[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
Source filtering of detweiler remail and anonymous posting requests
from various NIS based accounts in the domain lance.colostate.edu
and ntu,edu at Fort collins colorado as well as sending evidence of
account/remailer/anonymous forwarder/posting requests to
[email protected] will be facilated by the following accounts
list. It was derived from netfind, it is by no means exhaustive but
it is the start of a source denial database. Further possible
hosts in the BIND database be found via nslookup and dig as usual.
traceroutes may detect detweilers attempt to use a connection laundry.
As previous postings from MEDUSA have shown detweiler accounts and hosts
he hides behind can be researched and filtered. Time analysis of the login
patterns I beileve will show that the "Jeff Detweiler" is
yet another smokescreen. I also suggest contacting the Internetc NIC listed
POC and informing him of NSFNET AUP's that have been violated.
The POC's of interest would be for the domains
ntu.edu
lance.colostate.edu
Regards
Sam Hill - blacknet researcher
our key and remailer block follows as usual...
MAIL IS FORWARDED TO [email protected]
NOTE: this is a domain mail forwarding arrangement - so mail intended
for "larry" should be addressed to "[email protected]"
rather than "[email protected]".
SYSTEM: ntupub.ntu.edu
Login name: larry In real life: LArry Detweiller
Directory: /users/NTU/larry Shell: /bin/csh
Last login Fri Jan 21 16:14 on tty02 from LARRY
Project: What am I working on?
No Plan.
SUMMARY:
- Found multiple matches for "larry", so unable to determine most
recent/last login information,
or most promising electronic mail information.
Please look at the above search history and decide for yourself which is best.
- Found multiple matches for "larry", so unable to determine most
recent/last login information,
or most promising electronic mail information.
Please look at the above search history and decide for yourself which is best.
SYSTEM: jenkins.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Mon May 24, 1993 on ttyp0 from parry.lance.colo
No Plan.
SYSTEM: casco.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Sun Jan 9 11:11 on ttyp1 from longs.lance.colo
No Plan.
SYSTEM: elbert.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/tcsh.restrict
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh.restrict
Never logged in.
No Plan.
SYSTEM: derby.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Never logged in.
No Plan.
SUMMARY:
- Found multiple matches for "detweiler", so unable to determine most
recent/last login information,
or most promising electronic mail information.
Please look at the above search history and decide for yourself which is best.
SYSTEM: silex.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Last login Tue Dec 17, 1991 on ttyp0 from eolus
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Never logged in.
No Plan.
SYSTEM: traver.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Tue Jan 18 09:21 on ttyp0 from 192.65.141.58
No Plan.
SYSTEM: keller.lance.colostate.edu
Login name: jd231825 In real life: Jeff Detweiler
Directory: /users/UNGRAD/ES/jd231825 Shell: /bin/csh
Never logged in.
No Plan.
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Sun Jan 9 11:12 on ttyp2 from casco.lance.colo
No Plan.
- Found multiple matches for "detweiler", so unable to determine most
recent/last login information,
or most promising electronic mail information.
Please look at the above search history and decide for yourself which is best.
- Found multiple matches for "detweiler", so unable to determine most
recent/last login information,
or most promising electronic mail information.
Please look at the above search history and decide for yourself which is best.
The domain 'lance.colostate.edu' does not run its own name servers,
and there is no aliased domain IP address/CNAME/MX record for
this domain -> Skipping domain search phase for this domain.
SYSTEM: longs.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Office: Home phone: 498-8278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Most recent logins:
dolores Fri Jan 21 16:16
keller Sat Jan 22 16:09
Never logged in.
No Plan.
SYSTEM: elbert.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh.restrict
Never logged in.
No Plan.
SYSTEM: casco.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Sun Jan 9 11:11 on ttyp1 from longs.lance.colo
No Plan.
SYSTEM: jenkins.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Mon May 24, 1993 on ttyp0 from parry.lance.colo
No Plan.
SYSTEM: dolores.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Fri Jan 21 16:16 on ttyp0 from NTUPUB.NTU.EDU
No Plan.
SYSTEM: derby.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Never logged in.
No Plan.
SUMMARY:
- Among the machines searched, the machine from which user
"ld231782" logged in most recently was NTUPUB.NTU.EDU,
on Fri Jan 21 16:16.
- The most promising email address for "ld231782"
based on the above search is
[email protected].
SYSTEM: silex.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Never logged in.
No Plan.
SYSTEM: traver.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Tue Jan 18 09:21 on ttyp0 from 192.65.141.58
No Plan.
SYSTEM: keller.lance.colostate.edu
Login name: ld231782 In real life: L. Detweiler
Phone: 4988278
Directory: /users/UNGRAD/ES/ld231782 Shell: /bin/tcsh
Last login Sun Jan 9 11:12 on ttyp2 from casco.lance.colo
No Plan.
