Forte Agent help

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.

On Sat, 26 Jan 2019 18:01:12 +0000, Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?

You can check the headers of one of their posts, but that's quite
unlikely to produce results. Your best bet is to simply ask the poster
to provide the info. If you have a legitimate purpose, they might even
comply with your request, although the possibility seems remote.

On 2019-01-26 13:01, Dan wrote:
Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.


A lot of newsreaders do not show the IP. A lot of users who use
newsreaders which do show the IP take steps to hide their real IP, using
proxies or whatever. Even if you see the IP, you might not see the
_real_ IP; some ISPs, AT&T for example, notoriously reuse IPs so that
users might be in Dallas but have an IP showing them to be in Houston.
Why do you need this person's IP? Why can't you just ask them where they
are? What business is it of yours where they are?

On Sat, 26 Jan 2019 18:01:12 +0000, Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?

That`s not possible. You can see all header fields in Agent, but this
will only show you the usenet server the user has delivered its
message too. But a user might use any news server he likes.

On 26/01/2019 18:01, Dan wrote:
Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.

If you can, look the group up in Google Groups

https://groups.google.com/forum/#!overview

Not ALL Usenet groups are there, but most are. (Windows10 is NOT!)

Find the thread/post/poster you are looking for, then look in the
poster's header. Google displays the IP in the header info. (but it may
be incorrect!)

HTH

--
David B.

David B. wrote:
On 26/01/2019 18:01, Dan wrote:
Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.

If you can, look the group up in Google Groups

https://groups.google.com/forum/#!overview

Not ALL Usenet groups are there, but most are. (Windows10 is NOT!)

Find the thread/post/poster you are looking for, then look in the
poster's header. Google displays the IP in the header info. (but it may
be incorrect!)

HTH

A peer level news server cannot "invent" information.

If I log into my Google Groups account and post a message,
my IP address will be embedded by Google, in the header.
This is a decision made by Google, for their users.

the river Styx --- -+- --- --- --- ---
|
| "has IP"
|
GG message

*******

If I post through AIOE and the post shows up eventually on
the Google Groups server, only the encrypted header information
will be present, and no IP address.

NNTP-Posting-Host: bDyACtE37TCbWXECQ/K7FQ.user.gioia.aioe.org
X-Complaints-To:

If I post through E-S,

posting-host="ab0f6e79d5486763e41fc42cfba1b279";
"

the river Styx --- -+- --- --- --- --- -+- --- --- --- ---
| |
| "no IP" | "no IP"
| |
AIOE message E-S message

Each server has a custom method, a random salt, an
encoding method for the IP, and some crypto to encrypt it.
The "admin" at the abuse address can decode it. By using
"No IP", regular users cannot snoop on other peoples IP addresses.

Can the crypto be cracked ? Does the server leak ?
Don't ask me :-)

An "official" IP address recovery requires lawyers
and policemen, as the private server admins "respond"
to legal documents. They don't listen to whiny complaints
unless the TOS is violated. And the TOS these days is
relatively liberal.

Google posts IP addresses and Google also has an
easy-peasy "abuse" button for users posting from
their site. It's a kind of "self-help ban hammer".
If you're a Google Groups user, you're standing on
pretty shaky ground, relatively speaking.

For TOS violations, a server like E-S can just
close the account, to stop further occurrences
with that particular account. But that doesn't
stop miscreants from applying for new accounts.

It should generally cost money, to get a response
or a "result". Freebie whining and ban hammers
are less likely, Google Groups excepted. Google is
a great source of spam, but you can also click the
abuse button if it makes you feel better.

When a set of individuals libeled/slandered a *lawyer*,
he got virtually all of them. I think there might
have been IPs for everyone, and three "John Doe"
entries in the filing, where someone in the house
posted a message, but the information available
may not have been of a sufficient legal threshold
to replace "John Doe" with an actual name. The lawyer
may know, based on household lastname, who the person
is, but they need evidence and traceability of the
first name, to put something other than John Doe.
That kinda kicked a big hole in AUK. I won't mention
the lawyers name, because... lawyers.

