How to take XXX pictures of your friend engaged in sexual congress

[Freeky]

He's turned into the B*n M*ck of squick.

  I was thinking the same thing.

[Rumckle]

the term makes me think of Maude from the Big Lebowski.
Is BH Gone For Good™ now?

If you don't spell out his whole name, I think so.

Or say his name 3 times while looking in a mirror

[Triple Zero]

Glad that's sorted out. I'd like to hear more about that project though Net, if you're willing to share?

CU, on the other hand, knows how to spoof an IP IIRC.

Just FYI, it is generally NOT possible to spoof an arbitrary IP. In the sense that the IP we saw on that post was one that Net's been using for quite a while, and a hypothetical hacker can't just hack something like "I want that particular IP" (given that he knows which one it is--which CU could have gotten from the EB&G logs, theoretically).

From the top of my head, these are the possibilities that come closest to "spoofing" an IP:

- use a proxy. You get the proxy's IP. If you put in some effort, this means you can "spoof" the rough geographical location where that IP is located.

- change the server logs to report a different IP. you need to hack into the server and then you can change it to any IP you want. this is a LOT of effort for a prank. While precision-social-engineering like just changing one IP in the logs can be very powerful if you play your cards right, if a hacker gets that kind of access to a server, they can also do a lot of other damage.

- this option actually is what is generally (by knowledgeable hackers) considered "IP spoofing", but it requires a special set of circumstances: IF you are on the same network as the target, that is the local network, like being on the same home router, or breaking into the same wireless network as the target. The target in this case would be the PD server (which is not on wireless, I hope). Then you can do some very low-level network hacking, which I believe is called "ARP poisoning" (but I could be mistaken) and somehow identify yourself on that local network as originating from an arbitrary IP. I think. This is pretty involved and difficult to pull off, although there are probably script-kiddie solutions available, like the BackTrack Linux distro (basically an Ubuntu version that comes prepackaged with all sorts of hacking tools--and it will run from a USB stick!). And then a good network (like I hope Dreamhost is) would have protections against that sort of thing, and given that you have to be pretty close to the target, chances of getting caught are higher as well.

I could be wrong on all of this, maybe there's other possibilities, but as far as I know, this is it.

[ñͤͣ̄ͦ̌̑͗͊͛͂͗ ̸̨̨̣̺̼̣̜͙͈͕̮̊̈́̈͂͛̽͊ͭ̓͆ͅé ̰̓̓́ͯ́́͞]

Glad that's sorted out. I'd like to hear more about that project though Net, if you're willing to share?

The end pieces will not be photographs but I can't divulge the medium/concept until the project is basically completed.

I can say it's a quite different direction than Juan Francisco Casas' work.

[El Sjaako]

Glad that's sorted out. I'd like to hear more about that project though Net, if you're willing to share?

CU, on the other hand, knows how to spoof an IP IIRC.

Just FYI, it is generally NOT possible to spoof an arbitrary IP. In the sense that the IP we saw on that post was one that Net's been using for quite a while, and a hypothetical hacker can't just hack something like "I want that particular IP" (given that he knows which one it is--which CU could have gotten from the EB&G logs, theoretically).

From the top of my head, these are the possibilities that come closest to "spoofing" an IP:

- use a proxy. You get the proxy's IP. If you put in some effort, this means you can "spoof" the rough geographical location where that IP is located.

- change the server logs to report a different IP. you need to hack into the server and then you can change it to any IP you want. this is a LOT of effort for a prank. While precision-social-engineering like just changing one IP in the logs can be very powerful if you play your cards right, if a hacker gets that kind of access to a server, they can also do a lot of other damage.

- this option actually is what is generally (by knowledgeable hackers) considered "IP spoofing", but it requires a special set of circumstances: IF you are on the same network as the target, that is the local network, like being on the same home router, or breaking into the same wireless network as the target. The target in this case would be the PD server (which is not on wireless, I hope). Then you can do some very low-level network hacking, which I believe is called "ARP poisoning" (but I could be mistaken) and somehow identify yourself on that local network as originating from an arbitrary IP. I think. This is pretty involved and difficult to pull off, although there are probably script-kiddie solutions available, like the BackTrack Linux distro (basically an Ubuntu version that comes prepackaged with all sorts of hacking tools--and it will run from a USB stick!). And then a good network (like I hope Dreamhost is) would have protections against that sort of thing, and given that you have to be pretty close to the target, chances of getting caught are higher as well.

I could be wrong on all of this, maybe there's other possibilities, but as far as I know, this is it.

- You can somehow disable the real IP (DDOS, for instance), and then send the spoofed messages needed to make the post. This requires you to blindly keep sending packages to the server without getting any feedback. I'm not sure about the details, but this may be possible if you somehow got a hold of the PD.com cookie NET has.
- You can install a proxy or other malicious software on a computer at the target IP address.

[Triple Zero]

- Never heard about this DDoS method, you got a link or perhaps a name of the technique or some lead so I can find out more about it?

though, you can't post to PD with just a one-way connection that can only send but not receive, even if you obtain the cookie, because every post form contains a random or uniquely generated nonce value which you need to send back together with the post or it won't get accepted. originally intended as protection against cross-site request forgery, which also hinges on only being able to send a request not receive a response to fake an identity

it's a rotten shame I didn't have more fun with that before they closed that hole

- another way, similar to malicious software, would be finding an XSS hole on the pd.com domain somewhere (although there are more interesting things than faking posts to do with such a thing) (so you just do those first)

[El Sjaako]

That kind of attack is in the theoretically possible category, not the practically possible one. The sources I got this information have long ago been forgotten by me, and I don't remember much more than I posted above.
You exploit that you can simply mislabel packets you send by filling in a different IP address [1]. You also need to get around some defenses in TCP. It's usually used (according to the IP spoofing page in wikipedia) as a measure to hack IP based authentication, but can theoretically be used to make an attack seem come from a different IP.

The DDOS is needed to prevent someone at the genuine IP address from responding and ruining the connection.

[Ben Shapiro]

This thread.