Okay, I'll ask John to help me analyze the data later

Post #176,196 by Nightowl 9/24/04 12:41:10 PM Reply	Okay, I'll ask John to help me analyze the data later He's the one who helped me before, I only know how to match IP numbers. I'm sorry if he really has regressed, Greg, but he's really upset, since my Ex-fiance called him last night and accused me of violating a restraining order that never existed in the first place (so it appears), and he upset Norman a lot. That combined with the accident and stuff, and I think he's overwhelmed. I'm trying to get some control of the situation before leaving, but I won't be here all day, so I apologize if I can't help much. And yeah, I know, I know. He ended our friendship, but what can I say, I still give a damn. ;) Brenda "It's not where a person stands in time of comfort and security, but rather where they stand in times of strife and controversy that determine true friends." (Quote sent to me by a true friend, author unknown).
Post #176,200 by ChrisR 9/24/04 12:44:01 PM Reply	You need to recite the Steve Martin incantation... I break with thee... I break with thee... I break with thee... (throw dog poop on his shoes)
Post #176,201 by Nightowl 9/24/04 12:46:18 PM Reply	Hehehe! Yeah, but that's hard when you've been friends with someone over 9 years. Besides, if he hadn't told me what my Ex-fiance was up to, I wouldn't have known, so I consider that a good thing. :) Brenda "It's not where a person stands in time of comfort and security, but rather where they stand in times of strife and controversy that determine true friends." (Quote sent to me by a true friend, author unknown).
Post #176,316 by Nightowl 9/24/04 8:12:06 PM Reply	Re: Okay, I'll ask John to help me analyze the data later John just looked up the IP address and said it belongs to a machine in the Netherlands or the U.K. It's doubtful it's Orion unless someone gave him access. OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 217.0.0.0 - 217.255.255.255 CIDR: 217.0.0.0/8 NetName: 217-RIPE NetHandle: NET-217-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: NS3.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: AUTH00.NS.UU.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at [link\|http://www.ripe.net/whois\|http://www.ripe.net/whois] RegDate: 2000-06-05 Updated: 2004-03-16 # ARIN WHOIS database, last updated 2004-09-23 19:10 ----------------- Registrant: BRITISH TELECOMMUNICATIONS PLC (BTOPENWORLD-DOM) 81 NEWGATE STREET LONDON, GREATER LONDON EC1A 7AJ GB Domain Name: BTOPENWORLD.COM Administrative Contact, Technical Contact: British Telecommunications plc (BS38-ORG) dnsreg@BT.COM PP TKS/F18/01 Trunk Exchange Sth 109-117 Long Rd Cambridge, Cambs CB2 2HG UK +44 1223 840711 fax: - +44 1223 358474 Record expires on 20-Mar-2005. Record created on 20-Mar-2000. Database last updated on 24-Sep-2004 20:07:46 EDT. We did a traceroute, and it's definitely going out to Europe. Greg, is it possible to check those logs you mentioned to see if they lead back to him? If they don't lead back to him, I feel pretty sure it isn't him. Nightowl >8# "It's not where a person stands in time of comfort and security, but rather where they stand in times of strife and controversy that determine true friends." (Quote sent to me by a true friend, author unknown).
Post #176,327 by folkert 9/24/04 8:56:08 PM 9/24/04 9:24:12 PM Reply	Yes, I have already done the request for the router tween his ISP and the machine in question. I have already gotten British Telecom's logs... And they have asked me to only review these logs, not to publish them. I see the entire conversation through the final router at btopen. I see the requests to Z, I also see requests from St. Loius to Port 3389 and the use of PPTP (port 1723) for the data channel. Remote Desktop was used from St Louis to the Machine Address in Question. BTW, BTopen said they will monitor the situation and see what happens. The request to Worldcom, said it will take a couple of days. But they will get it to me. And the route to and from excluding the ending addresses: #2 ATM.VVR26.MSP1.DSL.ALTER.NET\n #3 344.at-5-0-0.CL2.DET5.ALTER.NET\n #4 0.so-0-0-0.TL2.CHI4.ALTER.NET\n #5 0.so-0-2-0.TL2.DCA8.ALTER.NET\n #6 0.so-5-0-0.CL2.IAD8.ALTER.NET\n #7 POS7-0.GW4.IAD8.ALTER.NET\n #8 bt2-gw.customer.alter.net\n #9 t2c1-ge6-2.us-ash.eu.bt.net\n#10 t2c1-p4-0.uk-eal.eu.bt.net\n#11 t2c2-ge6-1.uk-eal.eu.bt.net\n#12 166-49-168-34.eu.bt.net\n#13 core1-pos15-3.ealing.ukcore.bt.net\n#14 interconnect5-pos7-0.ealing.fixed.bt.net\n#15 inh3cs01-455.imsnet3.btopenworld.com\n#16 inh3br01-570.imsnet3.btopenworld.com\n#17 host213-1-119-39.imsnet3.btopenworld.com -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows] Edited by folkert Sept. 24, 2004, 09:24:12 PM EDT Expand All History
Post #176,350 by Nightowl 9/24/04 10:09:05 PM Reply	Thanks, please keep me posted with the results I'm trying to give him the benefit of the doubt at this point, but finding out it came to St. Louis makes me slightly skeptical. But I can't confront him with it on speculation, I need the concrete proof to get anywhere. Thanks. Brenda "It's not where a person stands in time of comfort and security, but rather where they stand in times of strife and controversy that determine true friends." (Quote sent to me by a true friend, author unknown).
Post #176,378 by folkert 9/25/04 1:20:01 AM Reply	You know... It really doesn't matter. The fact that it happened or not is of no concern anymore. I have shelved any concern for his well being. Unless you REALLY REALLY want to pursue this... Please send an e-mail to the e-mail address in the signature to request info. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Here is an example: [link\|http://www.greymagic.com/security/advisories/gm001-ie/\|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
Post #176,393 by bepatient 9/25/04 6:58:52 AM Reply	Thank you. If you push something hard enough, it will fall over. _{Fudd's First Law of Opposition} [link\|mailto:bepatient@aol.com\|BePatient]
Post #176,410 by Nightowl 9/25/04 1:00:39 PM Reply	Will do Thanks Greg. Brenda "It's not where a person stands in time of comfort and security, but rather where they stand in times of strife and controversy that determine true friends." (Quote sent to me by a true friend, author unknown).

Welcome to IWETHEY!