Jump to content
Washington DC Message Boards

DC WATCH UNCOVERS MARTIN AUSTERMUHLES MANY ALIASES


Psycho

Recommended Posts

From: themail [mailto:themail@dcwatch.com]

Sent: Thursday, October 19, 2006 2:18 AM

To: themail

Subject: Sock Puppet in themail, October 18, 2006

 

Sock Puppet in themail, October 18, 2006

 

In Re: Bfrankdc, Joe Deluth, Joe_Kerr_DC, Joycemarie et. al. A/k/a Martin Austermuhle

 

Dear Real People:

 

Please ignore the message in the last issue of themail from "Joe DeLuth." "Joe DeLuth" is what is known in blogger slang as a "sock puppet," a false identity used to simulate support for or opposition to a person or position. I have matched the address of the computer from which it was sent to another poster, and have determined that it was a spoof or prank E-mail, designed merely to provoke controversy.

 

As you know, themail is an open forum, and I don't normally try to check or confirm a poster's identity. Luckily, over the years there have been few attempts at gaming themail with fake E-mails, and even fewer fakes have actually been published. I'm embarrassed when it happens, and I'll be a little more vigilant in the future.

 

Gary Imhoff

DC WATCH

themail@dcwatch.com

 

 

P.S. All above named identities were linked to Martin Austermuhle, Bob Summersgill and Jason Linkins.

Link to comment
Share on other sites

Oh the irony.

 

First, I am B. Frank and only post in my name. I have never used another user ID.

Second, I like the way Rees forges (in bold in his post) the "in re:" portion of his post. See the original at the source: http://www.dcwatch.com/themail/2006/06-10-18.htm

Finally, I had twice posted extensive "proof" of Mr. Rees liberal use of alternative IDs in posting here and on Yahoo:

 

http://www.dcmessageboards.com/index.php?showtopic=7329

http://www.dcmessageboards.com/index.php?showtopic=7539

 

Hmm, I wonder if the posts I am linking to here will disappear shortly too:

 

http://groups.yahoo.com/group/ward3dc/mess...rce=1&var=1&l=1

http://groups.yahoo.com/group/WoodleyFrien...rce=1&var=1&l=1

(note the common X-Yahoo-Post-IP: 70.108.254.154)

 

Yet, Rees claims this same "proof" (which he has been denying for 9 months) to support his claims.

 

A little hypocritical, no?

 

B. Frank

 

 

From: themail [mailto:themail@dcwatch.com]

Sent: Thursday, October 19, 2006 2:18 AM

To: themail

Subject: Sock Puppet in themail, October 18, 2006

 

Sock Puppet in themail, October 18, 2006

 

In Re: Bfrankdc, Joe Deluth, Joe_Kerr_DC, Joycemarie et. al. A/k/a Martin Austermuhle

 

I have matched the address of the computer from which it was sent to another poster, and have determined that it was a spoof or prank E-mail, designed merely to provoke controversy.

 

Link to comment
Share on other sites

Bfrankdc,

 

Admitted, I added what Gary Imhoff said to what he wrote.

 

You have never proven to anyone who you really are.

 

Next, Gary Imhoff spoke with me and others about the whole matter before he published what he did and all was laid out as to the scheme that was taking place.

 

You can easily dispel all be agreeing to meet Luke Wilbur and I and proving you are not Austermuhle, Linkins or Summersgill.

 

Until then, my allegation stands.

 

 

 

Oh the irony.

 

First, I am B. Frank and only post in my name. I have never used another user ID.

Second, I like the way Rees forges (in bold in his post) the "in re:" portion of his post. See the original at the source: http://www.dcwatch.com/themail/2006/06-10-18.htm

Finally, I had twice posted extensive "proof" of Mr. Rees liberal use of alternative IDs in posting here and on Yahoo:

 

http://www.dcmessageboards.com/index.php?showtopic=7329

http://www.dcmessageboards.com/index.php?showtopic=7539

 

Hmm, I wonder if the posts I am linking to here will disappear shortly too:

 

http://groups.yahoo.com/group/ward3dc/mess...rce=1&var=1&l=1

http://groups.yahoo.com/group/WoodleyFrien...rce=1&var=1&l=1

(note the common X-Yahoo-Post-IP: 70.108.254.154)

 

Yet, Rees claims this same "proof" (which he has been denying for 9 months) to support his claims.

