Does anyone know how to spoof IP addresses? I ask because I am involved in a battle of wits with the American Chemical Society publications database. The ACS website has a pdf copy of every journal ever published by ACS going back about 150 years. A true treasure trove.

They have a rather nasty adaptave anti-leech prog that works so well I actually think there might be a person that is messing with me. Things started off well enough, I downloaded every article for several months at a time in half a dozen years before getting IP banned. Then I could only get one month at a time before being banned. Then I could hardly get 100 articles at a time. Next I decided to abandon systematic downloading and try randomizimg my downloads. I could hardly get 30 at once doing it that way.

Since you need a specific range of IP addresses from a subscribing institution I was thinking that maybe spoofing an IP address from a subscriber would be the best way to go. What I would need to do is download the articles at random using a random spoofed IP address. I would never download more than 20-30 articles using any one IP address each day. If I can make it look like the requests are coming from all over at random times and for random files I should be able to trick whoever is manning the kill switch.

Otherwise it will take me 3 years to download JACS alone. I did some searching for IP spoofing, but I didn't find anything useful. Maybe you guys know something better.

Please note this would not work with a mere proxy. All IP addresses are registered with ACS. You have to be a suscribing library or university in order to get in. It should be a simple matter to find out a bunch of universities that have access. Then there IP's would have to be used. They only way a proxy would work is if the proxy was an IP address at a subscribing institution.

ACS also uses a username password system to protect their files. Would it also be possible to brute force a password? I don't know anything about that either.

Does anyone know how to spoof IP addresses? I ask because I am involved in a battle of wits with the American Chemical Society publications database. The ACS website has a pdf copy of every journal ever published by ACS going back about 150 years. A true treasure trove.

They have a rather nasty adaptave anti-leech prog that works so well I actually think there might be a person that is messing with me. Things started off well enough, I downloaded every article for several months at a time in half a dozen years before getting IP banned. Then I could only get one month at a time before being banned. Then I could hardly get 100 articles at a time. Next I decided to abandon systematic downloading and try randomizimg my downloads. I could hardly get 30 at once doing it that way.

Since you need a specific range of IP addresses from a subscribing institution I was thinking that maybe spoofing an IP address from a subscriber would be the best way to go. What I would need to do is download the articles at random using a random spoofed IP address. I would never download more than 20-30 articles using any one IP address each day. If I can make it look like the requests are coming from all over at random times and for random files I should be able to trick whoever is manning the kill switch.

Otherwise it will take me 3 years to download JACS alone. I did some searching for IP spoofing, but I didn't find anything useful. Maybe you guys know something better.

Please note this would not work with a mere proxy. All IP addresses are registered with ACS. You have to be a suscribing library or university in order to get in. It should be a simple matter to find out a bunch of universities that have access. Then there IP's would have to be used. They only way a proxy would work is if the proxy was an IP address at a subscribing institution.

ACS also uses a username password system to protect their files. Would it also be possible to brute force a password? I don't know anything about that either.

Does anyone know how to spoof IP addresses? I ask because I am involved in a battle of wits with the American Chemical Society publications database. The ACS website has a pdf copy of every journal ever published by ACS going back about 150 years. A true treasure trove.

They have a rather nasty adaptave anti-leech prog that works so well I actually think there might be a person that is messing with me. Things started off well enough, I downloaded every article for several months at a time in half a dozen years before getting IP banned. Then I could only get one month at a time before being banned. Then I could hardly get 100 articles at a time. Next I decided to abandon systematic downloading and try randomizimg my downloads. I could hardly get 30 at once doing it that way.

Since you need a specific range of IP addresses from a subscribing institution I was thinking that maybe spoofing an IP address from a subscriber would be the best way to go. What I would need to do is download the articles at random using a random spoofed IP address. I would never download more than 20-30 articles using any one IP address each day. If I can make it look like the requests are coming from all over at random times and for random files I should be able to trick whoever is manning the kill switch.

Otherwise it will take me 3 years to download JACS alone. I did some searching for IP spoofing, but I didn't find anything useful. Maybe you guys know something better.

Please note this would not work with a mere proxy. All IP addresses are registered with ACS. You have to be a suscribing library or university in order to get in. It should be a simple matter to find out a bunch of universities that have access. Then there IP's would have to be used. They only way a proxy would work is if the proxy was an IP address at a subscribing institution.

ACS also uses a username password system to protect their files. Would it also be possible to brute force a password? I don't know anything about that either.