Paul

On Sat, 26 Jan 2019 15:32:14 -0500, Panthera Tigris Altaica wrote:

On 2019-01-26 13:01, Dan wrote:
Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.


A lot of newsreaders do not show the IP.

No newsreaders add the poster's IP to the message. If the IP is
there, it was added by the news *server* and not by the newsreader.

Some of my news servers add my IP address to the headers, others do not.
My news reader does not make this decision.


A lot of users who use
newsreaders which do show the IP take steps to hide their real IP, using
proxies or whatever.

ITYM: "A lot of users who use news *servers* which do show the IP...".

A proxy can hide your actual IP from the news *server*, but it makes no
difference to the newsreader.


Even if you see the IP, you might not see the
_real_ IP; some ISPs, AT&T for example, notoriously reuse IPs so that
users might be in Dallas but have an IP showing them to be in Houston.
Why do you need this person's IP? Why can't you just ask them where they
are? What business is it of yours where they are?

________

For other readers with some technical knowledge

My newsreader is unable to even see what my real IP address is.
I am behind two layers of NAT (Network Address Translation).

1. All my news reader knows is the private IP assigned by the
router, 192.168.43.167. Outside my own home network, this
address will not find me.
https://en.wikipedia.org/wiki/Private_network

2. All my router knows is the carrier-grade private IP address
assigned by my ISP, 100.85.128.144. Outside my ISP's own
network, this address will not find me.
https://en.wikipedia.org/wiki/Carrier-grade_NAT

3. The news server knows my real (external-facing) IP address.


--
Kind regards
Ralph

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Ralph Fox wrote:

2. All my router knows is the carrier-grade private IP address
assigned by my ISP, 100.85.128.144. Outside my ISP's own
network, this address will not find me.
https://en.wikipedia.org/wiki/Carrier-grade_NAT

My condolences for your ISP employing CGN.


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAlxNHT AACgkQjhHd8xJ5
ooFRKwf8CZwPzzBjdeYM/aX7rzMov0GnvCJ1P0BHd9lfOqktx3XX5+2HYLyMmYlo
6IDuBuQmzBOySvhW+/gjaB26NP1XT3dAtidyQD8El+UV3XL/r8vkHy1+pqvujCuY
iETQFBez+JjRYdYEaYGwJArqw2ttMaZt6hCKlJqnTO0byfPqcb J3xA2QoZcfWWgH
Imtg+hgbv5ttyroUZqIKbuGGcH02NaWn55XHpUHwE4Z/YZSYcBrcne1U5U0a+nRs
20980fKxo7KcPxah250EcduIx5wCi7jBg16IC8JHy10VnPsUkX NtMg72/aGFgWHF
zx48LQC6y4dDK9GvDYH1DZEDLyIFIw==
=9GM4
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

On Sat, 26 Jan 2019 18:01:12 +0000, Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.


1. Assuming the message body has been downloaded, press 'H' or use
"View Show All Header Fields" to see the full headers of the
message.

This will not work if the body has not been downloaded.

2. Now, check the full headers to see whether the IP address is there.
Some news servers will add the IP address to the headers, but many
will not.

If the IP address is there, it is likely to be in an
"NNTP-Posting-Host:" or "Injection-Info:" header.

3. If that doesn't work, you will need a court order to force the
news server to reveal the poster's IP address. You will need
lots of money for lawyers, and a good case to convince the judge.


--
Kind regards
Ralph

On Sun, 27 Jan 2019 02:53:36 -0000 (UTC), Dan Purgert wrote:

Ralph Fox wrote:

2. All my router knows is the carrier-grade private IP address
assigned by my ISP, 100.85.128.144. Outside my ISP's own
network, this address will not find me.
https://en.wikipedia.org/wiki/Carrier-grade_NAT

My condolences for your ISP employing CGN.


AsiaPac ran out of IP v4 addresses back in 2011.
https://www.nic.ad.jp/en/ip/ipv4pool/
My ISP is dealing with the reality we live in.