 

A little hypocritical, no?

 

B. Frank

Link to comment
Share on other sites

From: themail [mailto:themail@dcwatch.com]

Sent: Thursday, October 19, 2006 2:18 AM

To: themail

Subject: Sock Puppet in themail, October 18, 2006

 

Sock Puppet in themail, October 18, 2006

 

In Re: Bfrankdc, Joe Deluth, Joe_Kerr_DC, Joycemarie et. al. A/k/a Martin Austermuhle

 

Dear Real People:

 

Please ignore the message in the last issue of themail from "Joe DeLuth." "Joe DeLuth" is what is known in blogger slang as a "sock puppet," a false identity used to simulate support for or opposition to a person or position. I have matched the address of the computer from which it was sent to another poster, and have determined that it was a spoof or prank E-mail, designed merely to provoke controversy.

 

As you know, themail is an open forum, and I don't normally try to check or confirm a poster's identity. Luckily, over the years there have been few attempts at gaming themail with fake E-mails, and even fewer fakes have actually been published. I'm embarrassed when it happens, and I'll be a little more vigilant in the future.

 

Gary Imhoff

DC WATCH

themail@dcwatch.com

P.S. All above named identities were linked to Martin Austermuhle, Bob Summersgill and Jason Linkins.

 

Mr. Rees,

I spoke with Gary of DCWatch. First, the P.S. you added and is completely false. Second, I am seeing this whole topic you started as a red herring. In which, your goal is to build a logical fallacy to attack your opponents.

 

Gary matched "Joe DeLuth's" IP address to You.

 

You attempted to convince Gary that "Joe DeLuth" was really Joe Steinlieb.

 

You attempted to convince me that "Joe DeLuth" was Martin Austermuhle.

 

P.S. The sad part is that you waste community resources and volunteered time to play this stupid game to build a name for yourself.

Link to comment
Share on other sites

Sounds like the title of this thread should be changed to "Gary Imhoff and Luke Wilbur uncover the devious ways of Jonathan R. Rees."

 

B. Frank

 

Mr. Rees,

I spoke with Gary of DCWatch. First, the P.S. you added and is completely false. Second, I am seeing this whole topic you started as a red herring. In which, your goal is to build a logical fallacy to attack your opponents.

 

Gary matched "Joe DeLuth's" IP address to You.

 

You attempted to convince Gary that "Joe DeLuth" was really Joe Steinlieb.

 

You attempted to convince me that "Joe DeLuth" was Martin Austermuhle.

 

P.S. The sad part is that you waste community resources and volunteered time to play this stupid game to build a name for yourself.

Link to comment
Share on other sites

Bfrank,

 

You are a pathological liar! You did not speak to Gary Imhoff.

 

Gary Imhoff asked people to ignore the lie that you Austermuhle under another alias posted on DC Watch accusing me of being bigoted.

 

Mr. Rees,

I spoke with Gary of DCWatch. First, the P.S. you added and is completely false. Second, I am seeing this whole topic you started as a red herring. In which, your goal is to build a logical fallacy to attack your opponents.

 

Gary matched "Joe DeLuth's" IP address to You.

 

You attempted to convince Gary that "Joe DeLuth" was really Joe Steinlieb.

 

You attempted to convince me that "Joe DeLuth" was Martin Austermuhle.

 

P.S. The sad part is that you waste community resources and volunteered time to play this stupid game to build a name for yourself.

Link to comment
Share on other sites

Bfrankdc,

 

You are Martin Austermuhle and all the other aliases we see here.

 

Second, you are a bad liar because if Gary had matched my IP address to such when it was an attack on me saying I hate JEWS when I am Jewish, then I am sure Gary would have said such on TheMail.

 

Nice try Martin but your lies are catching up with you!

Mr. Rees,

I spoke with Gary of DCWatch. First, the P.S. you added and is completely false. Second, I am seeing this whole topic you started as a red herring. In which, your goal is to build a logical fallacy to attack your opponents.

