Jodi said:
I presume you meant either that it may not be legal or it may be illegal?
David, damn your unreasonable expectations of coherence! 
Yes, “may be illegal” or “may not be legal.” Take your pick.
BTW, can someone please give me a couple of examples of “perfectly innocuous” reasons to obscure an IP? Not picking a fight; just asking.
Jodi -
Can I use this for a sig line? Please???
Jodi, one reason would be so that one could post a letter/email critical of someone in an important position in such a way that it could not be traced back for retaliation.
i.e. On of my companies VP’s, Mr. John Doe accidently did X. Posted anonymously so that Mr. Doe, could not somehow force the BBS to state who posted via his IP and then get the poster fired.
An even more appropriate example is someone in China wanting to post something critical of the Chinese Goverment. There, if they find out who is posting, the poster could be facing serious jailtime/death for speaking their mind.
However, both are limited examples where anonyminity is truly needed, for the most part spoofing to avoid punishment for a violation of netiquette is personally more than a little immature.
NARILE – Thanks. I see the justice of those examples, but I think we can agree they’re probably pretty rare. I mean, if I wanted to send a truly anonymous e-mail, I think I’d just toddle down to my public library and do so. But I can see the need to obscure IPs for whistle-blowers and political dissidents; I’m just am not sure how many of those are hanging around at the message boards.
FALCON – Sure, have at it.
[newsflash]
Oh shit! The sky! Its…its…FALLING!!!
[/newsflash]
I actually agree with you regarding spoofing in this thread.
Although… I can see a few points. We generally take our freedoms for granted in the US and I believe this extends into the WWW as well. We are not secure on the web. We do not have basic rights of privacy on the web. If I pay for a service (ISP) why should they be able to monitor my activities? How can they be held liable for my actions?
I understand and agree that illegal activity and generally bad stuff happens while ‘spoofing’ but maybe this is a legitimate argument. There should not be a need to cover thy footprints, but why is anybody looking for my footprints in the first place?
ABSOUL says:
We don’t? What right to privacy do you think you have in the real world that you do not have on the Web? If you make an anonymous communication through the phone or the mail, the technology exists to trace that as well (to varying degrees). Now, granted, you have a fundamental right to privacy in your phone records and I would be the first to agree that you should have the same right in regards to your Internet records – but there is and ought to be a way a trace such communications if the legitimate need arises. To me, asking how to send a truly untraceable e-mail is akin to asking how to make a truly untraceable phone call. My first question is: Well, why someone would need to do that?
I don’t believe, and have not said, that an ISP should be able to monitor or keep records of your Internet activities. And I don’t think an IP can generally be held liable for the actions of its subscribers – and rightly so. But you are responsible for your own actions, and if those actions are fraudulent, and if as part of that fraud you obscure your IP, then the act of obscuring the IP is fraudulent as well.
Well, it seems to me that there are legitimate and illegitimate reasons to look at your footprints. A legitimate one would be that you are sending harrassing or threatening e-mails to someone. An illegitimate one would be that BehemothBooks.com wants to know where you work so it can spam you with advertisements for books relating to your profession.
To me, the answer is to work at clearly delineating the right to privacy in cyber-space – a thing that is easier said than done, I know, but still. In other words, the answer is to determine when such communications are privileged, not to assist in making such communications untraceable. There are legitimate reasons to trace communications in cyber-space, not the least of which is the prevention of crime, from consumer fraud to child molestation to cyber-terrorism (Love Virus, anyone?). And it seems to me that the process of tracing a user to a particular IP (which is in reality not even very invasive of privacy, any more than finding out your place of employment is) is a legitimate way of monitoring the handful of users (out of thousands) who simply cannot behave themselves on a message board. More to the point, it seems to me to be ridiculous to complain that the message board is being “unfair” when it refuses to assist a poster in determining the most effective way to troll it. Now, that may not have been JMullaney’s intent – and I assume it was not – but it certainly would be an obvious result of allowing his thread to continue.
You’re still using the terminology incorrectly. IP spoofing has nothing whatsoever to do with either proxies or email headers. IP spoofing specifically means emitting IP packets with a false source address. Proxying means passing your packets through an intermediate host (the proxy) so that to the other end of the connection the packets appear to be coming from the proxy. The important difference in this situation is that, in a proxy configuration, the administrators of the proxy have granted you permission to filter your packets through their system. In IP spoofing, you are masquerading your identity as someone else without their permission. IP spoofing is typically used by crackers to gain unauthorized entry to systems that do authentication based on IP addresses. I can not think of any valid reason to do that, and I don’t think anybody else can either; that’s why most people assume IP spoofing == illegal behavior.
Anyway, terminology: Spoofing is such a “cute” word, it has been used to describe several activities - the less-than-legal one being the current, IMHO. But just a few years ago, “spoofing” could simply mean “answering on behalf of”, for instance, a router would be described as “spoofing” when it answered IPX SAP queries as if it was a (remote) Novell server, saving a lot of WAN bandwidth. So the confusion is understandable.
If I may ? - I work for an ISP, after all. Technically speaking, we’re able to monitor your activities to a high degree because - well, because that’s the way things work. Just like a telephone technician who’s able to monitor your calls, really. Your data goes through our networking gear, after all.
Obviously, doing so for kicks would get anyone fired. But if a court issues the necessary warrant, we’re under obligation to monitor your activities and help out the police. Fair enough, really - would-be Baader-Meinhoffs shouldn’t get a “get-secure-communications-here” card by using the net, right ?
This one’s a tad trickier. An ISP has been issued a bunch of IP addresses to run a network. When a firewall registers an intrusion attempt, it’ll log the source IP address. The firewall administrator can look up whose IP adress it is and he will contact the ISP, telling them that their address space is used for illegal activities and will they please take steps to stop it.
Handling abuse takes time. Terminating user accounts costs money. Having a lot of abuse originating from your address space detracts from your credibility. And some people without a clue will send you highly unpleasant and detailed threats.
Add to that legislators who think that ISPs are all rich and power-grabbing corporations who want to make bucks by distributing child pornography, and you might see why we’re highly uncomfortable with people abusing our IP addresses.
Here’s one of my favorite threats: “Do not send unsolicited advertising, chain letters, automatic messages or other spam to this address. Abuse of our e-mail resources may result in legal action or a leather-winged demon of the night dining on your pancreas.” I THINK I lifted it from a usenet sig.
Ok, Ok… I’ll bite…
-8 beers later-
Jodi says-
This is the basis.
This has already been bypassed by Carnivore.
They do and they are. The next answer is ‘Yes’ you are responsible for fraudulent actions(IMHO). If the ISP dosent keep the records… how would they track you back?
They are one in the same. Your ISP, or someone else (see previos link), would keep this information logged and track your ass back to ‘pedophiles homepage’ or ‘abortion rights activists’. Should either be public knowledge without your consent?
I, myself, want to stay ‘on top’ of knowledge that runs this thing we call the net. If we do not do this, we are opening the doors of complacency.
*all previous statements do not directly apply to any ‘Trolls’ who might be reading this post, at this time.
I love these mods… have pity on me!
::grovel::