Velkyn (long Thread)

bardiac · 11-03-2006, 06:09 PM

Quote:

Originally Posted by Velkyn

Xium - Your obvious ignorance in how the internet, SOE accounts, SOE customer service, and grammar work rivals only your inability to play your class. So let me attempt to clear a few things up for you.

Cracking/Hacking Accounts and Passwords:
You have claimed many times that Grfn never had the username or password of the account that was used to disband Reborn. So, in the world of cracking/hacking this would mean he would not only have to crack the password on the account he would also have to crack the account name. Now assuming that the account name and the password were both at least 8 characters long (this would mean they were very short) that’s two combinations of 8 using a possible of 94 characters (94 is all the displayable ASCII characters including mixed case letters.) The following is from geodsoft.com (http://geodsoft.com/howto/password/cracking_passwords.htm#timetable):

So JUST to crack an 8 character password would take on average 1.93 millenia (which by the way 1 millenia spans 1000 years!) However, he wouldn't just have to do this once, he would have to do it twice! Even after getting one working accounting with the accompany password - it would still be 1 random account in the entire EQ2 world (so I have no idea how many accounts are currently out there, including both current and expired accounts....but I bet it would be something like 1/500,000 if not higher.) I think it should be obvious to anyone with any kind of intelligence that the possibility of Grfn not only getting 1 username, but then obtaining the accompanying password, and then that username/password not only being someone on Befallen, but in Reborn, AND someone in Reborn with access to disband the guild.... well its so improbable that in the world of science they would call it impossible.

A qoute from the afore mentioned site:

This of course doesn't even factor in that companies like SOE will lock an account down after X (100 would be high) number of attempts to log into it. Even if the account automatically unlocked after a given period of time (usually around 24 hours) this would still drastically increase the time it would take to hack an account as the above information assumes 100,000 possible passwords processed a minute.

OMG .. I cant stop laughing.. dude, seriously, Google may be your freind, clicking on the first link you see. That's priceless.

1) It takes little or no effort for an experienced "skript kiddy" to own a box. If i were an actual Black Hat.. nvm i cant say that here. But Real hackers can and will use technology that can de hash a pasword in less then a day. Your information is either older then me or is extremely inacurate.

google the phrase Rainbow Tables.

Quote:

Originally Posted by Velkyn

IP Addresses:
Okay so lets ignore the impossibility of him actually hacking the account.... and look at the "proof" of the IP address. I am not going to go into ALL of the details about how IP addresses are obtained in the inner workings of the internet because I am sure it would be lost on you... but here are the basics:

When a user connects to EQ2 the IP that is recorded would trace back to their ISP (Internet Service Provider.) For example I use Comcast from Indiana... so a possible IP address EQ2 would record is (62.56.69.83) so you look up that IPA and it returns ( c-62-56-69-83.hsd1.in.comcast.net.) This the only information SOE could obtain without contacting Comcast, who actually holds the information about which of their accounts had the lease to that IPA during the time an attack (hack attempt) occurred. However, because of privacy issues and the potential for a lawsuit, Comcast will not release that information unless it was requested by a court of law (read as subpoena.) So even had Grfn attempted to hack the account, it would be an extremely lengthy legal process to prove the attempt came from his ISP account, let alone to prove he is the one who actually did it. So the most SOE could obtain in the short period of time that you filed a petition and spoke with a CSR is the IP originated from an area of the country on a given ISP.

Now without even touching the magical amount of information you supposedly get from SOE CSR's, your claims that SOE tracked the attempt back to his home computer are obvious lies.

you obvisously have no effing clue what you are talking about. Do I have to go over the OSI model with you? Anywho, in lamens terms Everything we send over then internet is sent in bursts of coded signals called packets. Think of it as microscopic envelopes. Each "envelope" contains another, and so on. (the actual packet contains about 5 layers in TCP/IP) Each of these "envelopes has BOTH a to: and from: address that correlates to different hardware/software. ... you know what .. insead of babling about technical stuff, ill put it another way...do you know why most (good) email software block pictures in the emails you recieve?

no?

well, its because each picture you see in your email is usually on a server on the web. that picture will send a request to that sever saying: "Hey this IP wants [this] picture" Your ip is then known to that server. This can be bad if a Black hat sent you that email because most likely that pic is on his network and your ip is now logged on their computer.

in short .. if 2 computers connect in ANY way there is a way to get your IP

Quote:

Originally Posted by Velkyn

SOE Customer Service:
The simple fact is SOE has policies about the amount of information they will share with any user about an investigation or actions taken against some other user. If I report you for your gutter mouth, the only information I am going to get from SOE in regards to the petition is that they are looking into it. Your continued claims that every SOE rep you talk to divulges intimate details of the investigation of another user are, like most things you spout off about, clearly lies.

this seems to be founded in truth.

this next one is golden:

Quote:

Originally Posted by Velkyn

Yes gutter mouth, I have heard and I know what I keylogger is. I also know that it has to be installed on a computer, that means someone has to use an .exe file (um no) (that stands for executable file.) (Congradulations on another successful web search) Then someone has to put some kind of trojan on the machine (again another .exe file) (again i submit this person is retarted) so that they can have that machine connect to another machine and send the information. However, if the "infected" computer has a firewall in the router, then you would need to hack the router (usually has 128 bit key) (this keeps getting better and better... btw Sherlock WEP is outdated and is only used for the WIRELESS part of the router you googled)(and any firewall, save the most modern is VERY easy to get by) in order to open the firewall so that the trojan (you do realize what a trojan is right? the whole POINT of a trojan is it doesnt matter if you have a firewall. Actively scanning files that come into your computer with antivus might help though.)can send the key logger information. Here is the thing though - if that happened - then contained within trojan is the "location" of where the information is being sent, or if its just an open port then Buli's ISP will have a record of who connected to that machine. (/sigh dude where do you get your info? once a trojan is on the computer, it doesnt need an open port. just an active connection to the internet.) Now doing all of this is a crime, so what I suggest is have Buli take his rig to a comp-shop so that they can figure out what has "infected" his computer. (or Buli could .. I dont know? do a virus scan? Then knowing what ports were used, have Buli contact his ISP and have them look up what IP's connected to his IP on those ports. (dude now you are just rambling) Then if the facts are there have him contact the authorities... who can then file charges.....