 

Gary matched "Joe DeLuth's" IP address to You.

 

You attempted to convince Gary that "Joe DeLuth" was really Joe Steinlieb.

 

You attempted to convince me that "Joe DeLuth" was Martin Austermuhle.

 

P.S. The sad part is that you waste community resources and volunteered time to play this stupid game to build a name for yourself.

Link to comment
Share on other sites

Um, where did I ever say I spoke with Gary Imhoff?

 

B. Frank

 

Bfrankdc,

 

You are Martin Austermuhle and all the other aliases we see here.

 

Second, you are a bad liar because if Gary had matched my IP address to such when it was an attack on me saying I hate JEWS when I am Jewish, then I am sure Gary would have said such on TheMail.

 

Nice try Martin but your lies are catching up with you!

Link to comment
Share on other sites

By: Ramon Jose Stewart-Rivera

 

There are computer hackers out there in DC you know by the screen names of Bfrankdc, Joe_kerr_DC, Joe Deluth, Luke20008 and others, and all 100 + screen names they have, are all the same three jokers. They fool 99% of the smartest of us because, they know most of us are not computer savvy enough to catch onto their game. Anybody who does not like you and wants to embarass you, can easily hack your email address and email IP address and begin sending out emails making it look like it is coming from you. Once you send them an email, they have your email address and it is just 1,2, 3 and they have your email IP address to boot, and then they are on their way to send out emails galore in your name and under your email IP address.

 

 

 

 

The purpose of this blogspot is to show you how to tell if someone is impersonating your email address and what you can do after you find out that they are. The reason you need this skill is that you may receive return emails that look like they originated from you but which bounced . Most commonly, these emails will have been sent to third party addresses you are unfamiliar with and did not send anything to.

 

 

 

In running this website, we have frequently been the target of several unknown persons who were impersonating (also called "spoofing") our source email address. Most often, this happens during times that there is a widespread virus infestation, and the symptom is that our email inbox gets flooded by emails that look like they were returned but which we never sent. Below is an example returned email message sent by someone who was spoofing our email address, which we have color-coded to show how this works:

 

 

 

This message was created automatically by mail delivery software.

Message violates a policy rule set up by the domain administrator

Delivery failed for the following recipients(s):

ewhr@edwards.com

----- Original Message Header -----

Received: by mail6-kan (MessageSwitch) id 1062107549539335_11622; Thu, 28 Aug 2003 21:52:29 +0000 (UCT)

Received: from LIZAVETA (h-66-134-52-82.LSANCA54.covad.net [66.134.52.82])

by mail6-kan.bigfish.com (Postfix) with ESMTP id C9257174762

for ; Thu, 28 Aug 2003 21:52:03 +0000 (UCT)

From:

To:

Subject: Re: Wicked screensaver

Date: Thu, 28 Aug 2003 14:50:29 --0700

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="_NextPart_000_00467D97"

Message-Id: 20030828215203.C9257174762@mail6-kan.bigfish.com

 

 

The boldfaced blue lines indicate information about the environment that the email was sent from. The red boldfaced lines above indicate the email program that was used to send the message. This information must match our information precisely or it is bogus. The route of delivery is in reverse order with the most recent on the top of the message.

 

 

 

 

Therefore, the "mail6-kan.bigfish.com" server was the last mail server to receive this message before it bounced, and was returned. The blue area above says the IP address that the mail was sent directly from was "66.134.52.82". This is NOT our IP address. The User Agent the email was sent from (which was "66.134.52.82") was the wrong IP address, so it can't be ours.

 

 

 

The first step in knowing that the above information about you is incorrect is to send yourself an Email. When you get it back, examine the header information. In Microsoft Outlook, you can do this from the View->Options menu. The following dialog box will pop up showing you the message header at the bottom. The content of the header tells you your specific information.