Ip spoofing is difficult if not to say impossible. it's like trying to get mail without offering your adress, but if you could tell me some details about this password protection i am probably able to help you (kryptography is one of my hobbies)

Ip spoofing is difficult if not to say impossible. it's like trying to get mail without offering your adress, but if you could tell me some details about this password protection i am probably able to help you (kryptography is one of my hobbies)

Ip spoofing is difficult if not to say impossible. it's like trying to get mail without offering your adress, but if you could tell me some details about this password protection i am probably able to help you (kryptography is one of my hobbies)

From what I have been able to gather about spoofing IPS, the concept is simple and has been used for SendMail spoofing and Porn Site Spoofing.

The first kinds of this kind of spoofing dealt with creating a connection between the two computer and then bumping the one off that you wanted to have the IP address for.

After this, they began to play with the packets that were sent to be able to spoof the IP address.

Now, I wouldn't be so fast to say that the proxing is out fo the question. What I would do is first to see if you could scan the IP range of the different universities and see if you can find any proxies to go through.

There are enough universities out there that would have the ranges the ACS would be looking for and I'm sure one or two would yield a proxy.

Having said that, or if you have already completely eliminated that possibility:

www.governmentsecurity.org is a great place, their forum is good for learning about different techniques to computer security.

Hope this helps. Will update as I find out more.

controlphreak

From what I have been able to gather about spoofing IPS, the concept is simple and has been used for SendMail spoofing and Porn Site Spoofing.

The first kinds of this kind of spoofing dealt with creating a connection between the two computer and then bumping the one off that you wanted to have the IP address for.

After this, they began to play with the packets that were sent to be able to spoof the IP address.

Now, I wouldn't be so fast to say that the proxing is out fo the question. What I would do is first to see if you could scan the IP range of the different universities and see if you can find any proxies to go through.

There are enough universities out there that would have the ranges the ACS would be looking for and I'm sure one or two would yield a proxy.

Having said that, or if you have already completely eliminated that possibility:

www.governmentsecurity.org is a great place, their forum is good for learning about different techniques to computer security.

Hope this helps. Will update as I find out more.

controlphreak

From what I have been able to gather about spoofing IPS, the concept is simple and has been used for SendMail spoofing and Porn Site Spoofing.

The first kinds of this kind of spoofing dealt with creating a connection between the two computer and then bumping the one off that you wanted to have the IP address for.

After this, they began to play with the packets that were sent to be able to spoof the IP address.

Now, I wouldn't be so fast to say that the proxing is out fo the question. What I would do is first to see if you could scan the IP range of the different universities and see if you can find any proxies to go through.

There are enough universities out there that would have the ranges the ACS would be looking for and I'm sure one or two would yield a proxy.

Having said that, or if you have already completely eliminated that possibility:

www.governmentsecurity.org is a great place, their forum is good for learning about different techniques to computer security.

Hope this helps. Will update as I find out more.

controlphreak

You can see the password protection scheme for yourself by going to pubs.acs.org and trying to open one of the journals. For example, go to http://pubs3.acs.org/acs/journals/toc.page?incoden=jacsat and try to open any of the full article pdf files.

If you are authorized you go straight to the pdf file, if not you are redirected to the login page.

Using proxies is not totally out. I meant you can't just use any random proxy to disguise your originating IP. I hand't thought of scaning a universities IP range and looking for a proxy on my own. I didn't know you could do that.

You can see the password protection scheme for yourself by going to pubs.acs.org and trying to open one of the journals. For example, go to http://pubs3.acs.org/acs/journals/toc.page?incoden=jacsat and try to open any of the full article pdf files.

If you are authorized you go straight to the pdf file, if not you are redirected to the login page.

Using proxies is not totally out. I meant you can't just use any random proxy to disguise your originating IP. I hand't thought of scaning a universities IP range and looking for a proxy on my own. I didn't know you could do that.

You can see the password protection scheme for yourself by going to pubs.acs.org and trying to open one of the journals. For example, go to http://pubs3.acs.org/acs/journals/toc.page?incoden=jacsat and try to open any of the full article pdf files.

If you are authorized you go straight to the pdf file, if not you are redirected to the login page.

Using proxies is not totally out. I meant you can't just use any random proxy to disguise your originating IP. I hand't thought of scaning a universities IP range and looking for a proxy on my own. I didn't know you could do that.

You could try getting some of the users on here to get them, since many here are students.

Also, the whole proxy thing, there are lots of open relay proxies run by universities, mostly from Trojan infected student computers! So finding one or two shouldn't be too hard.

Also, you should be able to download ten from one ip, then randomly change to another proxy to download the next 10, if you can download from your current ip, no?