Of course for all this to happen someone would of had to send Buli an infected file that he ran... not to mention a good bit of skill, and a lot of free time... (ok any computer savvy people here?

Really? That many? .. not suprised...

Honestly if you play an MMO 8 /10 people you meet will fit those credentials.

Do I need to continue to educate you in how the computer world works? Or are you going to cough up the mysterious screenshots you have that prove everything?

So I submit to you: The Googling Retard

EDIT: If you have any cocerns or questions about Security or computers in general, please PM me.

Moonspark · 11-03-2006, 07:36 PM

I have "cocerns" about your spellcheck. Maybe someone hacked it.

bardiac · 11-03-2006, 08:03 PM

i have been wanting to d/l firefox 2.. just have been lazy about it

Miroh · 11-03-2006, 10:44 PM

Quote:

Originally Posted by bardiac

you obvisously have no effing clue what you are talking about. Do I have to go over the OSI model with you? Anywho, in lamens terms Everything we send over then internet is sent in bursts of coded signals called packets. Think of it as microscopic envelopes. Each "envelope" contains another, and so on. (the actual packet contains about 5 layers in TCP/IP) Each of these "envelopes has BOTH a to: and from: address that correlates to different hardware/software. ... you know what .. insead of babling about technical stuff, ill put it another way...do you know why most (good) email software block pictures in the emails you recieve?
.

Basic Fundamentals of Networking....

Xium · 11-03-2006, 11:11 PM

on a scale of 1-10 i rate this Retard *velkyn* a 11, i gave him a bonus point for knowing how to use google!

Happy Trails

Nosaj · 11-05-2006, 02:50 PM

Bardiac - Thank you for taking the time to post the things I was thinking while reading the other thread.

So Basically what some people think is that you can't trace IP adresses. Can someone tell me how they catch the retards in the chat rooms picking up little kids? Hmmm, some magical networking mystery I guess....

LFG · 11-05-2006, 02:58 PM

Quote:

Originally Posted by Nosaj

So Basically what some people think is that you can't trace IP adresses. Can someone tell me how they catch the retards in the chat rooms picking up little kids? Hmmm, some magical networking mystery I guess....

I'm not talking about tracing an IP number to a physical location, but I can damn sure prove when someone is attempting to register or is posting as multiple users from the same physical computer. I use a combination of cookies and IP addresses, and I presume SoE does the same. A determined person can work around that for sure, but that is a pain in the ass they won't be able to keep up forever. Sooner or later, everyone slips up.

I'd prefer we not educate people about web proxies/socks etc on this site. That wil just result in more work for me.

Thanks

Lamil · 11-05-2006, 03:30 PM

Quote:

Originally Posted by Velkyn

SOE Customer Service:
The simple fact is SOE has policies about the amount of information they will share with any user about an investigation or actions taken against some other user. If I report you for your gutter mouth, the only information I am going to get from SOE in regards to the petition is that they are looking into it. Your continued claims that every SOE rep you talk to divulges intimate details of the investigation of another user are, like most things you spout off about, clearly lies.

Story time...

One time, a long time ago, when I actually played EQ2, I was sitting at my friends house while he was on his character. We were in QH, and suddenly, I saw my character log in, and run by his character to the mail box? Yes, confusion definately arose quickly, especially when the character of mine, which I was not currently on, was running from the mailbox to the bank, and back again over and over. Truthfully, I was totally like omgwtfs? and was assuming the worst, money gone, items sold, gear deleted etc. So when that character logs out, I immediately log in and see whats gone. They raided my house, but missed a lot in there as I had been moving stuff and it was up high and they missed it. They sold what was unattuned, and I assumed mailed things and my money to them. Well, I contacted a GM.

After explaining what happened, I asked them to see wherethey sent the mail. At this time I got a few mails from random people asking me why i sent them random things? I explained to them what happened, and they sent the items back. Well, the GM also responded with the answers to my request. They told me where the money went, where the items went, and one other thing. I asked them the IP of the person who logged in. NOT ONLY THAT, but I also asked them to compare it to a few people who i suspected of doing this,

and guess what, found a match.

I just found that story relative to that statement I quoted, and I love telling stories. Im not sure if that was against the policy or not, but i have a strange feeling that it was, but they decided to be generous and help me out.

Both · 11-06-2006, 11:14 AM

I'll address this to Velkyn, in hopes he's reading.

Before giving advice on networking, please have experience working on a network bigger than the one in your house. I know you probably feel all squishy inside when you log into your linksys "router", and "manage" it. It's people like you that make the lives of people like me and, from the sound of it, the OP's, a living Hell.

Also, I'd like to point out that a keylogger doesn't have to be installed locally to get a username and password, mmk Mr. silly bear.

Nosaj · 11-06-2006, 01:31 PM

Quote:

Originally Posted by LFG

I'm not talking about tracing an IP number to a physical location, but I can damn sure prove when someone is attempting to register or is posting as multiple users from the same physical computer....

I'd prefer we not educate people about web proxies/socks etc on this site. That wil just result in more work for me.

Thanks

That's what I was talking about without getting into the specifics of "How To". What I was more or less saying was that it can be done without specifically saying how. And I wouldn't wish any more work on anybody, especially someone doing this for free.