 

The bottom area that says "Internet headers" is the area you want to examine. We cutoff the bottom part of the header so you couldn't see our specific info. Below is the header that appeared in an email that we sent ourself that has been modified to protect our privacy, so you can see what is looks like without finding out how to spoof us. The header below is something that a user can't modify or spoof, so it can't be fabricated or rendered incorrect in order to fool you, because it is generated by the computer and the email program you are using as the message is sent out:

 

 

 

Return-path: Received: from ms-mta-01.socal.rr.com ([10.10.4.125]) by ms-mss-02.socal.rr.com(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))with ESMTP id <0hkc00bhvnlq9u@ms-mss-02.socal.rr.com> forchansen3%san.rr.com@ims-ms-daemon; Thu, 28 Aug 2003 14:56:14 -0700 (PDT)Received: from orngca-mls02.socal.rr.com(orngca-mls02.socal.rr.com [66.75.160.17]) by ms-mta-01.socal.rr.com(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))with ESMTP id <0hkc00dgmmlq5n@ms-mta-01.socal.rr.com> for chansen3@san.rr.com(ORCPT johnhamilton@aol.com); Thu, 28 Aug 2003 14:34:39 -0700 (PDT)Received: from UserMachineName (99-99-99-99.aol.com [99.99.99.99])by orngca-mls02.socal.rr.com (8.11.4/8.11.3) with SMTP id h7SLq2b13382 for; Thu, 28 Aug 2003 14:52:02 -0700 (PDT)Date: Thu, 28 Aug 2003 15:02:57 -0700From: John Hamilton Subject: TesetTo: John Hamilton Message-id: MIME-version: 1.0X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)Content-type: text/plain; charset=iso-8859-1Content-transfer-encoding: 7bitImportance: NormalX-Priority: 3 (Normal)X-MSMail-priority: NormalOriginal-recipient: rfc822;chansen3@san.rr.com.

 

 

 

Notice that the IP address of "99.99.99.99" above does not match the source IP of the person above who was impersonating our email address. That persons address was "66.134.52.82". Also notice that an email send program was used by the imposter that did not match the one we use. The header above shows in red that we use "Microsoft Outlook IMO" while the imposter is using "Microsoft Outlook Express 6.00.2600.0000". Consequently, it's very easy to tell that the email wasn't ours and that there is an imposter out there who is impersonating us.

 

 

 

Why would someone want to impersonate us? Well, for starters, although they might not be able to infect us with a virus because we are using virus software and are immune, they might try indirectly to make trouble for us. For instance, they might send us bogus emails like that above to convince us that we have a virus so that we will want to:

 

 

 

· Slick our computer and completely reinstall everything to get rid of the problem.

 

 

 

· Buy virus software and install it. Sometimes, they will even send an email to your computer offering a virus program for a massive discount that is actually snoopware that they can use to steal information off your computer and monitor your operations! Don't buy virus software through the internet or email! Always purchase locally from a trusted source.

 

 

 

· Spend money on a computer professional to diagnose whether we have a problem, which we obviously don't.

 

 

 

The above can be a very effective approach to make trouble against people who are computer illiterate. If you have read this article and understand it though, then the dishonest techniques listed above don't work against you! How do we catch these imposters and get them in trouble? If you wanted to find out whose IP address this was, you would go to SamSpade.org and look up the owner:

http://www.samspade.org

 

 

 

Type in the above IP address "66.134.52.82" on the line with the button next to it that says "IPWhoIs" and then click on the button. Below is what you get:

