On Tue, 05 Aug 2003 22:12:57 GMT I replied to "jlrogers"
on a piece of toilet paper while scribbling
their name and phone number on the bathroom wall in alt.sailing.asa

NNTP-Hosting Address: 24.62.237.242
nslookup 24.62.237.242
Canonical name: h00402b431a8d.ne.client2.attbi.com

SNIP

Gary uses UUnet, not ATTBI dumbass.

On Wed, 06 Aug 2003 00:22:21 GMT I replied to "jlrogers"
on a piece of toilet paper while scribbling
their name and phone number on the bathroom wall in alt.sailing.asa

First, if you parse the header of the original message, you will find it
is incomplete. That's the first clue. Second is the "... information
for POC handle ZM117-ARIN has been reported to be invalid." Third is all
of the "sprint-gw.dlstx.ip.att.net bogus rDNS: host not found" messages.

That's normal, as a lot of them are using firewalls to block
nslookups, pings, and tracerts.

Using the info returned and shown below, you can trace addresses,
"finger" servers, run Reverse DNS lookups, and follow any route. You
can find out a lot. All of it perfectly common and legal. You can trace
from one IP address to another and even query the machines for what
services the machines have available and then use those services. Be
warned though, if you're clumsy, you can bring down a poorly configured
server or just waste the bandwidth of the server at critical times for
the owners! Practice on your own network.


'finger' is not used for rDNS lookups, finger is used on
mailservers to finger the identity of an email address.

f you are really interested, download "Sam Spade
http://www.samspade.org/ssw/ and play with it (free). I used it to
trace Bertie to databasix.com, then fingered the server to find out who
it belonged to. I then pinged all his IP addresses to see which ones
were on line and identified the IP address of his computer (or at least
the one the message came from). I quit there. I could have scanned all
the ports on all the machines on his network to see if any were open.
And if I found an open port or could tease one open, or flood one etc.
etc. I could have "made requests." However, while knocking on the port
and making requests is not illegal, forcing a port is.

I'm sure it wasn't hard to trace anyone to databasix.com for those
that use it, I think the hints are 'blackhelicopter.databasix.com'
and 'pookie.databasix.com'

Its nice how you admit to illegally using open ports on a server to
make requests, in some states that is known as malicious intent and
could put you down a few thousand bucks and possible jail time.

If you are an Intermediate, get "What'sup Gold" free thirty day trial
from:
http://www.ipswitch.com/Products/net...anagement.html

What's Up will draw you a diagram from your computer to any address you
like, show all the servers and devices along the path and tell you far
more than you want to know. If you have the time, you can map the
entire internet (some exaggeration for effect). You will quickly learn
how to use telephone numbers and registrations to learn the geographical
location of a particular device if it isn't in the log. The email
addresses of server operators are often available and you can email them
if you hit a snag at their server.

Neotrace does the same thing, and is a hell of a lot cheaper, also
better quality.

It is not very hard stuff, but there is so much of it that it takes time
to "get it." Finding Bertie is easy only because he is lazy. He has
his own ISP and likes to use it. I am sure that he can attack us and be
"almost untraceable" if he wants to take the time to do so, and isn't
concerned with . That is, with a little work, he could
make it a lot of work to track him down and pin it on him. That's what
he does. And he is good at it.

Trace me, tell me which state I am posting from. Bet you have no
idea.


If any one gets really ****ed and goes after Bertie (Gary Burnore), he
seems to just move on until things cool down. However, whenever you
take on one of these guys you have to be damned careful. Some of them
are vicious and will retaliate. Shields up! (I set up my sniffer after I
clashed with him, and I copied my stuff to a friend of mine at my ISP
just in case.)

TRANSLATION: When you pinged the servers at databasix.com, the ping
replies hit your computer and set your sniffer off. You have no
idea what they were so automatically considered it an attack.


UU.NET is host to thousands of spammers and cranks. They have only 41
employees to handle both mail and newsgroup abuse complaints. I called
and talked to one of their wiennies and just asked him if he was
familiar with databasix.com. He started laughing and yelled out to the
room, "Hey this guy want's to know if we know Burnmore!"
UUnet actually has 253 employees at last check (dow jones report)

This whole post proves you know jack ****. I'm waiting for you to
say I'm Gary.

In article , Gary L. Burnore wrote:
On Wed, 06 Aug 2003 00:22:21 GMT, "jlrogers" wrote:
[]
I called and talked to one of their wiennies and just asked him if he was
familiar with databasix.com. He started laughing and yelled out to the
room, "Hey this guy want's to know if we know Burnmore!"

Suuuuure they did. That'd be a violation of UUnet's terms of service
and would be grounds for a lawsuit. You're lying again, dufus.

Now it's against the law to laugh about Gary Burnore or even admit
you've heard of him? Does that apply to all providers, or just UUnet?