- Among the machines searched, the machine from which user
"ld231782" logged in most recently was NTUPUB.NTU.EDU,
on Fri Jan 21 16:16.
- The most promising email address for "ld231782"
based on the above search is
[email protected].
- Among the machines searched, the machine from which user
"ld231782" logged in most recently was NTUPUB.NTU.EDU,
on Fri Jan 21 16:16.
- The most promising email address for "ld231782"
based on the above search is
[email protected].
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3
mQCNAixuGUUAAAEEAKgvNgIEvrw0viU+DvIHscCvLCnr5f0yK2UGyRBkfcTysixj
fRSDHX5x8vWLZcX/dZMk28+EmyBJLZZNZuxzeIbh3XgaFaLoEJDGuy0bPm5xHy9N
xHgNpVL35W5l9P+nnoANaK0wQVphB+JGh4t7+5QkiMB7umG2Aa4bK8+Z4K3VAAUR
tCBCbGFja05ldDxub3doZXJlQGN5YmVyc3BhY2UubmlsPg==
=Xg2v
-----END PGP PUBLIC KEY BLOCK-----
--------8<--cut here-->8--------
::
Encrypted: PGP
-----BEGIN PGP MESSAGE-----
Version: 2.3a
hEwClqx1g6tk6KcBAf9J+R/sa7868WzvHKkjIWQezKHniv1WYm1Iv1oi35ZjUjQE
/GFC8oZch1XG9PXjfWZBUuq6ExIg19oXNiBonJPTpgAAA4DSH82tS+RSAW9X5DTl
DcC32wo7ZIPThYkeOTYBqo6JthKFcu8v4RK2jXlMRF7dFah1BhpOF3QQQssDSSow
e/iYx8fGEHGzji5D5xFDpKQjvKeiDtqpbPZIvA9OllCyr5mIq6aVO+I5T+Cb/1++
/TP01EG3XN9/K+J07L0zhkkkFQHsqoQdKCrSNXhhwuA53JRIdcaG9VO5y2Yu/7dc
TZrdULy7UzUZXIrEtpoSHibdPT/AyOAj/493nvHD95oM1a62dsQark4r/YPdo/JW
ugWj5G3l4iJcOVRL2S0Lm0Ar16Fcdt7YP8uEsVu2CR3QlI4orwhE6bY99M9vGusg
FG1DAIvko0lTM67Xr9+/JhqjoiJvwjO3gd6E8D0vNAQ7+8KC6KcATjksOq5DjkbA
iNlhewbrGngFiyC15ryzflWTtZtEI6RNMttWXOiuq7kTvstGVDO+vG5fqLsbJ4IN
CxFlsA76wQdjpkLOYMe1c0xF7zdMVS4FBUcXcAIbSgcKXtyEjIH/ewtiotlGAaCH
hDG5qZVoZHRKgE/E1v5j1fR6P75oa7iblZ5uxRDG0HEpYzzAYBQQubq84USdUiSI
pVSMCxP8cVB0R4WZJonJ4gK4SMfS0fd/kAW7BdVaAUZqGtlU9AKqfdEaklmYF4AP
lmoepDLaQ3Z8PgCOQwKUI9vE95x+MnVFE5sWHbIl8/e5JbNuJDYfvZFcD5yt47yq
GaZmndcRKzExgaaB1zp5fz75swgWsv0j+BSaKyb9keg2OlIm8KuzgW7r9HNkO3wY
Sb5T3Q8aITfxNPkyPFrn0E0DwoB+PVc9Qf9uu5BMknUeMvb7pouHbwKiCfR5kKVi
WpoUgL4uCzQ/SVhm+go/r7khNXWV0cc0OWimSP95jK4jE1cHt2RGFb+qy67rzu/w
6NesFfTEeiQY+3oeH5i6SXv4YngbmORi/VJLqfIrEmmiT71UYFb/2uo09If+Trxp
hGGfYUiD6Zs55RHKvuFQiS8+jUUgD9KzTtIYvSB5G1S//E4VrzZj+tRFNO0CtuHc
e30qXsAIBE4kI5mtBJQo2a1f0YSwxrPH71nJL+wxsTv6lR3iE4m0fryAzfRQAZxE
c96vmTC7UCxCHyCYlL9bHEyumADtUaOgiT8ezQFW1YAE7s3/bnuGEFb6HQkzoM9C
GQGOI7+Wr0hfsFn3DdDYr6HD9w==
=osZo
-----END PGP MESSAGE-----
<To reply, save everything below the "cut here" marks above
<into another file. Type your reply here (below the blank
<line three lines above!) and mail to [email protected]
-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].