Trying whois -h whois.arin.net 66.134.52.82

Error - couldn't connect to server

Trying whois -h whois.arin.net 66.134.52.82

OrgName: Covad Communications OrgID: CVADAddress: 2510 Zanker RdCity: San JoseStateProv: CAPostalCode: 95131-1127Country: USReferralServer: rwhois://rwhois.laserlink.net:4321/NetRange: 66.134.0.0 - 66.134.255.255 CIDR: 66.134.0.0/16 NetName: COVAD-IP-2-NETNetHandle: NET-66-134-0-0-1Parent: NET-66-0-0-0-0NetType: Direct AllocationNameServer: NS1.COVAD.NETNameServer: NS2.COVAD.NETComment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLEComment: Comment: for abuse issues, please contact abuse-isp@covad.comComment: Reassignment information for this block of addresses can be found at rwhois://rwhois.laserlink.net:4321/RegDate: 2001-07-13Updated: 2003-05-13TechHandle: ZC178-ARINTechName: Covad IP Admin TechPhone: +1-408-434-2108TechEmail: ip_admin@covad.com AbuseHandle: CART-ARINAbuseName: Covad abuse reporting team AbusePhone: +1-703-376-2830AbuseEmail: abuse-isp@covad.com OrgAbuseHandle: CART-ARINOrgAbuseName: Covad abuse reporting team OrgAbusePhone: +1-703-376-2830OrgAbuseEmail: abuse-isp@covad.comOrgNOCHandle: CIN-ARINOrgNOCName: COVAD IP NOC OrgNOCPhone: +1-888-801-6285OrgNOCEmail: noc-ipservices@covad.comOrgTechHandle: PRN-ARINOrgTechName: Nicoll, Peter ROrgTechPhone: +1-408-434-2108OrgTechEmail: pnicoll@covad.com# ARIN WHOIS database, last updated 2003-08-27 19:15# Enter ? for additional hints on searching ARIN's WHOIS database.

This is very useful information, because now we have someone to complain to! We can write the abuse email address above, at "abuse-isp@covad.com" and tell them that the IP address of "66.134.52.82" is spoofing or impersonating our email address and ask them to terminate the account of the offender and tell us who it is so we can prosecute them. Make sure you include the original email you received back so they can use that information to trace the offender down and nail him. Here was that email:

 

 

 

This message was created automatically by mail delivery software.

Message violates a policy rule set up by the domain administrator

Delivery failed for the following recipients(s):

ewhr@edwards.com

----- Original Message Header -----

Received: by mail6-kan (MessageSwitch) id 1062107549539335_11622; Thu, 28 Aug 2003 21:52:29 +0000 (UCT)

Received: from LIZAVETA (h-66-134-52-82.LSANCA54.covad.net [66.134.52.82])

by mail6-kan.bigfish.com (Postfix) with ESMTP id C9257174762

for ; Thu, 28 Aug 2003 21:52:03 +0000 (UCT)

From:

To:

Subject: Re: Wicked screensaver

Date: Thu, 28 Aug 2003 14:50:29 --0700

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="_NextPart_000_00467D97"

Message-Id: <20030828215203.c9257174762@mail6-kan.bigfish.com>

Now we are getting somewhere!

Link to comment
Share on other sites

I hardly think the article of this article:

 

http://famguardian.org/Subjects/Computers/...rsEmailAddr.htm

 

will appreciate the plagerism of his exact words by the so-called "Ramon Jose Stewart-Rivera". I thought it was Roy Stewart? Where did the Jose emerge from?

 

B. Frank

 

By: Ramon Jose Stewart-Rivera

 

There are computer hackers out there in DC you know by the screen names of Bfrankdc, Joe_kerr_DC, Joe Deluth, Luke20008 and others, and all 100 + screen names they have, are all the same three jokers. They fool 99% of the smartest of us because, they know most of us are not computer savvy enough to catch onto their game. Anybody who does not like you and wants to embarass you, can easily hack your email address and email IP address and begin sending out emails making it look like it is coming from you. Once you send them an email, they have your email address and it is just 1,2, 3 and they have your email IP address to boot, and then they are on their way to send out emails galore in your name and under your email IP address.

The purpose of this blogspot is to show you how to tell if someone is impersonating your email address and what you can do after you find out that they are. The reason you need this skill is that you may receive return emails that look like they originated from you but which bounced . Most commonly, these emails will have been sent to third party addresses you are unfamiliar with and did not send anything to.

In running this website, we have frequently been the target of several unknown persons who were impersonating (also called "spoofing") our source email address. Most often, this happens during times that there is a widespread virus infestation, and the symptom is that our email inbox gets flooded by emails that look like they were returned but which we never sent. Below is an example returned email message sent by someone who was spoofing our email address, which we have color-coded to show how this works:

This message was created automatically by mail delivery software.