--

|
mhm 32x30 |
fugawi:1*1 |
wee saul disciple #32 |
hell-flame-wars |
flonker scum |
ich bin ein meower |

On Wed, 06 Aug 2003 21:45:34 GMT I replied to
(jet) on a piece of toilet paper while scribbling their name and
phone number on the bathroom wall in alt.sailing.asa

In article , Gary L. Burnore wrote:
On Wed, 06 Aug 2003 00:22:21 GMT, "jlrogers" wrote:
[]
I called and talked to one of their wiennies and just asked him if he was
familiar with databasix.com. He started laughing and yelled out to the
room, "Hey this guy want's to know if we know Burnmore!"

Suuuuure they did. That'd be a violation of UUnet's terms of service
and would be grounds for a lawsuit. You're lying again, dufus.

Now it's against the law to laugh about Gary Burnore or even admit
you've heard of him? Does that apply to all providers, or just UUnet?

Hey look, its the bitch!

In article , Just Plain Insane wrote:
On Wed, 06 Aug 2003 21:45:34 GMT I replied to
(jet) on a piece of toilet paper while scribbling their name and
phone number on the bathroom wall in alt.sailing.asa

In article , Gary L. Burnore
wrote:
On Wed, 06 Aug 2003 00:22:21 GMT, "jlrogers" wrote:
[]
I called and talked to one of their wiennies and just asked him if he was
familiar with databasix.com. He started laughing and yelled out to the
room, "Hey this guy want's to know if we know Burnmore!"

Suuuuure they did. That'd be a violation of UUnet's terms of service
and would be grounds for a lawsuit. You're lying again, dufus.

Now it's against the law to laugh about Gary Burnore or even admit
you've heard of him? Does that apply to all providers, or just UUnet?

Hey look, its the bitch!

Hey look, it's a FOG!




--

|
mhm 32x30 |
fugawi:1*1 |
wee saul disciple #32 |
hell-flame-wars |
flonker scum |
ich bin ein meower |

On Thu, 07 Aug 2003 00:22:17 GMT I replied to
(jet) on a piece of toilet paper while scribbling their name and
phone number on the bathroom wall in alt.usenet.kooks

Hey look, it's a FOG!

A fog? Surely Jet's lost all comprehension.

"jlrogers" wrote in
:

Do a trace and you'll find the header is forged and so is the routing.

Bwawhahwhahwhhahwhahwhahwhahhwhahwhahwhahhwhahwhah hwhahwhahhwhahwhahwhhahwh
ahwhahwhhahwhah!


Yeah, it's the old "pretend to be a newbie asking some sort of innocent
question and get 'em that way" gag.
used it a thousand times.

Bertie

BTW navigator, take note.

this is how you find a nutcase. Might come in useful next time you're at
the shrink convention.

Bertie
It came from N. Carolina via MA.


"The_navigator©" wrote in message
...
Hmmm. I don't think so. The IP is a different domain -right?

Cheers MC

jlrogers wrote:

Forged headers.


"dave" wrote in message
...

Hi Iam new here but am interested in learning how to sail Iam from
new
hamspire and would frist like to buy something around 30' and in 5

years

move up to 50 or 60 to do some traveling but need some help to make

this

happen

(Bobsprit) wrote in
:

It came from N. Carolina via MA.

Please show how this is so.

Wally, if you have access to a boat, why not go for a sail instead of
worrying about "headers?"


Because youse are all loons.

It's what you do!
you don't think I'd be wasting my time with ful fledged grown up self
actualised individuals, do you?
No!

Bertie

"jlrogers" wrote in
:

Hey jagoff!

Trace me!

Betcha can't!



