Steve's Soapbox

Wednesday, November 24, 2004

Brownwood ID Imposter ( background info & computer trace )

From: "John Ivy"
Date: Tue Nov 30, 2004 09:49:54 PM US/Central
To: steve_squared@verizon.net
Subject: RE:

I will remove the thread ASAP, sorry for the inconvenience as far as finding out who did it I can only offer a couple of suggestions as the board is anonymous and no logs are kept. The site was only redesigned 1 day prior to the post and the only person the owners had contacted about the site were the radio station more over an email was sent to Cathy and to the Morning show guy asking to forward to James W.

again I appologize for any embarrasment this post has caused.

Webmaster

From: "John Ivy"
Date: Tue Nov 30, 2004 09:57:27 PM US/Central
To: steve_squared@verizon.net
Subject: RE:

The IP address used to post the message was

User's IP address:
4.226.78.125
date and time
Nov 18,2004 07:45

here is the reverse lookup information Maybe you could find more by contacting Level 3 Communication( the owner of the IP used)

How I am searching:
Asking d.root-servers.net for 125.78.226.4.in-addr.arpa PTR record:
d.root-servers.net says to go to ns2.Level3.net. (zone: 4.in-addr.arpa.)
Asking ns2.Level3.net. for 125.78.226.4.in-addr.arpa PTR record:
ns2.level3.net [209.244.0.2] says to go to poolns1.Level3.net. (zone: 226.4.in-addr.arpa.)
Asking poolns1.Level3.net. for 125.78.226.4.in-addr.arpa PTR record: Reports dialup-4.226.78.125.Dial1.Dallas1.Level3.net. [from 4.0.0.8]

Answer:
4.226.78.125 PTR record: dialup-4.226.78.125.Dial1.Dallas1.Level3.net. [TTL 86400s] [A=4.226.78.125]

Level 3 Communications
1.877.453.8353
Broomfield Colorado
abuse@level3.com

-----------------------Now for the really interesting part of this story !-------------------

From: "John Ivy"
Date: Wed Dec 01, 2004 08:40:34 PM US/Central
To: steve_squared@verizon.net
Subject: RE: regarding someone fraudauntly using my name as a member

It was not an oversight to leave the name in the database I will however remove it from view if possible. I changed the password so that the person using it could not reregister using the same false credentials. If this doesnot suit you please let me know. I will do whatever you need.

BTW the IP I gave you last night was the same IP used to post the newstalk article urging people to tune in and listen.

newstalk969
1 Posts Posted - November 18 2004 :  08:07:55    
------------------------------------------------------------------------
It's the hottest show in Central Texas and beyond. Hosted by James Williamson, the show offers invaluable insight to the world we live in.


==================================================
=== VisualRoute report on 01-Dec-04 3:39:44 PM ===
==================================================
Report for myserver.cityofbrownwood.com [12.176.52.11]

Analysis: IP packets are being lost past network "AT&T Worldnet
Services ATTSVI-12-112-0-0" at hop 11. VisualRoute cannot determine
the next network at hop 12.

