Thanks Al. I sent this info to Kevin and he wanted me to thank you. Kevin says that there may be some possibilities there ...
He sometimes uses terminal services
He may be using a public proxy server, he wasn't sure and was going to check
He runs something called splashtop remote streamer
~~Bonnie
>>Here's another question: is there any way that people can spoof IPs? I assume that's your main proof to determine who's accessing both accounts.
>
>
http://en.wikipedia.org/wiki/IP_address_spoofing>
>Yes, it's easy to spoof an IP address, but if you expect a server response to come back to your computer, you have to provide your real address. To be able to interact with this site - read and/or reply to messages - you have to have responses come back to your computer, you can't just ignore them like you would for a DoS attack.
>
>That said, I can think of some scenarios where someone other than Kevin could use Kevin's IP address(es):
>
>1. Different authorized user, on same LAN. If Kevin normally posts from work, and there is a corporate LAN there, and someone else in the same office wants to cause him trouble, they could use their own computer and create a Grover account. Most corporate LANs have only one gateway to the public Internet with one external IPv4 address; posts from any computer on that LAN will appear to come from the same IP address.
>
>2. Different unauthorized user, on same LAN. Maybe Kevin runs an unsecured (or insufficiently secured) wireless network, perhaps at home. Anyone physically nearby (within about 100 meters, typically) could piggyback on his wireless. Again, any foreign posts would appear to come from the external IPv4 address of his wireless router.
>
>3. Different user, authorized local session. Maybe Kevin has set up a machine at home or office that offers certain authorized external users a local session e.g. via Terminal Services, LogMeIn, TeamViewer etc. Any posts made from such a session would appear to come from a computer at Kevin's IP address.
>
>4. Different user, unauthorized local session. If one of Kevin's (or a corporate colleague's) computer has been compromised by malware, that could allow unauthorized remote sessions, with the same net effect as #3 above
>
>5. Use of same proxy server. If Kevin's access to the UT is through a proxy server, the posts of anyone else using that same proxy server will appear to come from the same IP. There are two common uses of proxy servers:
>
>a. Corporate - this is effectively the same scenario as #1 above
>b. Anonymizer services. There are various free and pay public proxy servers available for those who want to mask their IPs. If Kevin uses one of these, anyone else who discovers that and uses the same one will have their posts appear to come from the same IP as Kevin
>
>How likely are any of these scenarios?
>
>1. Requires a malicious colleague on the same physical LAN
>2. Requires a malicious colleague or neighbour physically near Kevin's regular network
>3. Requires an authorized remote access user to be malicious
>4. Requires a highly targeted malware attack ("spear phishing"), this seems unlikely for such an unimportant thing (UT access)
>5a. Same as 1
>5b. Requires that Kevin use a public proxy server, and that a malicious person knows that and also uses the same proxy server to access the UT. However, these anonymizer proxies are usually well-known and are sometimes blocked by default by site operators.