Bertie



NNTP-Hosting Address: 24.62.237.242
nslookup 24.62.237.242
Canonical name: h00402b431a8d.ne.client2.attbi.com
Addresses: 24.62.237.242
IP block: IP block
Trying 24.62.237.242 at ARIN
Trying 24.62.237 at ARIN
OrgName: AT&T Broadband Northeast
OrgID: ATBN
Address: 27 Industrial Ave
City: Chelmsford
StateProv: MA
PostalCode: 01824
Country: US
NetRange: 24.60.0.0 - 24.63.31.255
CIDR: 24.60.0.0/15, 24.62.0.0/16, 24.63.0.0/19
NetName: ATTB-NE-5
NetHandle: NET-24-60-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS4.ATTBB.NET
NameServer: NS5.ATTBB.NET
NameServer: NS6.ATTBB.NET
Comment: For abuse contact
Comment: The information for POC handle ZM117-ARIN has been
Comment: reported to be invalid. ARIN has attempted to obtain updated
Comment: data, but has been unsuccessful. To provide current contact
Comment: information, please email .
RegDate:
Updated: 2003-07-03
TechHandle: ZM117-ARIN
TechName: ATT Broadband
TechPhone: +1-978-244-4020
TechEmail:
OrgTechHandle: ZM117-ARIN
OrgTechName: ATT Broadband
OrgTechPhone: +1-978-244-4020
OrgTechEmail:
Dig ...
Authoritative Answer
Recursive queries supported by this server
Query for 242.237.62.24.in-addr.arpa type=255 class=1
242.237.62.24.in-addr.arpa PTR (Pointer)
h00402b431a8d.ne.client2.attbi.com
237.62.24.in-addr.arpa NS (Nameserver) ns1.attbb.net
237.62.24.in-addr.arpa NS (Nameserver) ns2.attbb.net
237.62.24.in-addr.arpa NS (Nameserver) ns3.attbb.net
237.62.24.in-addr.arpa NS (Nameserver) ns4.attbb.net
237.62.24.in-addr.arpa NS (Nameserver) ns5.attbb.net
237.62.24.in-addr.arpa NS (Nameserver) ns6.attbb.net
ns1.attbb.net A (Address) 24.147.1.32
ns2.attbb.net A (Address) 24.129.0.106
ns3.attbb.net A (Address) 24.130.1.47
ns4.attbb.net A (Address) 24.128.1.82
ns5.attbb.net A (Address) 24.130.1.43
ns6.attbb.net A (Address) 24.129.0.103
Fast traceroute 24.62.237.242
Trace 24.62.237.242 ...
1 64.217.255.254 46ms 15ms 16ms TTL: 0
(adsl-64-217-255-254.dsl.rcsntx.swbell.net ok)
2 151.164.162.130 16ms 16ms 15ms TTL: 0
(dist1-vlan130.rcsntx.swbell.net ok)
3 151.164.1.175 16ms 15ms 16ms TTL: 0
(bb2-g1-0.rcsntx.swbell.net ok)
4 144.228.130.185 15ms 16ms 15ms TTL: 0
(sl-gw39-fw-8-0.sprintlink.net ok)
5 144.232.11.62 15ms 16ms 16ms TTL: 0
(sl-bb26-fw-9-0.sprintlink.net ok)
6 144.232.11.41 31ms 15ms 16ms TTL: 0
(sl-bb23-fw-12-0.sprintlink.net ok)
7 192.205.32.53 32ms 16ms 15ms TTL: 0
(sprint-gw.dlstx.ip.att.net bogus rDNS: host not found [authoritative])
8 12.122.12.93 31ms 32ms 16ms TTL: 0
(tbr2-p012402.dlstx.ip.att.net bogus rDNS: host not found
[authoritative])
9 12.122.10.90 47ms 31ms 32ms TTL: 0
(tbr2-p013701.sl9mo.ip.att.net bogus rDNS: host not found
[authoritative])
10 12.122.10.9 47ms 47ms 31ms TTL: 0
(tbr2-p013701.cgcil.ip.att.net bogus rDNS: host not found
[authoritative])
11 12.122.10.105 78ms 62ms 63ms TTL: 0
(tbr2-cl5.cb1ma.ip.att.net bogus rDNS: host not found [authoritative])
12 12.122.11.242 78ms 62ms 62ms TTL: 0
(gbr2-p90.cb1ma.ip.att.net bogus rDNS: host not found [authoritative])
13 12.123.40.141 63ms 63ms 62ms TTL: 0
(gar2-p370.cb1ma.ip.att.net bogus rDNS: host not found [authoritative])
14 12.125.33.34 62ms 62ms 63ms TTL: 0 (No rDNS)
15 24.128.190.61 62ms 63ms 62ms TTL: 0
(bar02-p2-0.lwllhe1.ma.attbb.net ok)
16 24.128.190.58 63ms 63ms 78ms TTL: 0
(bar02-p6-0.lwrnhe1.ma.attbb.net ok)
17 24.128.191.66 63ms 62ms 63ms TTL: 0 (No rDNS)
18 24.128.191.70 63ms 78ms 62ms TTL: 0 (No rDNS)
19 10.213.0.1 78ms 78ms 63ms TTL: 0 (No rDNS)
20 24.62.237.242 109ms 94ms 78ms TTL:106
(h00402b431a8d.ne.client2.attbi.com ok)











"Wally" wrote in message
...
"jlrogers" wrote in message news:ZNMXa.1436

Do a trace and you'll find the header is forged and so is the
routing.

Which header is forged? The IP traces to Comcast, which consistent
with
other headers. How do you know 'the header' is forged, and how did you
find
out?


It came from N. Carolina via MA.

Please show how this is so.


--
Wally
I demand rigidly-defined areas of uncertainty!
www.art-gallery.myby.co.uk

"jlrogers" wrote in
igy.com:

First, if you parse the header of the original message, you will find it
is incomplete. That's the first clue. Second is the "... information
for POC handle ZM117-ARIN has been reported to be invalid." Third is all
of the "sprint-gw.dlstx.ip.att.net bogus rDNS: host not found" messages.

Using the info returned and shown below, you can trace addresses,
"finger" servers, run Reverse DNS lookups, and follow any route. You
can find out a lot. All of it perfectly common and legal. You can trace
from one IP address to another and even query the machines for what
services the machines have available and then use those services. Be
warned though, if you're clumsy, you can bring down a poorly configured
server or just waste the bandwidth of the server at critical times for
the owners! Practice on your own network.

This is the master hacker I was warned about?

Bwawhahwhahwhahwhahhwhahwhahwhahwhahhwhahwhahwhahw hahhwhahwhahwhahwhahwha!

Bertie