---------------------------------------------------------------------------------------------------------------------
| IP Address | Node Name | Location
| Tzone | Network |
---------------------------------------------------------------------------------------------------------------------
| 192.168.1.13 | MOM | ...
| | (private use) |
| 192.168.1.1 | - | ...
| | (private use) |
| 207.40.145.1 | adsli-1.wcc.net | ?San Angelo,
TX | | west central wireless SPRINTLINK |
| 208.6.232.1 | wl-bb1-sa.wcc.net | ?San Angelo,
TX | | west central wireless FON-34901135364039 |
| 144.228.138.173 | sl-gw34-fw-10-0-TS10.sprintlink.net | Fort Worth,
TX, USA | | Sprint SPRINTLINK |
| 144.232.11.9 | sl-bb20-fw-4-2.sprintlink.net | Fort Worth,
TX, USA | | Sprint SPRINT-INNET9 |
| 144.232.11.218 | sl-bb21-fw-14-0.sprintlink.net | Fort Worth,
TX, USA | | Sprint SPRINT-INNET9 |
| 192.205.32.69 | sprint-gw.dlstx.ip.att.net | Dallas, TX,
USA | | AT&T Bell Laboratories NETBLK-ATT |
| 12.123.17.82 | tbr1-p012101.dlstx.ip.att.net | Dallas, TX,
USA | | AT&T Worldnet Services ATTSVI-12-122-0-0 |
| 12.122.12.66 | gbr5-p20.dlstx.ip.att.net | Dallas, TX,
USA | | AT&T Worldnet Services ATTSVI-12-122-0-0 |
| 12.123.196.73 | ar2-p310.ftwtx.ip.att.net | Fort Worth,
TX, USA | | AT&T Worldnet Services ATTSVI-12-122-0-0 |
| 12.119.196.166 | - | ?Morristown,
NJ, USA | -05:00 | AT&T Worldnet Services ATTSVI-12-112-0-0 |
| | |
| | |
| 12.176.52.11 | myserver.cityofbrownwood.com | ?Brownwood,
TX, USA | | LANDMARK LIFE INSURANCE LANDMARK63-52 |
---------------------------------------------------------------------------------------------------------------------
Roundtrip time to 12.119.196.166, average = 51ms, min = 35ms, max =
87ms -- 01-Dec-04 3:39:44 PM

---------------------------------------------------------------------------------------------------
Who owns the site ? See below.

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information. Domain Name: CITYOFBROWNWOOD.COM
Registrar: PRIMUS TELCO PTY LTD DBA PRIMUSDOMAIN/PLANETDOMAIN
Whois Server: whois.planetdomain.com
Referral URL: http://www.planetdomain.com
Name Server: NS1.SITELUTIONS.COM
Name Server: NS2.SITELUTIONS.COM
Name Server: NS3.SITELUTIONS.COM
Name Server: NS4.SITELUTIONS.COM
Name Server: NS5.SITELUTIONS.COM
Status: ACTIVE
Updated Date: 23-sep-2004
Creation Date: 14-jun-2002
Expiration Date: 14-jun-2005
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

[whois.planetdomain.com]

The data contained in the database of Primus Telecommunications Pty Ltd
(PlanetDomain/PrimusDomain) is made available to assist persons in
obtaining information pertaining to the domain name registration
record. No guarantee of accuracy is offered or given. By submitting a
search request you agree to use the data for lawful purposes, and also
agree NOT to
1) use the data to allow, enable, or otherwise support any marketing
activities, regardless of the medium used. Such media includes but is
not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts.
2) sell or redistribute the data except insofar as it has been
incorporated by yourself into a value-added product or service that does
not permit the extraction of a substantial portion of the bulk data from
the value-added product or service for use by other parties.
Primus Telecommunications Pty Ltd (PlanetDomain/PrimusDomain) reserves
the right to forbid access to any party who abuses the terms and
conditions herein or who is deemed to have queried the database
excessively, and to change these terms and conditions at any time.

Domain Name: CITYOFBROWNWOOD.COM
Reseller..............: PlanetDomain
Created on............: 15 Jun 2002 00:00:00 EST
Expires on............: 14 Jun 2005 00:00:00 EST
Record last updated on: 15 Jun 2004 00:00:00 EST
Status................: ACTIVE
Owner, Administrative Contact, Technical Contact, Billing Contact:
Concerned Citizens
cheri umowski (ID00027811)
411 here st
brownwood, TX 76801
United States
Phone: +325.4510591
Email: brownwoodsite@cityofbrownwood.com

Domain servers in listed order:
NS1.SITELUTIONS.COM
NS2.SITELUTIONS.COM
NS3.SITELUTIONS.COM
NS4.SITELUTIONS.COM
NS5.SITELUTIONS.COM

http://www.CITYOFBROWNWOOD.COM/
-----------------------------------
From: "Level 3 security operations"
Date: Wed Dec 01, 2004 09:30:11 AM US/Central
To: steve_squared@verizon.net
Cc:
Subject: Thank you for contacting Level 3 Communications

Thank you for contacting Level 3's Network Security Operations department.