Finally, you can always use the ip of this server to download from - PHP lets you open connections via ftp or http to other servers, do stuff, and download it or save it or whatever. This is at least one extra that you have complete control over!

You could try getting some of the users on here to get them, since many here are students.

Also, the whole proxy thing, there are lots of open relay proxies run by universities, mostly from Trojan infected student computers! So finding one or two shouldn't be too hard.

Also, you should be able to download ten from one ip, then randomly change to another proxy to download the next 10, if you can download from your current ip, no?

Finally, you can always use the ip of this server to download from - PHP lets you open connections via ftp or http to other servers, do stuff, and download it or save it or whatever. This is at least one extra that you have complete control over!

You could try getting some of the users on here to get them, since many here are students.

Also, the whole proxy thing, there are lots of open relay proxies run by universities, mostly from Trojan infected student computers! So finding one or two shouldn't be too hard.

Also, you should be able to download ten from one ip, then randomly change to another proxy to download the next 10, if you can download from your current ip, no?

Finally, you can always use the ip of this server to download from - PHP lets you open connections via ftp or http to other servers, do stuff, and download it or save it or whatever. This is at least one extra that you have complete control over!

http://www.accessdiver.com/

That website is the home of accessdriver, it's a program used to find scripted vulnerabilities in websites, and also to crack passwords on different form based logins using log:pass combinations you can supply. But it also houses a proxy finder that allows you to specify the range and also to do the range randomly. It checks for whatever ports you desire to check for. There are a lot of other programs out there too. One of the best resources I know for this kind of procedure is: www.lawinanet.com It's a website that is dedicated to cracking porn sites, and pornsites have a lot of the same protection as other websites.

And if you wanted to go WAY into it, there is a program called Caucus that allows you to automate the reading and writing of those annoying little graphics that no one can read when you login. LOL

controlphreak

http://www.accessdiver.com/

That website is the home of accessdriver, it's a program used to find scripted vulnerabilities in websites, and also to crack passwords on different form based logins using log:pass combinations you can supply. But it also houses a proxy finder that allows you to specify the range and also to do the range randomly. It checks for whatever ports you desire to check for. There are a lot of other programs out there too. One of the best resources I know for this kind of procedure is: www.lawinanet.com It's a website that is dedicated to cracking porn sites, and pornsites have a lot of the same protection as other websites.

And if you wanted to go WAY into it, there is a program called Caucus that allows you to automate the reading and writing of those annoying little graphics that no one can read when you login. LOL

controlphreak

http://www.accessdiver.com/

That website is the home of accessdriver, it's a program used to find scripted vulnerabilities in websites, and also to crack passwords on different form based logins using log:pass combinations you can supply. But it also houses a proxy finder that allows you to specify the range and also to do the range randomly. It checks for whatever ports you desire to check for. There are a lot of other programs out there too. One of the best resources I know for this kind of procedure is: www.lawinanet.com It's a website that is dedicated to cracking porn sites, and pornsites have a lot of the same protection as other websites.

And if you wanted to go WAY into it, there is a program called Caucus that allows you to automate the reading and writing of those annoying little graphics that no one can read when you login. LOL

controlphreak

controlphreak, any chance of a link for the Caucus program? Sounds like a fun thing to play with!

controlphreak, any chance of a link for the Caucus program? Sounds like a fun thing to play with!

controlphreak, any chance of a link for the Caucus program? Sounds like a fun thing to play with!

Here's the one for Caucus:

http://sentinel.deny.de/download.php?get=Caecus.1.2.zip

And here is one that I thought sounded interesting and it's info:

http://www.intellitamper.com/download.php

Tired of closing and jumping between multiple popup windows, thousands of stupid links on a single page, sites without real content and only ads, etc... ? IntelliTamper is a small and easy-to-use program which will tell you what is really behind any Web site.

Just type in the address, let the IntelliTamper spider works and read the pages for you, and you will be able to access the files and browse the folders like if they were on your own hard-disk !

IntelliTamper is also able to scan a website for unlisted files and folders with a dictionnary based scan. Results are displayed in real time in the window with various informations on progression. Files and folders found are displayed in a friendly mini Windows-Explorer. You can then open links found on pages in your browser, send emails to addresses found on pages, open distant files and save them to your harddisk.

Hope that gets you started!

controlphreak

Here's the one for Caucus:

http://sentinel.deny.de/download.php?get=Caecus.1.2.zip

And here is one that I thought sounded interesting and it's info:

http://www.intellitamper.com/download.php

Tired of closing and jumping between multiple popup windows, thousands of stupid links on a single page, sites without real content and only ads, etc... ? IntelliTamper is a small and easy-to-use program which will tell you what is really behind any Web site.

