| Home |
| Search |
| Today's Posts |
|
|
|
#2
|
|||
|
|||
BERTIE ALERT
On Tue, 05 Aug 2003 22:12:57 GMT I replied to "jlrogers"
on a piece of toilet paper while scribbling their name and phone number on the bathroom wall in alt.sailing.asa NNTP-Hosting Address: 24.62.237.242 nslookup 24.62.237.242 Canonical name: h00402b431a8d.ne.client2.attbi.com SNIP Gary uses UUnet, not ATTBI dumbass. |
|
#3
|
|||
|
|||
|
BERTIE ALERT
"jlrogers" wrote in
: Hey jagoff! Trace me! Betcha can't! Bertie NNTP-Hosting Address: 24.62.237.242 nslookup 24.62.237.242 Canonical name: h00402b431a8d.ne.client2.attbi.com Addresses: 24.62.237.242 IP block: IP block Trying 24.62.237.242 at ARIN Trying 24.62.237 at ARIN OrgName: AT&T Broadband Northeast OrgID: ATBN Address: 27 Industrial Ave City: Chelmsford StateProv: MA PostalCode: 01824 Country: US NetRange: 24.60.0.0 - 24.63.31.255 CIDR: 24.60.0.0/15, 24.62.0.0/16, 24.63.0.0/19 NetName: ATTB-NE-5 NetHandle: NET-24-60-0-0-1 Parent: NET-24-0-0-0-0 NetType: Direct Allocation NameServer: NS4.ATTBB.NET NameServer: NS5.ATTBB.NET NameServer: NS6.ATTBB.NET Comment: For abuse contact Comment: The information for POC handle ZM117-ARIN has been Comment: reported to be invalid. ARIN has attempted to obtain updated Comment: data, but has been unsuccessful. To provide current contact Comment: information, please email . RegDate: Updated: 2003-07-03 TechHandle: ZM117-ARIN TechName: ATT Broadband TechPhone: +1-978-244-4020 TechEmail: OrgTechHandle: ZM117-ARIN OrgTechName: ATT Broadband OrgTechPhone: +1-978-244-4020 OrgTechEmail: Dig ... Authoritative Answer Recursive queries supported by this server Query for 242.237.62.24.in-addr.arpa type=255 class=1 242.237.62.24.in-addr.arpa PTR (Pointer) h00402b431a8d.ne.client2.attbi.com 237.62.24.in-addr.arpa NS (Nameserver) ns1.attbb.net 237.62.24.in-addr.arpa NS (Nameserver) ns2.attbb.net 237.62.24.in-addr.arpa NS (Nameserver) ns3.attbb.net 237.62.24.in-addr.arpa NS (Nameserver) ns4.attbb.net 237.62.24.in-addr.arpa NS (Nameserver) ns5.attbb.net 237.62.24.in-addr.arpa NS (Nameserver) ns6.attbb.net ns1.attbb.net A (Address) 24.147.1.32 ns2.attbb.net A (Address) 24.129.0.106 ns3.attbb.net A (Address) 24.130.1.47 ns4.attbb.net A (Address) 24.128.1.82 ns5.attbb.net A (Address) 24.130.1.43 ns6.attbb.net A (Address) 24.129.0.103 Fast traceroute 24.62.237.242 Trace 24.62.237.242 ... 1 64.217.255.254 46ms 15ms 16ms TTL: 0 (adsl-64-217-255-254.dsl.rcsntx.swbell.net ok) 2 151.164.162.130 16ms 16ms 15ms TTL: 0 (dist1-vlan130.rcsntx.swbell.net ok) 3 151.164.1.175 16ms 15ms 16ms TTL: 0 (bb2-g1-0.rcsntx.swbell.net ok) 4 144.228.130.185 15ms 16ms 15ms TTL: 0 (sl-gw39-fw-8-0.sprintlink.net ok) 5 144.232.11.62 15ms 16ms 16ms TTL: 0 (sl-bb26-fw-9-0.sprintlink.net ok) 6 144.232.11.41 31ms 15ms 16ms TTL: 0 (sl-bb23-fw-12-0.sprintlink.net ok) 7 192.205.32.53 32ms 16ms 15ms TTL: 0 (sprint-gw.dlstx.ip.att.net bogus rDNS: host not found [authoritative]) 8 12.122.12.93 31ms 32ms 16ms TTL: 0 (tbr2-p012402.dlstx.ip.att.net bogus rDNS: host not found [authoritative]) 9 12.122.10.90 47ms 31ms 32ms TTL: 0 (tbr2-p013701.sl9mo.ip.att.net bogus rDNS: host not found [authoritative]) 10 12.122.10.9 47ms 47ms 31ms TTL: 0 (tbr2-p013701.cgcil.ip.att.net bogus rDNS: host not found [authoritative]) 11 12.122.10.105 78ms 62ms 63ms TTL: 0 (tbr2-cl5.cb1ma.ip.att.net bogus rDNS: host not found [authoritative]) 12 12.122.11.242 78ms 62ms 62ms TTL: 0 (gbr2-p90.cb1ma.ip.att.net bogus rDNS: host not found [authoritative]) 13 12.123.40.141 63ms 63ms 62ms TTL: 0 (gar2-p370.cb1ma.ip.att.net bogus rDNS: host not found [authoritative]) 14 12.125.33.34 62ms 62ms 63ms TTL: 0 (No rDNS) 15 24.128.190.61 62ms 63ms 62ms TTL: 0 (bar02-p2-0.lwllhe1.ma.attbb.net ok) 16 24.128.190.58 63ms 63ms 78ms TTL: 0 (bar02-p6-0.lwrnhe1.ma.attbb.net ok) 17 24.128.191.66 63ms 62ms 63ms TTL: 0 (No rDNS) 18 24.128.191.70 63ms 78ms 62ms TTL: 0 (No rDNS) 19 10.213.0.1 78ms 78ms 63ms TTL: 0 (No rDNS) 20 24.62.237.242 109ms 94ms 78ms TTL:106 (h00402b431a8d.ne.client2.attbi.com ok) "Wally" wrote in message ... "jlrogers" wrote in message news:ZNMXa.1436 Do a trace and you'll find the header is forged and so is the routing. Which header is forged? The IP traces to Comcast, which consistent with other headers. How do you know 'the header' is forged, and how did you find out? It came from N. Carolina via MA. Please show how this is so. -- Wally I demand rigidly-defined areas of uncertainty! www.art-gallery.myby.co.uk |
|
#4
|
|||
|
|||
|
BERTIE ALERT
Sorry Wally, I posted my reply to your message to Jeff. Here it is.