This message is to inform you that your case is being investigated and
action will be taken in accordance to Level 3's Acceptable Use Policy.
You can find a link to the Level 3 Acceptable Use Policy at:

http://www.level3.com/764.html

Your case has been assigned a tracking reference of:
Please use this reference in all further inquiries regarding this issue.
Each complaint received is addressed in accordance to the Level 3
Communications AUP, however, if you wish to escalate or check the
status of this case, please submit feedback via the following web
interface:
http://incident-report.level3.com/

Please be sure to include your email address and tracking reference
when submitting the web form.

Level 3 Communications has submitted its dial pools to the MAPS DUL,
http://www.mail-abuse.org/dul/. This project provides a mechanism to
restrain the receipt of Unsolicited Commercial E-mail. When implemented,
the process prevents receipt of e-mails directly from an end user that has
not properly gone through the mail server of their ISP. Thus, Level 3 is
actively involved in the reduction of unwanted e-mail.

Sincerely,
Level 3 Communications
Network Abuse Agent
877-453-8353
abuse@level3.com
www.level3.com
---------------------------
OrgName: LANDMARK LIFE INSURANCE
OrgID: LLI-10
Address: 5750 S COUNTY ROAD 225
City: BROWNWOOD
StateProv: TX
PostalCode: 76801
Country: US
NetRange: 12.176.52.0 - 12.176.52.255
CIDR: 12.176.52.0/24
NetName: LANDMARK63-52
NetHandle: NET-12-176-52-0-1
Parent: NET-12-0-0-0-1
NetType: Reassigned
Comment:
RegDate: 2003-04-19
Updated: 2003-04-19
OrgTechHandle: JIV2-ARIN
OrgTechName: Ivy, John
OrgTechPhone: +1-915-646-6579
OrgTechEmail: john@landmarklife.com
# ARIN WHOIS database, last updated 2004-11-30 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgName: LANDMARK LIFE INSURANCE
OrgID: LLI-10
Address: 5750 S COUNTY ROAD 225
City: BROWNWOOD
StateProv: TX
PostalCode: 76801
Country: US
Comment:
RegDate: 2003-04-19
Updated: 2003-04-19
AdminHandle: JIV2-ARIN
AdminName: Ivy, John
AdminPhone: +1-915-646-6579
AdminEmail: john@landmarklife.com
TechHandle: JIV2-ARIN
TechName: Ivy, John
TechPhone: +1-915-646-6579
TechEmail: john@landmarklife.com
# ARIN WHOIS database, last updated 2004-11-30 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

-------------------------Update--------------------------
Announcements
Posted by admin   (December 01 2004 through January 31 2005)
------------------------------------------------------------------------
Childs Play (Slander / libel / etc)
People please try to be grown up in here. Quit fraudulently assuming other peoples identities and posting crap. All IP’s are logged and traceable to the PC used to post such material. I will voluntarily release this Information to any law enforcement / legal request. Say what you want but don't hide behind someone else’s good name.
Posted by admin   (November 22 2004 through December 31 2004)

source: cityofbrownwood.com

--------------
From: "John Ivy"
Date: Thu Dec 02, 2004 05:36:42 PM US/Central
To: steve_squared@verizon.net
Cc: webmaster@cityofbrownwood.com
Subject: Re: regarding someone fraudauntly using my name as a member

I was asked by my boss today about this website, I try to keep all aspects of this recreational activity away from my work if at all possible. Aparently the city attorney is involved and asking questions. This website is hosted at SItelutions RDNS service and Winsave hosting services it was recently hosted off my hyperhog account until I discontinued service shortly after I left BCI. I then used Redirected DNS to facilitate my hosting and to spoof IP's to prevent hackers from defacing or denial of services on my site. It will report many different IP's usually one that the server had just disconnected a session from and report that back to the computer asking the WHOIS question or pinging. I generally block all ICMP protocol traffic , it also allowed me to host on a residential DSL line (my house). More recently it has been hosted on commercial hosting sites named above. I passed this information on to my Boss to pass on to the City Attorney. Like I said I am sorry someone has chosen to disrespect you and this open forum of communication. I will probably take the site back to a members only registered site. I beleive a lady named Mary has been helping you track down the site origins, I hope this helps you and/or her in your endeavors. The Company I work for has no aaffiliation to this site and non should be implied. I have to make a living somehow, right.

John Ivy

posted by Steves' Market & Deli @ 9:05 AM