IP Spoofing

IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.

IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without an authentication.

---------------------------------------------------------------

It would seem many facts have been missing from the case of PDM's deleted site. A lot of information was not shared with the masses. Many questions would have been raised if it had.

The finger of blame was formly pointed at PDM Head Lostmonk for the deletion PDM's hosting site, this much is known by us all. But there are some questions that have yet to have been asked.

From the moment the culprit was revealed as Lostmonk I questioned what his motive was, there was absolutely no sense in it being him. I am not overally friendly with Lostmonk however he is a person that I believe has integrity, he has been the first in line to criticize bad decisions other people have made (myself included) and genuinely seems to have a grasp of right and wrong. I'd say he has largely been an upstanding member of the community.

But the finger was pointed at him and many seemed happy to accept that he had done the crime. Certain details were missed out though...

On the Boxcar logs at the time of the PDM site being deleted, Lostmonks account was accessed by 2 different IP's.

lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:37 AM 1

68.xx.xxx.xx does indeed belong to lostmonk, 204.45.xxx.xx however is an IP frequently used by IvanWAR and alley (his wife). What possible explaination is there for a SoF Head (at that time) accessing a PDM Heads account? I don't know.

(20:45:40) (pang) it's ivan's ip
(20:45:41) (pang) lol
(20:45:48) (pang) 204.45.xxx.xx
(20:45:48) (pang) lol
(20:45:56) (pang) him + alley have logged in from it a lot apparently?

Furthermore pang discovered this himself, yet there was no mention of it during his post outing Lostmonk. Why is that pang?

Lostmonk pleaded his innocence claiming he was not even online for 2 days, but it seems his pleading was ignored. Would it technically be possible for Lostmonk to pretend to be Ivan through the use of IPs? According to what I have just read about IP Spoofing. Yes. Would it be technically possible for Ivan to pretend to be Lostmonk through the use of IPs? Again yes.

Now I am not claiming Ivan is some sort of hacking mastermind however he has had the benefit of having Hanlong to talk to in SoF recently and I think at least a handful of people have had the suspicion of SoF DDOSing the game at times when they have been FS'ed in the past so its possible that there are more technically minded people among the idiots of SoF.

Pang; Why was this seemingly brushed under the carpet? A desire to avoid another full blown cheating scandal?


Maybe Lostmonk is guilty. Maybe he has tried to setup Ivan. I personally believe not. I think it is in the interest of the game to have another witch hunt. Theres something shady going on!


CLIFFNOTES
Lostmonk deleted PDM's boxcar site?
Ivans IP flags up as accessing Lostmonks Boxcar account at time of the deletion
Pang says nothing

I tend to find the most defensive former cheaters in the game reside in SoF. There could definitely be a lot more to this case than meets the eye at first glance.

----------------------------------------------------------------------------

Just to be perfectly clear. This has nothing to do with lostmonk, he has not asked me to post this, infact I am sure he will be quite pissed that I have. I have waited until now as I basically wanted to ask him "did you do it?", he replied today. He did not give me any of his private logs, I have obtained them from other sources.

Why are you blaming Ivan when it was me?

To be fair, I never said Lostmonk did it. I said there were 3 possibilities:

1) Someone accessed his computer remotely and did it.
2) Someone physically accessed his computer.
3) He did it.

To be honest, I'd be more comfortable if Lostmonk did it himself. If someone accessed his computer remotely and did it, that is a depraved new low.

I knew LM was innocent! Even if he is a major asshole :O

Did Mehul secretly return and is running this fluff now?

it was BattleKJ pretending to be Ivan trying to frame Lost Monk.

theres alot of Irony when you have BattleKJ (someone currently cheating) calling out someone else for "supposedly cheating"

Well put. KJ should be long gone from this community. What a cancer.

TAN: I think KJ is suggesting someone could have IP Spoofed it without actually accessing Lostmonk's computer. IP Spoofing isn't as easy as it sounds, but it isn't impossible either.

I have no idea about any of this, just clarifying the statements above, which would now be "4) Someone spoofed an IP Address" on TAN's list.

Yeah. I am the cancer, when its your friends being busted with doing things like hacking the game database!

lol

Funny considering your history, and the lies you have told and sets you have tried to ruin even recently but whatever.

The lies?

lol, being in LaF you will be fluent in the art of lying. But I have always been incredibly honest.

The sets I have tried to ruin?

