Did I obfuscate my usenet newsreader & who I am in this posting?

Did I obfuscate my usenet newsreader and who I am in this posting?

I've read up on how to remain anonymouse on the internet and one way they
say is to obfuscate my usenet postings.

I wonder if you can help me to tell me if you can easily figure out what
newsreader, operating system or whatever else you can figure out from this
post.

I hope you can't figure out anything about me but that is why I am asking.
I will monitor this thread to see if anyone can figure out anything about
me and my newsreader, os, isp, whatever so that I can learn more.

On Mon, 02 Jul 2007 05:38:19 GMT, Tamara <(E-Mail Removed)>
wrote:

>Did I obfuscate my usenet newsreader and who I am in this posting?
>
>I've read up on how to remain anonymouse on the internet and one way they
>say is to obfuscate my usenet postings.
>
>I wonder if you can help me to tell me if you can easily figure out what
>newsreader, operating system or whatever else you can figure out from this
>post.
>
>I hope you can't figure out anything about me but that is why I am asking.
>I will monitor this thread to see if anyone can figure out anything about
>me and my newsreader, os, isp, whatever so that I can learn more.

NNTP-Posting-Host: 69.110.4.48

In short, no.

Tamara,

Below is the header of your post. About the only thing missing is the
newsreader and OS used, and I'm not sure that information would be useful
anyway (to protect your privacy in text postings, I've obliterated the
e-mail address in the header). Note that the Path, Posting Host, and X-trace
data are intact. The ARIN info for the posting host is below the header.

It is best to assume that there is no anonymity on the Internet. Once you
mung your e-mail address (as mine is in this post), and use a 'handle'
instead of your name (I don't bother), you've done about as much as most
non-malicious people need to do. Unless you run your own newsserver and pay
the considerable fee for newsfeeds, you can't control the data inserted by
the newsserver itself, and even then, the receiving newserver will insert
the Path info.

Do you perhaps attend SDSU? (that question is rhetorical)

Allan


Header:

Path:
bigbe1.bellsouth.net!bigfeed.bellsouth.net!bigfeed 2.bellsouth.net!news.bellsouth.net!hwmnpeer01.phx! news.highwinds-media.com!newsfeed.news2me.com!newshub.sdsu.edu!ne wscon04.news.prodigy.net!prodigy.net!newsdst01.new s.prodigy.net!prodigy.com!postmaster.news.prodigy. com!newssvr13.news.prodigy.net.POSTED!689056ff!not-for-mail
From: Tamara (E-Mail Removed)
Subject: Did I obfuscate my usenet newsreader & who I am in this posting?
Newsgroups:
misc.news.internet.discuss,alt.internet.wireless,a lt.hackers.malicious
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Lines: 12
Message-ID: <fb0ii.924$(E-Mail Removed)>
NNTP-Posting-Host: 69.110.4.48
X-Complaints-To: (E-Mail Removed)
X-Trace: newssvr13.news.prodigy.net 1183354699 ST000 69.110.4.48 (Mon, 02
Jul 2007 01:38:19 EDT)
NNTP-Posting-Date: Mon, 02 Jul 2007 01:38:19 EDT
Organization: SBC http://yahoo.sbc.com
X-UserInfo1:
SCSGWXCDAZUUSRD[N[O@_WH@YR_B@EXLLBWLOOAFBATBTSUBYFWEAE[YJLYPIWKHTFCMZKVMB^[Z^DOBRVVMOSPFHNSYXVDIE@X\BUC@GTSX@DL^GKFFHQCCE\G[JJBMYDYIJCZM@AY]GNGPJD]YNNW\GSX^GSCKHA[]@CCB\[@LATPD\L@J\\PF]VR[QPJN
Date: Mon, 02 Jul 2007 05:38:19 GMT
Xref: bigfeed.bellsouth.net misc.news.internet.discuss:450799
alt.internet.wireless:266349 alt.hackers.malicious:944480


ARIN data:

OrgName: AT&T Internet Services
OrgID: SIS-80
Address: 2701 N. Central Expwy # 2205.14
City: Richardson
StateProv: TX
PostalCode: 75080
Country: US

NetRange: 69.104.0.0 - 69.111.255.255
CIDR: 69.104.0.0/13
NetName: SBCIS-SIS80
NetHandle: NET-69-104-0-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PBI.NET
NameServer: NS2.PBI.NET
Comment: Contact IPAdmin-(E-Mail Removed) for general IP support.
Comment: Contact (E-Mail Removed) for technical support issues.
Comment: Contact (E-Mail Removed) for policy abuse issues.
RegDate: 2003-11-21
Updated: 2007-05-25

RTechHandle: PIA2-ORG-ARIN
RTechName: IPAdmin-PBI
RTechPhone: +1-800-648-1626
RTechEmail: (E-Mail Removed)

OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: (E-Mail Removed)

OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: +1-800-648-1626
OrgNOCEmail: (E-Mail Removed)

OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: +1-800-648-1626
OrgTechEmail: (E-Mail Removed)

# ARIN WHOIS database, last updated 2007-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

old777salt@yahoo hath wroth:

>On Mon, 02 Jul 2007 05:38:19 GMT, Tamara <(E-Mail Removed)>
>wrote:
>
>>Did I obfuscate my usenet newsreader and who I am in this posting?