Message violates a policy rule set up by the domain administrator

Delivery failed for the following recipients(s):

ewhr@edwards.com

----- Original Message Header -----

Received: by mail6-kan (MessageSwitch) id 1062107549539335_11622; Thu, 28 Aug 2003 21:52:29 +0000 (UCT)

Received: from LIZAVETA (h-66-134-52-82.LSANCA54.covad.net [66.134.52.82])

by mail6-kan.bigfish.com (Postfix) with ESMTP id C9257174762

for ; Thu, 28 Aug 2003 21:52:03 +0000 (UCT)

From:

To:

Subject: Re: Wicked screensaver

Date: Thu, 28 Aug 2003 14:50:29 --0700

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="_NextPart_000_00467D97"

Message-Id: 20030828215203.C9257174762@mail6-kan.bigfish.com

The boldfaced blue lines indicate information about the environment that the email was sent from. The red boldfaced lines above indicate the email program that was used to send the message. This information must match our information precisely or it is bogus. The route of delivery is in reverse order with the most recent on the top of the message.

Therefore, the "mail6-kan.bigfish.com" server was the last mail server to receive this message before it bounced, and was returned. The blue area above says the IP address that the mail was sent directly from was "66.134.52.82". This is NOT our IP address. The User Agent the email was sent from (which was "66.134.52.82") was the wrong IP address, so it can't be ours.

The first step in knowing that the above information about you is incorrect is to send yourself an Email. When you get it back, examine the header information. In Microsoft Outlook, you can do this from the View->Options menu. The following dialog box will pop up showing you the message header at the bottom. The content of the header tells you your specific information.

 

The bottom area that says "Internet headers" is the area you want to examine. We cutoff the bottom part of the header so you couldn't see our specific info. Below is the header that appeared in an email that we sent ourself that has been modified to protect our privacy, so you can see what is looks like without finding out how to spoof us. The header below is something that a user can't modify or spoof, so it can't be fabricated or rendered incorrect in order to fool you, because it is generated by the computer and the email program you are using as the message is sent out:

Return-path: Received: from ms-mta-01.socal.rr.com ([10.10.4.125]) by ms-mss-02.socal.rr.com(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))with ESMTP id <0hkc00bhvnlq9u@ms-mss-02.socal.rr.com> forchansen3%san.rr.com@ims-ms-daemon; Thu, 28 Aug 2003 14:56:14 -0700 (PDT)Received: from orngca-mls02.socal.rr.com(orngca-mls02.socal.rr.com [66.75.160.17]) by ms-mta-01.socal.rr.com(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))with ESMTP id <0hkc00dgmmlq5n@ms-mta-01.socal.rr.com> for chansen3@san.rr.com(ORCPT johnhamilton@aol.com); Thu, 28 Aug 2003 14:34:39 -0700 (PDT)Received: from UserMachineName (99-99-99-99.aol.com [99.99.99.99])by orngca-mls02.socal.rr.com (8.11.4/8.11.3) with SMTP id h7SLq2b13382 for; Thu, 28 Aug 2003 14:52:02 -0700 (PDT)Date: Thu, 28 Aug 2003 15:02:57 -0700From: John Hamilton Subject: TesetTo: John Hamilton Message-id: MIME-version: 1.0X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)Content-type: text/plain; charset=iso-8859-1Content-transfer-encoding: 7bitImportance: NormalX-Priority: 3 (Normal)X-MSMail-priority: NormalOriginal-recipient: rfc822;chansen3@san.rr.com.

Notice that the IP address of "99.99.99.99" above does not match the source IP of the person above who was impersonating our email address. That persons address was "66.134.52.82". Also notice that an email send program was used by the imposter that did not match the one we use. The header above shows in red that we use "Microsoft Outlook IMO" while the imposter is using "Microsoft Outlook Express 6.00.2600.0000". Consequently, it's very easy to tell that the email wasn't ours and that there is an imposter out there who is impersonating us.

Why would someone want to impersonate us? Well, for starters, although they might not be able to infect us with a virus because we are using virus software and are immune, they might try indirectly to make trouble for us. For instance, they might send us bogus emails like that above to convince us that we have a virus so that we will want to:

· Slick our computer and completely reinstall everything to get rid of the problem.

· Buy virus software and install it. Sometimes, they will even send an email to your computer offering a virus program for a massive discount that is actually snoopware that they can use to steal information off your computer and monitor your operations! Don't buy virus software through the internet or email! Always purchase locally from a trusted source.