First, if you parse the header of the original message, you will find it is incomplete. That's the first clue. Second is the "... information for POC handle ZM117-ARIN has been reported to be invalid." Third is all of the "sprint-gw.dlstx.ip.att.net bogus rDNS: host not found" messages. Using the info returned and shown below, you can trace addresses, "finger" servers, run Reverse DNS lookups, and follow any route. You can find out a lot. All of it perfectly common and legal. You can trace from one IP address to another and even query the machines for what services the machines have available and then use those services. Be warned though, if you're clumsy, you can bring down a poorly configured server or just waste the bandwidth of the server at critical times for the owners! Practice on your own network. If you are really interested, download "Sam Spade http://www.samspade.org/ssw/ and play with it (free). I used it to trace Bertie to databasix.com, then fingered the server to find out who it belonged to. I then pinged all his IP addresses to see which ones were on line and identified the IP address of his computer (or at least the one the message came from). I quit there. I could have scanned all the ports on all the machines on his network to see if any were open. And if I found an open port or could tease one open, or flood one etc. etc. I could have "made requests." However, while knocking on the port and making requests is not illegal, forcing a port is. If you are an Intermediate, get "What'sup Gold" free thirty day trial from: http://www.ipswitch.com/Products/net...anagement.html What's Up will draw you a diagram from your computer to any address you like, show all the servers and devices along the path and tell you far more than you want to know. If you have the time, you can map the entire internet (some exaggeration for effect). You will quickly learn how to use telephone numbers and registrations to learn the geographical location of a particular device if it isn't in the log. The email addresses of server operators are often available and you can email them if you hit a snag at their server. It is not very hard stuff, but there is so much of it that it takes time to "get it." Finding Bertie is easy only because he is lazy. He has his own ISP and likes to use it. I am sure that he can attack us and be "almost untraceable" if he wants to take the time to do so, and isn't concerned with . That is, with a little work, he could make it a lot of work to track him down and pin it on him. That's what he does. And he is good at it. If any one gets really ****ed and goes after Bertie (Gary Burnore), he seems to just move on until things cool down. However, whenever you take on one of these guys you have to be damned careful. Some of them are vicious and will retaliate. Shields up! (I set up my sniffer after I clashed with him, and I copied my stuff to a friend of mine at my ISP just in case.) UU.NET is host to thousands of spammers and cranks. They have only 41 employees to handle both mail and newsgroup abuse complaints. I called and talked to one of their wiennies and just asked him if he was familiar with databasix.com. He started laughing and yelled out to the room, "Hey this guy want's to know if we know Burnmore!" "Wally" wrote in message ... "jlrogers" wrote in message news:ZNMXa.1436 Do a trace and you'll find the header is forged and so is the routing. Which header is forged? The IP traces to Comcast, which consistent with other headers. How do you know 'the header' is forged, and how did you find out? It came from N. Carolina via MA. Please show how this is so. -- Wally I demand rigidly-defined areas of uncertainty! www.art-gallery.myby.co.uk |
|
#5
|
|||
|
|||
|
BERTIE ALERT
"jlrogers" wrote in
: Do a trace and you'll find the header is forged and so is the routing. Bwawhahwhahwhhahwhahwhahwhahhwhahwhahwhahhwhahwhah hwhahwhahhwhahwhahwhhahwh ahwhahwhhahwhah! Yeah, it's the old "pretend to be a newbie asking some sort of innocent question and get 'em that way" gag. used it a thousand times. Bertie BTW navigator, take note. this is how you find a nutcase. Might come in useful next time you're at the shrink convention. Bertie It came from N. Carolina via MA. "The_navigator©" wrote in message ... Hmmm. I don't think so. The IP is a different domain -right? Cheers MC jlrogers wrote: Forged headers. "dave" wrote in message ... Hi Iam new here but am interested in learning how to sail Iam from new hamspire and would frist like to buy something around 30' and in 5 years move up to 50 or 60 to do some traveling but need some help to make this happen |
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Forum | |||
| Cedar bucket is full of Bertie | ASA | |||
| BERTIE ALERT | ASA | |||
| Know why I don't see Bertie any more? | ASA | |||
| What a Great Day! | ASA | |||
Hybrid Mode