Just type in the address, let the IntelliTamper spider works and read the pages for you, and you will be able to access the files and browse the folders like if they were on your own hard-disk !

IntelliTamper is also able to scan a website for unlisted files and folders with a dictionnary based scan. Results are displayed in real time in the window with various informations on progression. Files and folders found are displayed in a friendly mini Windows-Explorer. You can then open links found on pages in your browser, send emails to addresses found on pages, open distant files and save them to your harddisk.

Hope that gets you started!

controlphreak

Here's the one for Caucus:

http://sentinel.deny.de/download.php?get=Caecus.1.2.zip

And here is one that I thought sounded interesting and it's info:

http://www.intellitamper.com/download.php

Tired of closing and jumping between multiple popup windows, thousands of stupid links on a single page, sites without real content and only ads, etc... ? IntelliTamper is a small and easy-to-use program which will tell you what is really behind any Web site.

Just type in the address, let the IntelliTamper spider works and read the pages for you, and you will be able to access the files and browse the folders like if they were on your own hard-disk !

IntelliTamper is also able to scan a website for unlisted files and folders with a dictionnary based scan. Results are displayed in real time in the window with various informations on progression. Files and folders found are displayed in a friendly mini Windows-Explorer. You can then open links found on pages in your browser, send emails to addresses found on pages, open distant files and save them to your harddisk.

Hope that gets you started!

controlphreak

Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.

Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.

Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.

I don't have a username/password to ACS, I go to a local university that has a subscription and use a public computer to access the website. There is another university a bit farther away I may try to hit with mass downloading for awhile.

Here's the bad part. The company the provides subscription access had monitered my mass downloading, called the university in a panic, and they sent the gestapo to the lab I was using to find out who was responsible. THis is why I am leery of just using one particular IP address. If I can spoof dozens I can slip by unnoticed.

I am going to give that accessdiver a try. Hopefully the referrer spoof trick will work, that would be... I don't have a word to describe my happiness if that would work :)

I don't have a username/password to ACS, I go to a local university that has a subscription and use a public computer to access the website. There is another university a bit farther away I may try to hit with mass downloading for awhile.

Here's the bad part. The company the provides subscription access had monitered my mass downloading, called the university in a panic, and they sent the gestapo to the lab I was using to find out who was responsible. THis is why I am leery of just using one particular IP address. If I can spoof dozens I can slip by unnoticed.

I am going to give that accessdiver a try. Hopefully the referrer spoof trick will work, that would be... I don't have a word to describe my happiness if that would work :)

I don't have a username/password to ACS, I go to a local university that has a subscription and use a public computer to access the website. There is another university a bit farther away I may try to hit with mass downloading for awhile.

Here's the bad part. The company the provides subscription access had monitered my mass downloading, called the university in a panic, and they sent the gestapo to the lab I was using to find out who was responsible. THis is why I am leery of just using one particular IP address. If I can spoof dozens I can slip by unnoticed.

I am going to give that accessdiver a try. Hopefully the referrer spoof trick will work, that would be... I don't have a word to describe my happiness if that would work :)

(rambling)Spoofing your IP address probably wouldn´t work. The server would send all of it´s responses to the spoofed address. So, unless you have a network sniffer I wouldn´t reccomend it. I don´t suppose you could use a automated retrieval tool to grab the files (after a set delay) and store them in an accessable space. A network share directory would be ideal. another possibility would be to change the MAC and IP addresses on a given machine to match machines on the other side of the campus.(/rambling).

(rambling)Spoofing your IP address probably wouldn´t work. The server would send all of it´s responses to the spoofed address. So, unless you have a network sniffer I wouldn´t reccomend it. I don´t suppose you could use a automated retrieval tool to grab the files (after a set delay) and store them in an accessable space. A network share directory would be ideal. another possibility would be to change the MAC and IP addresses on a given machine to match machines on the other side of the campus.(/rambling).

(rambling)Spoofing your IP address probably wouldn´t work. The server would send all of it´s responses to the spoofed address. So, unless you have a network sniffer I wouldn´t reccomend it. I don´t suppose you could use a automated retrieval tool to grab the files (after a set delay) and store them in an accessable space. A network share directory would be ideal. another possibility would be to change the MAC and IP addresses on a given machine to match machines on the other side of the campus.(/rambling).

