216.194.23.130

This IP is one of three who have viewed the contact details page of my
website over the past three weeks.

This is the only place where the idiot pretending to be me could have come
across that information.

If there is anyone here who can assist in tracking down this fiend, there
is a reward in the offering.

 

I should add, the other two IP's were mine.

 

nslookup :
Name: as5300-9.216-194-23-130.nyc.ny.metconnect.net
Address: 216.194.23.130

result from www.whois.net :


metconnect.net Back-order this name

Registrant:
MetTel (METCONNECT-DOM)
44 Wall Street, 14th Floor
New York, NY 10005
US

Domain Name: METCONNECT.NET

Administrative Contact, Technical Contact:
NY, NY 10004 (MT3751-ORG)
212-248-1012

Record expires on 10-May-2012.
Record created on 10-May-1999.
Database last updated on 19-Nov-2003 14:41:27 EST.

Domain servers in listed order:

NS1.METCONNECT.NET 216.194.28.33
NS2.METCONNECT.NET 216.194.28.69
----------------------------------------------------------
Judging by the output from nslookup, the IP address belongs to a Cisco
Access Server (dial-in box).
This means that the IP address of the actual PC accessing your website
is NOT the IP you're talking about.

Best bet to find out any more is to contact the Administrative Contact
and have him look in his logs from the Access Server at the same time
as the IP address accessed your website.

Regards,

Niels

 

If you are sure of the IP, then here is the information:

<http://ws.arin.net/cgi-bin/whois.pl?queryinput=216.194.23.130>

However, I suspect the wanker has a copy cat, or just another masturbating
pen pal. Anyway, I have a few official complaints sent out, and I am waiting
for reply.

By the way, I will offer up a copy of any image from my site, as a printed,
matted, and signed original, to anyone who toasts these juveniles. Any method
is valid, and proof should be easy to verify.

Oh . . . and if the little wankers are reading this, don't look here, the
joke is in your hand.

 

The problem is; Netconnect is the largest ISP in the region. Getting someone
there to actually take notice is not going to be easy.
AJ

 

The prick is spoofing addresses.
The IP you detected is in US. Earlier he used one from Zurich
Complaining to ISPs is a waste of time. He has clearly committed fraud by
impersonating another person. I don't know about the US but in Australia
this is a Federal offence. It wouldn't hurt to notify the FBI. His
activities cross state lines which to me means he as committed fraud in the
USA. I believe they will action an investigation.
AJ

 

[[email protected] wtallman]$ whois 216.194.23.130

OrgName: MetTel, Inc.
OrgID: MTTL
Address: 44 Wall Street, 14th Floor
City: New York
StateProv: NY
PostalCode: 10005
Country: US

NetRange: 216.194.0.0 - 216.194.47.255
CIDR: 216.194.0.0/19, 216.194.32.0/20
NetName: METCONNECT-BLK-1
NetHandle: NET-216-194-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.METCONNECT.NET
NameServer: NS2.METCONNECT.NET
Comment:
RegDate: 2001-01-24
Updated: 2002-06-13

TechHandle: ZM116-ARIN
TechName: Metconnect
TechPhone: +1-212-607-2000
TechEmail:

# ARIN WHOIS database, last updated 2003-11-18 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
[[email protected] wtallman]$

HTH

Bill Tallman

 

Actually, it was Dallas who looked at his web logs, and found that IP. The one
I saw on the last few messages points to Switzerland.

Sad, but true. Even threatening spamhaus ISPs rarely does much. However, it is
with a clear consciounce that other actions can be taken, after official
actions have failed. Just peace of mind.

I think you brought up an important point about that. Obviously ignoring the
kid is not solving anything, and may be encouraging worse behaviour. How long
before this juvenile really physically hurts someone . . . . . .

Ciao!

Gordon

 

If this is the same prick that I tracked to a login name earlier this summer
(with a bread-crumb program), none of this is going to help. If one ISP
revokes his access (about the most anyone will do), he'll get it from
somewhere else. It was amazing how quite he got after I ID'd him to the ISP
last summer. Almost lasted three weeks!

The best we could do is shut him down for a couple days/weeks. But he'll
come back and if the last round of posts are any indication, he'll be more
venomous when he does. Let's face it, misrepresenting yourself on the
Usenet is not uncommon (Am I really Jim Phelps? The answer is of course -
No!). Muchless, it's not a crime. Handles have been used in open public
communications since 'Breaker-19' was a popular phrase. I do this to
protect my privacy. I'm far from the only one. Right now, I can only think
of four people who regularly visit the USENET that could associate my handle
with my real name. Four is a short list. I'm willing to bet a pocket full
of change that no LEA will be interested in our little problem. LEAs are
busy mopping up after a crime has occurred, not being proactive...except
with radar guns.

Dallas, I'm not sure he got your personal info off your web page, but if he
did, you put it there (sorry). It's easy to get someone's address and other
personal info. If you have a listed phone number, you're wide open. If I
know your city, state and name (and a check of your message header will give
me a good part of the location), it isn't too difficult to come up with your
address and telephone number if you're listed. If you have a rather unique
last name (and mine is), it's even easier. A quick nation wide (US) search
on Lycos (same on Yahoo) ended up with 4 returns on my name, 3 of which I
can attest to former addresses! I haven't lived in the US for over 10
years! One address was the former address of my parents and I moved out of
there 26 years ago! Scary?

No, ignoring him is not going to make him go away in the short run. As long
as no one gives him his jollies, he will eventually get bored and move on.
Imagine the hate a person would need to harbor to continue the level of
aggravation this puke has - ad infinitum. That's why I believe he'll
eventually move on if ignored. Someone with that much hate (and other
problems) is sure to wind up on a marble slab, somewhere, with a sobbing
family wondering why it all ended this way and why no one would help him.
Some people's kids...