>NNTP-Posting-Host: 69.110.4.48
> In short, no.

<http://www.geobytes.com/IpLocator.htm>
shows San Jose, CA.

RDNS at:
http://www.dnsstuff.com/tools/ptr.ch?ip=69.110.4.48
shows adsl-69-110-4-48.dsl.pltn13.pacbell.net.
Your DSL DSLAM is PLTN13 and is in Pleasanton.

I'll resist the temptation to probe your IP address directly for
additional information.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Mon, 02 Jul 2007 09:09:03 -0700 Jeff Liebermann wrote:

> old777salt@yahoo hath wroth:
>
> >On Mon, 02 Jul 2007 05:38:19 GMT, Tamara <(E-Mail Removed)>
> >wrote:
> >
> >>Did I obfuscate my usenet newsreader and who I am in this posting?
>
> >NNTP-Posting-Host: 69.110.4.48
> > In short, no.
>
> <http://www.geobytes.com/IpLocator.htm>
> shows San Jose, CA.
>
> RDNS at:
> http://www.dnsstuff.com/tools/ptr.ch?ip=69.110.4.48
> shows adsl-69-110-4-48.dsl.pltn13.pacbell.net.
> Your DSL DSLAM is PLTN13 and is in Pleasanton.
>
> I'll resist the temptation to probe your IP address directly for
> additional information.
>
Your IP address can be pinged, so you aren't using a router or effective
firewall. A visit to <http://www.grc.com/default.htm>, especially the
ShieldsUP! site might be educational.
--
Ernie B.

Communication: The art of moving an idea from one mind to another, hopefully
without distortion.

Ernie B. in a fit of rage spewed

> On Mon, 02 Jul 2007 09:09:03 -0700 Jeff Liebermann wrote:
>
>> old777salt@yahoo hath wroth:
>>
>> >On Mon, 02 Jul 2007 05:38:19 GMT, Tamara <(E-Mail Removed)>
>> >wrote:
>> >
>> >>Did I obfuscate my usenet newsreader and who I am in this posting?
>>
>> >NNTP-Posting-Host: 69.110.4.48
>> >In short, no.
>>
>> <http://www.geobytes.com/IpLocator.htm>
>> shows San Jose, CA.
>>
>> RDNS at:
>> http://www.dnsstuff.com/tools/ptr.ch?ip=69.110.4.48
>> shows adsl-69-110-4-48.dsl.pltn13.pacbell.net.
>> Your DSL DSLAM is PLTN13 and is in Pleasanton.
>>
>> I'll resist the temptation to probe your IP address directly for
>> additional information.
>>
> Your IP address can be pinged, so you aren't using a router or effective
> firewall. A visit to <http://www.grc.com/default.htm>, especially the
> ShieldsUP! site might be educational.

Gibson is a joke waiting for a punchline.
--
Lits Slut #9
Life would be so much easier if we could just look at the source code.

On Mon, 02 Jul 2007 16:38:16 GMT FrozenNorth wrote:

> Gibson is a joke waiting for a punchline.
>
You can do better? What's the URL for your site?
--
Ernie B.

Communication: The art of moving an idea from one mind to another, hopefully
without distortion.

Ernie B. in a fit of rage spewed

> On Mon, 02 Jul 2007 16:38:16 GMT FrozenNorth wrote:
>
>> Gibson is a joke waiting for a punchline.
>>
> You can do better? What's the URL for your site?

nmap
--
Lits Slut #9
Life would be so much easier if we could just look at the source code.

Ernie B. wrote:

> Your IP address can be pinged, so you aren't using a router or
> effective firewall.

You trying to say you can't accept a ping if you use a router or a
firewall?

Ernie B. <ebaresch_REMOVE_@cox._THIS_net> hath wroth:

>Your IP address can be pinged, so you aren't using a router or effective
>firewall.

My routers can be pinged. However, all have "no ip redirects" to
prevent Smurf attacks. Responding to ICMP ping is not necessarily a
security risk or indication of cluelessness.

>A visit to <http://www.grc.com/default.htm>, especially the
>ShieldsUP! site might be educational.

Steve Gibson is a mixed bag of useful and useless information. Much
of what he says is quite interesting. His tools are also quite good.
However, much of his alarmist rantings and incorrect conclusions are
rubbish. He's such a good writer, that I often have trouble making
the distinction. Tread carefully.
<http://cable-dsl.home.att.net/netbios.htm#ShieldsUp>
<http://grcsucks.com> (to 2004).
<http://en.wikipedia.org/wiki/Steve_Gibson>

ShieldsUP is fine for looking for open ports. There are other online
firewall checkers and port scanners that will do the same thing. I
prefer to run my own (offline) test using NMAP.
<http://omicron.hackerwhacker.com/freetools.php>

The problem I have with GRC is his analysis of the collected
information and what he considers a vulnerability. Using his
criteria, all open ports are evil, dangerous, and a security risk.
That's not the case as it really depends what is running on the open
port.

The orginal had nothing to do with wireless, and nothing to do with
security. It has to do with whether "Tamara?" can be identified.
However, topic drift is always fun.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558