James, that's a good idea! However, it is unlikely that a public access computer will let you do that. Also, it is highly likely that the network will be switched rather than broadcast or token, so your sniffer will only pick up network broadcasts, traffic to your computer, and traffic from your computer - which isn't very useful.

A timed scan, however, might be useful. Pull one document an hour down, go away for a day, next day you should have 24. Might be obvious, but if you want to do serious downloading, do it at the weekend. Start on a Friday evening, run it all weekend, get the stuff on the Sunday evening, and go. The first thing that will happen on the Monday is they will freak out and call the univ. again, and you are then in trouble if it is you sat at the desk! Of course, you leave the program running, and never, ever go back to it. They will have killed it after a few days, so leaving it a week would be bright. Don't use the same MO, or computer, though. Set it up on Thursday and have it trip on Friday at midnight, for the second run.

HTH.

James, that's a good idea! However, it is unlikely that a public access computer will let you do that. Also, it is highly likely that the network will be switched rather than broadcast or token, so your sniffer will only pick up network broadcasts, traffic to your computer, and traffic from your computer - which isn't very useful.

A timed scan, however, might be useful. Pull one document an hour down, go away for a day, next day you should have 24. Might be obvious, but if you want to do serious downloading, do it at the weekend. Start on a Friday evening, run it all weekend, get the stuff on the Sunday evening, and go. The first thing that will happen on the Monday is they will freak out and call the univ. again, and you are then in trouble if it is you sat at the desk! Of course, you leave the program running, and never, ever go back to it. They will have killed it after a few days, so leaving it a week would be bright. Don't use the same MO, or computer, though. Set it up on Thursday and have it trip on Friday at midnight, for the second run.

HTH.

James, that's a good idea! However, it is unlikely that a public access computer will let you do that. Also, it is highly likely that the network will be switched rather than broadcast or token, so your sniffer will only pick up network broadcasts, traffic to your computer, and traffic from your computer - which isn't very useful.

A timed scan, however, might be useful. Pull one document an hour down, go away for a day, next day you should have 24. Might be obvious, but if you want to do serious downloading, do it at the weekend. Start on a Friday evening, run it all weekend, get the stuff on the Sunday evening, and go. The first thing that will happen on the Monday is they will freak out and call the univ. again, and you are then in trouble if it is you sat at the desk! Of course, you leave the program running, and never, ever go back to it. They will have killed it after a few days, so leaving it a week would be bright. Don't use the same MO, or computer, though. Set it up on Thursday and have it trip on Friday at midnight, for the second run.

HTH.

I tried the timed delay, but that got zapped too. That is actually why I think there is a person behind this keeping an eye on the downloads. The problem with a timed delay is the more than 150,000 articles of JACS over the more than 100 year publishing history of the journal. It would take months to get everything. All of the computers in the labs are shut down each night, and nothing is open on the weekends. I think they are wise to any downloading activity from the universities IP range so they give it special attention.

One article a minute would be a more likely approach to avoid getting banned. At most this would net me a few hundred files. I would have to go there early in the morning every day for a year!

I tried the timed delay, but that got zapped too. That is actually why I think there is a person behind this keeping an eye on the downloads. The problem with a timed delay is the more than 150,000 articles of JACS over the more than 100 year publishing history of the journal. It would take months to get everything. All of the computers in the labs are shut down each night, and nothing is open on the weekends. I think they are wise to any downloading activity from the universities IP range so they give it special attention.

One article a minute would be a more likely approach to avoid getting banned. At most this would net me a few hundred files. I would have to go there early in the morning every day for a year!

I tried the timed delay, but that got zapped too. That is actually why I think there is a person behind this keeping an eye on the downloads. The problem with a timed delay is the more than 150,000 articles of JACS over the more than 100 year publishing history of the journal. It would take months to get everything. All of the computers in the labs are shut down each night, and nothing is open on the weekends. I think they are wise to any downloading activity from the universities IP range so they give it special attention.

One article a minute would be a more likely approach to avoid getting banned. At most this would net me a few hundred files. I would have to go there early in the morning every day for a year!

I just posted it on the FTP for ya.


Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.

I just posted it on the FTP for ya.


Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.

I just posted it on the FTP for ya.


Mega, since you downloaded the last two years it looks like you have a password/username pair (which I know it's a number). I would be very nice if you can download this article: http://pubs.acs.org/cgi-bin/archive.cgi/jacsat/1938/60/i03/pdf/ja01270a501.pdf and maybe attach it yo a post.

It's about the explosion of metallic sodium/potassium in contact with chloroform and I've been looking for a long time for somebody able to download it.
Thanks in advance.