--
Kind regards
Ralph

Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0. How do I do it?

You don't get to see any headers that were not:
- Added by client.
- Added by server (at the injection node).

Go look at the settings for your own NNTP client. Does it have one for
it to add a header with your current IP address? And what good would
that be as it would be for the intranet IP address of your host where
you ran your NNTP client or web browser, not the Internet-side of your
router or cable modem. The same Intranet IP addresses get used by
everyone that has a router (even if built into their cable/DSL modem),
so seeing someone posting with 192.168.0.10 or 10.10.0.12 doesn't
identify the source since those addresses are shared by everyone with
their one intranet (hosts on the LAN-side of the router).

Very few users configure their NNTP clients to add a non-standard X
header to show their IP address, plus that would be a static setup which
means eventually it won't match for a poster who is getting assigned a
dynamic IP address by their ISP.

A long time ago, NNTP server would add header(s) that contained the IP
address of the sender (or for whatever was the host for the NNTP client
that connected to the server). One such useful header was named
NNTP-Posting-Host. They began removing those headers either under the
guise that it was to preserve privacy for the sender, to further
eliminate periodic requests from the FBI that locked up their log files,
or to [d]evolve their service into an anonymous service.

You cannot get a header that was never added. If you have a legal
reason for identifying the sender, you will need to contract your own
lawyer to send a letter of intent to the injection node Usenet provider
(where the sender submitted their article) threatening legal action, or
proceed to filing in court to get a case number and then legally notify
the sender's Usenet provider. Since Usenet providers don't keep logs
for very long, or what they retain does not identify the sender (like
not retaining the sender's IP address), or they don't save them at all
then they have nothing to give the court.

The Usenet provider may add special headers that are used to track them
back to the sender; however, those are for cancelling an article, the
user's client must comply with the requirements of the Usenet provider
on how to request deletion of their article, and the cancel request must
be sent in a short time since the logs are typically deleted (the log
has a max size, so new entries push out old entries).

You will need to use the other headers (both overview and non-overview)
if you wish to filter out unwanted posters. Your NNTP client will need
to download the full article to have access to all of that article's
headers; else, all you get are the overview headers and those are often
insufficient to focus on a particular sender. Some clients can use some
NNTP commands to have the server do some work but I've not found any
servers that support those commands because it makes them do more work
than just delivering the message, and they expect you to do search and
filtering on your end.

So, just who were you trying to killfile?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ralph Fox wrote:
On Sun, 27 Jan 2019 02:53:36 -0000 (UTC), Dan Purgert wrote:

Ralph Fox wrote:

2. All my router knows is the carrier-grade private IP address
assigned by my ISP, 100.85.128.144. Outside my ISP's own
network, this address will not find me.
https://en.wikipedia.org/wiki/Carrier-grade_NAT

My condolences for your ISP employing CGN.


AsiaPac ran out of IP v4 addresses back in 2011.
https://www.nic.ad.jp/en/ip/ipv4pool/
My ISP is dealing with the reality we live in.

No v6? Shame.
Not that I run v6 myself, as my ISP has enough v4 to hand out to their
customers.

One of those "I really ought to, but I don't have the time" situations.


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAlxNnI YACgkQjhHd8xJ5
ooFuSAf+MiuDcnglBOSORfDnnUBxqky1SZW335aQiUySvacXSS THFKbSa6uhrHuI
u0iGaC2x6XlgD+qR7ppu9B8atmSuKx/clwYQcctmh3ENam1YJubxKxVNqxwm+FDT
aZlzxffJd86C7xpKUmJtwq43Jy2k5EdkbvWiQeNtr1EOr2Mgbv +mMeVoP2R2ByTI
jKW2qnS4KnTKmIF6R3DLPsx5VnpVOG9q0qX7Y8qm8G80elyq2Q LMmg2EBFdylcfF
eFWbgS8/2QTMaW+BDtDLW6jv79axlM7gSlMaTUMt3+sR6TJfspPFPnoGc/MXvMFS
Qd/Fqz/Nl3JToYv1xb8TkTilyks4VA==
=BX+g
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

On 2019-01-26 21:50, Ralph Fox wrote:
On Sat, 26 Jan 2019 15:32:14 -0500, Panthera Tigris Altaica wrote:

On 2019-01-26 13:01, Dan wrote:
Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.


