this is not hacking, but a demonstration with limited ability) And no, I am not here to show you how it is done, only that it can be so that you can take the needed steps to prevent such from happening to you.

Another thing to look for is *coughing up cookies*. In another post on this board, I was able to show how a LOT of web sites do not properly set cookies. Often, a site will store your info in a cookie that is not encrypted and thus allows anyone with the know how to steal them.

On top of that, there are well known exploits in certain browsers that allow scripts to retrieve your (FIREFOX BROWSER TERMS) saved forms, saved passwords, history etc. I am really speaking about the exploits in Internet Explorer but I think you get the picture.

Then there is simply an *old* method of simply hacking OUTLOOK's address book. But that has so many exploits that conver viruses, back-door trojans, javascript exploits, html email messages, etc.!!!!!!

Next, learn what "bots" are an check to see that one is not running on your computer, calling home when summoned!

Now, back to the demo... Here, if you click the link, it will capture *your* I.P. address, call up yahoo's web site, and will then display the page for you. THE THING TO NOTE IS THAT:

Yes, my server is the one making the call to yahoo's web site, BUT should an admin at yahoo check the logs, it will show your computer as the visitor.

here is the link: http://oppf.net/cgi-bin/yahoo.cgi