I didn't know if this really fit in here but I did a search on google and this was the first site that came up and I would appriciate if someone could help me out with this. I play the game Ghost Recon specifically a mod for it, and my gaming squad's leader has been charged with some very serious cheating charges. I've known him for awhile now, and hes defenately not one to cheat. Our entrie squad in fact, has officially signed pacts saying were against cheating. They charged him for using several hacks and have replays of him (however his name isnt correctly spelled which makes me skeptical about the entire thing anyway) and they have his IP logged. I think its fair to say we have a certian amount of enemies who don't exactly act mature. Also, he posts his IP on our forums quite often because he hosts the server we practice on. My question, is it possible someone could have spoofed his IP and if so how? I beleive his word over anyone elses but we cant figure out a way to show that he wasnt the one who was in the game server using the hacks. Is there a way to reveal the true hacker who is trying to ruin our name?

Yes there is ways to spoof the IP address but in gaming it would be kinda hard as every packet would have to be rewritten which would cause some serious lag I would expect.

What kind of hardware and software setup does he run? Is he running any type of proxy server? Who is his ISP? Would it be possible to get some of the server logs from the people saying he cheated? To get into the game server is it password protected?

Quoted: windows 98, on a PIII 733 machine. ISP is ATT broadband (cable), but it's supposed to turn into Comcast next week. I'm not running any kind of firewall.
Yes, they have offered many times to let us see the logs but I did't think it would help anything, as a few other admins on the server posted in our forums verifiying that his IP was in fact a match. No, the game was hosted on a public server so it could have been anyone.

Does anyone else have access to his network or his system?

Only his wife and I doubt it was her :D.

Just had to ask :)

Does he have a wireless network?

BTW: Your not in Jax Fl are you?

No and ... nope ;).

How about taking a look at MAC addresses on the server. Uh, in Unix it's arp -a that brings up the arp table so any box that logs into my Ultra 2 leaves this behind...

bash-2.03# arp -a

Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
hme0 fastbox 255.255.255.255 00:90:27:76:09:4c
hme0 192.168.2.1 255.255.255.255 00:04:e2:3b:25:e6
hme0 jelly 255.255.255.255 SP 08:00:20:93:4d:ea


...it's a little hard to read on this forum but what it's telling me is the name, netmask and MAC of the computers that log into jelly plus the info for jelly. You can alter the MAC address of a computer but it isn't commonly done and I doubt a cheater in gaming would go that far to hide his existence. Many folks just don't know that their MAC address is a unique identifier saying, "Hey, it's me". It's something to check in the logs.

If your friends MAC pops up then the next step would be seeing if his server or proxy server at home has been cracked. It's possible to relay data from, say my computer through his then to the game server.

The easiest thing to do is change his user information and use a new character but I don't know how your game works.

Quoted: windows 98, on a PIII 733 machine. ISP is ATT broadband (cable), but it's supposed to turn into Comcast next week. I'm not running any kind of firewall.

That right there with a cable connection and a very insecure OS is just a invitation to many to hijack his connection.