The following ranges are reserved for use as 'private IP' space.

10.0.0.0 - 10.255.255.255 (10/8 prefix)

172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

You CANNOT DO A SEARCH on these while analyzing email header and do any identification.

These IP ranges are reserved so organizations can put computers on them BEHIND their routers, and thus not use up valuable and diminishingly available public, routable IP numbers.

On my home network, I use e.g. 172.16.0.0 subnet. If you look at the headers of an email from me, you will see a number from that PRIVATE range on the workstation I am sending from, and working up from there you will see the PUBLIC IP number assigned facing out to the Internet, and then you will see the SMARTHOST outbound server I go through provided by my ISP. The latter two are public IPs. You can traceroute them and get meaningful info.

So for those who posted notes where you traced the 10. number and think you proved something, stop it. You make my head hurt.

The numbers that are important are the public IPs that trace directly to servers in the DOD centcom IP block, a huge /8 block of PUBLIC IP addresses.

The originating computer is on a PRIVATE IP sitting behind that public IP that is facing out and managing traffic control to and form the Internet using NAT, address translation.

See my other posts for more detail.

I would agree that if the email was not from Col. Boylan his unit would go ballistic in tracking down the source. Having worked for a large international corporation where company information was the issue (with none of the national and tactical military security ramifications), we'd still have gone to whatever lengths necessary to at least plug the hole. The military would assume they'd been hacked by Osama bin Laden and go for the throat.

Is this really an email from Boylan? All of the responses here point to the fact none of us believe someone who would send such an email would have survived the career path necessary to obtain his current position. Weird. But then all of this is weird and getting weirder to the point even an email such as Boylan's doesn't shock us anymore.

IPs beginning with 10 are used on private networks (http://en.wikipedia.org/wiki/Private_network). The 02exbhizn02.iraq.centcom.mil machine that is probably a server of some sort received the mail from INTZEXEBHIZN01.iraq.centcom.mil which has the 10.70.20.11 address on the internal network. The real IP you should be looking at is 214.13.200.111, which resolves to DoD Network Information Center (http://www.dnsstuff.com/tools/whois.ch?ip=214.13.200.111).

I think it's a bad theory because, AFAIK, they're not supposed to have booze over there. It would be very disrespectful for Petraeus' PR guy, in particular, to be drinking. To accuse him of this is no passing accusation, it's accusing him of gross misconduct.

OTOH, to accuse him of staying up too late and writing things he regrets, that'd be fine. If it's true that he sent the e-mails. At this point, it's hard to tell.

All of the emails you quote from this officer except the oldest originate from this machine:

INTZEXEVSIZN01.iraq.centcom.mil ([10.70.20.16])

The email from 24 Jul 2007 came from a different IP by one value, in the same subnet, therefore, and as I pointed out earlier, if DHCP is being used, it could still be the same machine, it certainly has the same name, that is what I searched thorough all your headers for to check all the IP numbers.

Received: from INTZEXEVSIZN01.iraq.centcom.mil ([10.70.20.15])

In this case, walking, talking, and sounding like a duck seem to converge. I suspect the email in question today was either:

a) genuine

or

b) someone with access to centcom machine in this officers office is out to get him.

e. Here comes the problem - why would they do this trace for Glenn, or inform him of the results?

They wouldn't unless it was going to cost them not to. Which is why following RMP's earlier suggestion to circulate the email among the various oversight groups makes sense. It creates an incentive for them to trace and inform. Could be the threat of circulation might be enough, but then you'd wonder if you could trust the results. That's part of the reason I no longer doubt the wisdom of RMP's suggestion. Particularly, if as IndianaLiberal suggests, it's definitive the email originated within the DoD.

Or more, actually. The way I see it:

Either Boylan has been impersonated or his computer has been compromised or Salon's has. If the first, then the US military is in even worse state than I thought. (Maybe it is even on purpose, though, which is even more damming.) If the second, this is even more serious - you would think it would be a matter of national security. Three is less serious, though obnoxious all the same. Glen, I dare say you should investigate all of this thoroughly. Does Salon have an IT security expert on staff?

Those who spoke about the net 10 address are correct, too, so that in itself goes nowhere. Unless, of course, you can find someone who can tell you how that branch of the military has its internal network setup, which seems very unlikely.

You write that Boylan has an "idiosyncratic grammatical style that is quite recognizable though difficult to replicate, and the e-mail I received this morning -- from start to finish -- is written in exactly that style."

I went back and read the previous emails he sent you, and I have to disagree: the punctuation and spelling aren't perfect, but the grammar and syntax are much better than in the current missive; there aren't any really major errors of that kind.

The earlier emails look to me like what a literate person who was writing fast and carelessly, without spellchecking, might produce; the current one appears to have been written by someone who simply lacks a command of English syntax. But it has no spelling errors.

This is purely subjective, but there seem to me to be very distinctly different personaliities behind the two sets of emails, as well as different levels of English skills.

The responses to your queries about the authorship of the current email are beyond strange. There's unquestionably something fishy about the whole thing.