John just looked up the IP address and said it belongs to a machine in the Netherlands or the U.K. It's doubtful it's Orion unless someone gave him access.
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: Singel 258
Address: 1016 AB
City: Amsterdam
StateProv:
PostalCode:
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 217.0.0.0 - 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH00.NS.UU.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at [link|http://www.ripe.net/whois|http://www.ripe.net/whois]
RegDate: 2000-06-05
Updated: 2004-03-16
# ARIN WHOIS database, last updated 2004-09-23 19:10
-----------------
Registrant:
BRITISH TELECOMMUNICATIONS PLC (BTOPENWORLD-DOM)
81 NEWGATE STREET
LONDON, GREATER LONDON EC1A 7AJ
GB
Domain Name: BTOPENWORLD.COM
Administrative Contact, Technical Contact:
British Telecommunications plc (BS38-ORG) dnsreg@BT.COM
PP TKS/F18/01 Trunk Exchange Sth
109-117 Long Rd
Cambridge, Cambs CB2 2HG
UK
+44 1223 840711 fax: - +44 1223 358474
Record expires on 20-Mar-2005.
Record created on 20-Mar-2000.
Database last updated on 24-Sep-2004 20:07:46 EDT.
We did a traceroute, and it's definitely going out to Europe.
Greg, is it possible to check those logs you mentioned to see if they lead back to him? If they don't lead back to him, I feel pretty sure it isn't him.
Nightowl >8#