A lot of newsreaders do not show the IP.

No newsreaders add the poster's IP to the message. If the IP is
there, it was added by the news *server* and not by the newsreader.

Some of my news servers add my IP address to the headers, others do not.
My news reader does not make this decision.


A lot of users who use
newsreaders which do show the IP take steps to hide their real IP, using
proxies or whatever.

ITYM: "A lot of users who use news *servers* which do show the IP...".

A proxy can hide your actual IP from the news *server*, but it makes no
difference to the newsreader.


Even if you see the IP, you might not see the
_real_ IP; some ISPs, AT&T for example, notoriously reuse IPs so that
users might be in Dallas but have an IP showing them to be in Houston.
Why do you need this person's IP? Why can't you just ask them where they
are? What business is it of yours where they are?

________

For other readers with some technical knowledge

My newsreader is unable to even see what my real IP address is.
I am behind two layers of NAT (Network Address Translation).

1. All my news reader knows is the private IP assigned by the
router, 192.168.43.167. Outside my own home network, this
address will not find me.
https://en.wikipedia.org/wiki/Private_network

2. All my router knows is the carrier-grade private IP address
assigned by my ISP, 100.85.128.144. Outside my ISP's own
network, this address will not find me.
https://en.wikipedia.org/wiki/Carrier-grade_NAT

3. The news server knows my real (external-facing) IP address.


you are, of course, correct. My error.

On 2019-01-26 22:02, Ralph Fox wrote:
On Sat, 26 Jan 2019 18:01:12 +0000, Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0.
How do I do it?


Thanks in advance.


1. Assuming the message body has been downloaded, press 'H' or use
"View Show All Header Fields" to see the full headers of the
message.

This will not work if the body has not been downloaded.

2. Now, check the full headers to see whether the IP address is there.
Some news servers will add the IP address to the headers, but many
will not.

If the IP address is there, it is likely to be in an
"NNTP-Posting-Host:" or "Injection-Info:" header.

3. If that doesn't work, you will need a court order to force the
news server to reveal the poster's IP address. You will need
lots of money for lawyers, and a good case to convince the judge.


I think that the OP is really the notorious stalker troll David B. under
a new nym. David B. has been stalking and attempting to dox multiple
posters, including me, for a very long time. See, for example, an
exchange from last year:

Begin included text:
____________________
On Thursday, January 11, 2018 at 4:09:24 AM UTC-5, David B. wrote:
On 10/01/2018 23:14, Panthera Tigris Altaica wrote:

I would not recommend clicking on any link you suggest thanks to
your previous actions. You have no credibility thanks to your previous
actions. Jolly Roger has far more credibility than you do. Your
unsupported statement carries far less weight than his posts do, again
thanks to your previous actions. Because of what I have observed in the
past, if you said that water was wet I would require some other person
to corroborate your statement.

In the meantime, I merely note that you say that quite a few other
posters are liars. It is quite noticeable that their lies appear to all
be about you. It is also quite noticeable that they tend to be able to
support their alleged lies, while you cannot. You cannot, for example,
point to the 'invisible, undetectable malware' which you say might
(without any supporting evidence whatsoever) be installed by ClamXAV.
This 'invisible, undetectable malware' cannot be detected by multiple
anti-malware systems. It takes up no space on hard drives. It uses no
CPU cycles. It uses no RAM. It makes no network accesses of any kind.
Yet you state that it might exists. Some of the poster who you say lie
about you have given plausible reasons why you might continue to state
that there might be malware installed by ClamXAV; you have not been able
to refute them, save by saying that they're lying. It is unlikely that
so many other posters are all saying the same lies. It is much more
likely that they are not the ones who are lying.

You have no credibility at all.