Because I am playing untagged, suiciding LaF I am trying to ruin the whole entire set? No man, just for those that deserve it. No ones ever been suicided in this game for no reason. Thats just a convenient story for sympathy.

haha So you did not lie about suiciding RD before? Funny because it happened before the whole Hanlong thing and you like to talk about how much info he had access to and yet believe that he had no access to that? Honesty must be different for single, British people.

I don't lie btw. I have no reason to. I don't do shady fluff like you and I never have. Your history isn't very bright though.

It is also funny that the people you tend to suicide are inactivish all explores who have done no harm to anyone and yet you think they deserve it. You are so pathetic.

Hanlong teached them good ...

taught them good. Hanlong taught them good Alin ;)

Ivan isnt in sof, if this was his actions, you cant associate them with SOF...

I think it was kj's wife spoofing kj spoofing hanlong(sof's hanlong)spoofing ivan, framing lm

Ivan was in SoF at the time.

and now he is removed? I dont know if it was him, i dont know why he was removed from sof.

However the fact he is gone now and sof is trying to help PDM, clearly shows me that SOF as an alliance has nothing to do with it and if Ivan did do it, they didnt condone his actions.

Again you can not put any blame on sof.

I heart Scodey!!

I find this hard to believe. Also bkj is the biggest hypocrite I have ever seen. Lol!

no ones cares!

if you think BattleKJ is a cheater, report him to the admins (hopefully with potential evidences, so that admins will have easier time investigating it). Pretty sure admins will ban him if he does cheat.

Same with Ivan, I don't know whether he cheats or not, but if KJ has proof about it then admins should investigate it regardless. Doesn't matter if you think KJ's a hypocrite, that doesn't change the fact that he got some sort of an evidence of someone else allegedly cheating.

Meh.

News to me. Sov, the leadership mod, is helping PDM with recruiting - but Sof is definitely not helping PDM, its laughable to even suggest it. We hate them, they hate us, we are staying out of each others business.

As for KJ's assertions, they are somewhere between paper thin and pure BS. They don't pass the test of Occam's razor, and they are not plausible. Ivan has no history of such behavior, why would he make such an amateurish move this late in his career? And just for the record, how the hell would KJ know that :

"204.45.xxx.xx however is an IP frequently used by IvanWAR and alley (his wife)"

This is bunk, not even worthy troll bait, Pang - dont dignify this with a response, PDM is up to 51 members this set, we have peace with Sof and we sure as fluff don't need inspector KJ on the case.

qzjul probably posted about it on EVOs forums or something.

there were logins via this proxy service from lots of accounts, including ivan and alley's, as well as some other folks that would make you say "hmm....".

i didn't make it public because ivan admitted to having logged in from it for some reason that I thought sounded legit enough to drop it, so I just left it.

no one has admitted to anything either way. the fact that lostmonk never really talked to me again -- and I never accused him of anything to begin with -- leaves me kind of thinking that is odd. i don't think lostmonk has/had a motive either, so I would obviously like to figure out if something else happen and clear lostmonk of any wrong doing whatsoever.

i thought this thread would be talking about ivan's departure from SoF, not about some little passing part of a conversation me and kj had for some reason (i must have been drinking??). you probably should have cleared this with me because 1) i don't like seeing my convos posted on AT without my knowledge and 2) I would have told you i have no reason to believe that Ivan hacked lostmonk. :-/ either way, whatever... this seems like a bad troll attempt :p

KJ is on the safe list..... Report away. KJ is simply a legit douchebag now.



Archiac - Stand up post sir.

Considering Boxcar is hosted on qzjul's server, I would think that anything pang knows that is related to PDM Boxcar's hacking would also be known to qzjul.

So BattleKJ, are you also going to change your cliffnotes to say

Well at least EE has met its stupid people quota for the set.

Negative; as you'll note even in KJ's post, pang discussed it in chat...


yes one of Ivans IP's in the past was the same as the one lostmonk was using; but there were like 6 others using that IP at various points in the past; that's not IP spoofing... that's just a result of the fact that IP addresses change. Unfortunately a large subset of people have dynamic IP addresses; hell EEs is technically, just it's always on so it like never changes...

I'd need a lot more evidence to even begin tying Ivan (or any of the other 6 or so people, of whom I recognized a few) to this... IP is not a reliable indicator of a person even on a 24h timeframe let alone our nearly 3 years of logs...

Also a slight caveat; I've only looked at EE's login history and the daily apache logs for Boxcar; I haven't (don't know where it's stored in the db) look at boxcars logs or history. But EE's logs at least didn't show anything particularly out of the ordinary...

Well seeing as this thread is just a troll attempt and the accusations are wrong. And there is no need to be bringing this up again. I am now closing it.