Jim

 

Jim, read my reply to Gordon Moat. A crime has been committed and action
is being taken.

Sure, it is not a crime to read contact information off a public internet
site, but when you use that information to impersonate the person who owns
the information and then deliberately sabotage the persons electronic
communications, sorry, you've done a big no-no in any 1st world country.

 

My sentiments echoed.

I have managed to filter out 99% of the crap that the person who hates the
Shoot In has posted since it began, but every once in a while more bile
comes through. Yesterday my mailbox was bombed by that Microsoft patch
virus and this is as a direct result of the moron who posted those
messages containing my email address.

Fortunately I am able to change my email accounts myself so the one used
in the post has been been disabled. However, this is where things get
interesting:

The troll has now officially crossed the line between being a nuisance and
a felon because he has forced me to close a business address which as you
are probably aware has financial implications. I use a dial up connection
to the internet, so downloading hundreds of large-ish messages is not an
option for me.

If people visiting my website cannot contact me with that address, I can't
obtain business. All my business cards (which cost me a lot to print)
contain that address. More financial loss.

So, what we are dealing with is no longer a nuisance, but an individual
who has broken the law in this country. It amounts to sabotage and that,
I'm happy to say, will result in a jail sentence.

I have reported the matter to the SAPS and the forensic investigation
department advise that once they have confirmed the nature of the crime, a
further investigation will be launched and referred to Interpol. Our
little friend will be extradited to South Africa and will stand trial
HERE. If found guilty he will serve a sentence in a South African jail,
loaded with thousands of HIV+ inmates, who I am certain will be eager to
spread a little loving towards their new cellmate.

He can run but sooner or later he will be caught. He picked the wrong
person to **** with this time.

 

While your high level of frustration is certainly understandable . . .

You don't really believe that anyone is going to jail for having
impersonated another, do you?

His "crime" was reposting a few addresses and telephone numbers that were
already available from public sources, as I understand it.

I remember a case in the US this past summer where authorities were
attempting to shut down an anti-abortion web site that posted the names,
addresses and photos of doctors that performed abortions. It also posted
information about those doctors' CHILDREN--their names, ages and where they
attended school. The Court ruled that the site was not liable in the event
that someone harmed the doctors or their families. As far as I know, that
site is still up.

If they can't shut that site down, what chance do you have in obtaining an
arrest, much less a conviction?

This is not the sort of thing that law enforcement authorities will consider
high-priority, especially if coordination between different jurisdictions is
involved.

Best to just let it go, rather than get yourself all worked up over it.

 

I am lucky to have excellent blocking options at the server, so after the initial
step of set-up, I do not see these at all. In fact, most of them are set to
immediately bounce back, and a few fun ones include a rude message.

That sucks. I had thought of the e-mail address changing at one point, but that
could be a constant thing, and would make any business over e-mail tougher. If the
authorities and ISPs do not clamp down more on this, people will start giving up on
e-mail for business communications.

Awesome stuff. I cannot think of a better place for the law breaker to go than a
South African jail. Definitely a better option than a Swiss or American jail. Too
bad he couldn't be extradited to Brazil, or Egypt, or maybe Mexico.

Best of luck with this. If you want to contact me off group for this, feel free to
e-mail me.

Ciao!

Gordon

 

You're not Mr. Phelps??? That must explain why you haven't been accepting
the missions lately.

 

Please contact me off list.

Martin

 

It's really because Barney and I had a major falling out. Seems he wanted a
bigger budget for more toys, and well, he was getting more popular on the
show than I was... And darn it all, every Impossible Mission we took, we
made - Possible. Just didn't made sense anymore :::~)))

 

Dallas,

I did. Sorry to hear about your problems. Can you quantify the loss or
damage to your business? I wouldn't go for criminal prosecution. Hit him
where it hurts and go Civil. Imagine what it would be like if 50% of
everything he earned for the rest of his life belonged to you!

Jim

 

It's not anywhere near as easy to do that as people think. (Well, not if
you want to get any data back from the other end of the pipe, at
least...) There are a couple of standard methods that experts use to
hide their tracks when looking at websites, but our troll is a complete
amateur. (And not very bright, either.)

We already know our troll is based in NY, & a couple of basic checks on
that IP address reveals that it terminates at a Cisco 5300 access server
belonging to MetConnect in NY, so I'd give good odds that that is indeed
the address he was at, at the time he accessed the website, (most likely
from his usual dialup connection). MetTel should be able to pull CID
records from the Cisco/Radius logs, which will nail down the phone
number he connected from, as well as the account he used. (I'm assuming
that he's not stupid enough to use his own account, although that may be
overgenerous of me.)

As mentioned earlier in this thread, that IP address is controlled by
MetConnect:
---------
OrgName: MetTel, Inc.
Address: 44 Wall Street, 14th Floor
City: New York
StateProv: NY
PostalCode: 10005
Country: US

TechPhone: +1-212-607-2000
TechEmail:
----------

So I'd recommend that Dallas save a copy of his web-server access logs &
contact MetTel at that phone number.
Dallas: Make sure that you include the time-zone that your webserver is
set to, so that they can correctly match your log entries to theirs.

It's a shame my day job's keeping me so busy at the moment. I estimate
that it wouldn't take me more than two or three days of solid network
hacking to ID the idiot well enough to be able to prove it in court.

Best of luck, Dallas. Please feel free to ask for more technical help,
if you need it.

 

Dallas doesn't have a business, except in his dreams. He is a low-end
hired hack working in the IT industry, and any idea that he has (or
had) a business is in the realms of fantasy (his own).

 

Your email bounced.