I'm saddened that you think so. :-(

IP Lookup Result for 216.114.94.12
IP Address:
216.114.94.12
Organization:
Palm Beach State College
ISP/Hosting:
Palm Beach State College
Updated:
01/10/2018 03:10 PM
City:
Lake Worth
Country:
United States
State:
Florida
Postal Code:
33467
Timezone:
America/New_York

=

Is it nice there?


--
“Men occasionally stumble over the truth, but most of them pick
themselves up and hurry off as if nothing ever happened.� (Winston S.
Churchill)

It appears that you are sufficiently incompetent that you think that
header information is of significant value. If you check, you will see
that my header information shows that I post from multiple locations,
including several American institutions of higher education, from
landlines run by AT&T, Comcast, Cox, Frontier, Times-Warner, and
Verizon, from cellular connections run by AT&T, T-Mobile, and Verizon.
You might detect that my headers say that I'm posting from as far north
as Boston, MA, as far south as Miami, FL, and as far west as Dallas, TX.
You might even detect that once I posted from North Miami Beach, FL, and
less than an hour later from Arlington, TX and less than two hours after
that from New York, NY. If, that is, the headers on my posts have any
bearing whatsoever on reality.

You truly are as incompetent, and as stupid, as so many others have posted.

Should you check more closely, you might discover that the alleged Palm
Beach State connection was not to a school computer. This may or may not
be a clue, or would be if you were even a half-wit. As you do not
qualify for that lofty status, do keep trying.
_________________
end included text

On Sun, 27 Jan 2019 01:04:58 -0600, VanguardLH wrote:

Dan wrote:

Hello, I need the IP of a poster in newsgroups. I am using Forte Agent
8.0. How do I do it?

You don't get to see any headers that were not:
- Added by client.
- Added by server (at the injection node).

Go look at the settings for your own NNTP client. Does it have one for
it to add a header with your current IP address? And what good would
that be as it would be for the intranet IP address of your host where
you ran your NNTP client or web browser, not the Internet-side of your
router or cable modem. The same Intranet IP addresses get used by
everyone that has a router (even if built into their cable/DSL modem),
so seeing someone posting with 192.168.0.10 or 10.10.0.12 doesn't
identify the source since those addresses are shared by everyone with
their one intranet (hosts on the LAN-side of the router).

Very few users configure their NNTP clients to add a non-standard X
header to show their IP address, plus that would be a static setup which
means eventually it won't match for a poster who is getting assigned a
dynamic IP address by their ISP.

A long time ago, NNTP server would add header(s) that contained the IP
address of the sender (or for whatever was the host for the NNTP client
that connected to the server). One such useful header was named
NNTP-Posting-Host. They began removing those headers either under the
guise that it was to preserve privacy for the sender, to further
eliminate periodic requests from the FBI that locked up their log files,
or to [d]evolve their service into an anonymous service.

You cannot get a header that was never added. If you have a legal
reason for identifying the sender, you will need to contract your own
lawyer to send a letter of intent to the injection node Usenet provider
(where the sender submitted their article) threatening legal action, or
proceed to filing in court to get a case number and then legally notify
the sender's Usenet provider. Since Usenet providers don't keep logs
for very long, or what they retain does not identify the sender (like
not retaining the sender's IP address), or they don't save them at all
then they have nothing to give the court.

The Usenet provider may add special headers that are used to track them
back to the sender; however, those are for cancelling an article, the
user's client must comply with the requirements of the Usenet provider
on how to request deletion of their article, and the cancel request must
be sent in a short time since the logs are typically deleted (the log
has a max size, so new entries push out old entries).

You will need to use the other headers (both overview and non-overview)
if you wish to filter out unwanted posters. Your NNTP client will need
to download the full article to have access to all of that article's
headers; else, all you get are the overview headers and those are often
insufficient to focus on a particular sender. Some clients can use some
NNTP commands to have the server do some work but I've not found any
servers that support those commands because it makes them do more work
than just delivering the message, and they expect you to do search and
filtering on your end.

So, just who were you trying to killfile?



Thanks to all who repled.
No, I am not a trouble maker.