Robert Briggs
Fri Dec 10 16:07:31 EST 2004

AngleWyrm wrote:
> Robert Briggs wrote:
> > AngleWyrm wrote:
> >
> > > I have a 'thing' about identity theft. Please do not post using
> > > my name.
> > > my name.

> > AngleWyrm, I strongly suspect that the garbage has *not* come from
> > Kenneth at all.
> > Kenneth at all.

> Don't know how to analyze the path property. Here is what my news server
> had to say about the first such post:
> Path:
> attbi_s02 !attbi_slave12 !attbi_master11 !wns13feed !
> !newsswing.news.prodigy.com !prodigy.net !newshosting.com
> !nx01.iad01.newshosting.com !newsfeed.icl.net !newsfeed.fjserv.net
> !feed.news.tiscali.de !tiscali !newsfeed1.ip.tiscali.net !news-out.tin.it
> !news-in.tin.it !news.cs.interbusiness.it !news-spur1.maxwell.syr.edu
> !news.maxwell.syr.edu !wns14feed !worldnet.att.net !attbi_s54.POSTED
> !53ab2750 !not-for-mail

That tells me that to read the post, you got it from newsserver
"attbi_s02", which got it from "attbi_slave12", which got it from
"attbi_master11" [this much is all at your ISP, so it is probably
legitimate], which *says* it got it from "wns13feed", which *says*
it got it from the machine at IP address [maybe this
is wns13feed's equivalent of the ".MISMATCH" I noted before, as a
legitimate newsserver's claimed name should match its address], which
says it got it from ... which says it got it from "worldnet.att.net",
which seems to say it was originally posted on "attbi_s54".

So this one *claims* to have started out at "attbi_s54", and visited
the USA, Italy, Germany, and the USA (I may have missed some) on its
way to "attbi_s02".

One might think AT&T would have a more direct route than that ...

If you compare the paths of this article and my previous one, you
should find that both end with (i.e., the articles started at)
"!news.fore.com!not-for-mail" and they both start with the name of
your *current* newsserver, something like "attbi_s02", "attbi_s03",
or "attbi_s04" (you seem to have posted from all three in this

The paths may well be quite similar near their ends, but the middle
parts can differ a lot even with "normal" Usenet routing, let alone
the sort of lies rogues sometimes tell to try to cover their tracks.