· Spend money on a computer professional to diagnose whether we have a problem, which we obviously don't.

The above can be a very effective approach to make trouble against people who are computer illiterate. If you have read this article and understand it though, then the dishonest techniques listed above don't work against you! How do we catch these imposters and get them in trouble? If you wanted to find out whose IP address this was, you would go to SamSpade.org and look up the owner:

http://www.samspade.org

Type in the above IP address "66.134.52.82" on the line with the button next to it that says "IPWhoIs" and then click on the button. Below is what you get:

Trying whois -h whois.arin.net 66.134.52.82

Error - couldn't connect to server

Trying whois -h whois.arin.net 66.134.52.82

OrgName: Covad Communications OrgID: CVADAddress: 2510 Zanker RdCity: San JoseStateProv: CAPostalCode: 95131-1127Country: USReferralServer: rwhois://rwhois.laserlink.net:4321/NetRange: 66.134.0.0 - 66.134.255.255 CIDR: 66.134.0.0/16 NetName: COVAD-IP-2-NETNetHandle: NET-66-134-0-0-1Parent: NET-66-0-0-0-0NetType: Direct AllocationNameServer: NS1.COVAD.NETNameServer: NS2.COVAD.NETComment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLEComment: Comment: for abuse issues, please contact abuse-isp@covad.comComment: Reassignment information for this block of addresses can be found at rwhois://rwhois.laserlink.net:4321/RegDate: 2001-07-13Updated: 2003-05-13TechHandle: ZC178-ARINTechName: Covad IP Admin TechPhone: +1-408-434-2108TechEmail: ip_admin@covad.com AbuseHandle: CART-ARINAbuseName: Covad abuse reporting team AbusePhone: +1-703-376-2830AbuseEmail: abuse-isp@covad.com OrgAbuseHandle: CART-ARINOrgAbuseName: Covad abuse reporting team OrgAbusePhone: +1-703-376-2830OrgAbuseEmail: abuse-isp@covad.comOrgNOCHandle: CIN-ARINOrgNOCName: COVAD IP NOC OrgNOCPhone: +1-888-801-6285OrgNOCEmail: noc-ipservices@covad.comOrgTechHandle: PRN-ARINOrgTechName: Nicoll, Peter ROrgTechPhone: +1-408-434-2108OrgTechEmail: pnicoll@covad.com# ARIN WHOIS database, last updated 2003-08-27 19:15# Enter ? for additional hints on searching ARIN's WHOIS database.

This is very useful information, because now we have someone to complain to! We can write the abuse email address above, at "abuse-isp@covad.com" and tell them that the IP address of "66.134.52.82" is spoofing or impersonating our email address and ask them to terminate the account of the offender and tell us who it is so we can prosecute them. Make sure you include the original email you received back so they can use that information to trace the offender down and nail him. Here was that email:

This message was created automatically by mail delivery software.

Message violates a policy rule set up by the domain administrator

Delivery failed for the following recipients(s):

ewhr@edwards.com

----- Original Message Header -----

Received: by mail6-kan (MessageSwitch) id 1062107549539335_11622; Thu, 28 Aug 2003 21:52:29 +0000 (UCT)

Received: from LIZAVETA (h-66-134-52-82.LSANCA54.covad.net [66.134.52.82])

by mail6-kan.bigfish.com (Postfix) with ESMTP id C9257174762

for ; Thu, 28 Aug 2003 21:52:03 +0000 (UCT)

From:

To:

Subject: Re: Wicked screensaver

Date: Thu, 28 Aug 2003 14:50:29 --0700

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="_NextPart_000_00467D97"

Message-Id: <20030828215203.c9257174762@mail6-kan.bigfish.com>

Now we are getting somewhere!

Edited by bfrankdc
Link to comment
Share on other sites

Bfrankdc,

 

Who are you? The Boogeyman?

 

 

I hardly think the article of this article:

 

http://famguardian.org/Subjects/Computers/...rsEmailAddr.htm

 

will appreciate the plagerism of his exact words by the so-called "Ramon Jose Stewart-Rivera". I thought it was Roy Stewart? Where did the Jose emerge from?

 

B. Frank

Link to comment
Share on other sites

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...