SETI: All Users of The Enterprise SetiQueue

[kamper]

Another way to prevent this from happening in the future is to change the port that seti runs on. That's assuming that he just tries the default port on whatever machines he decides to bomb, and that he doesn't lurk in the forums that his victims hang out in.

 

[Smoke]

Originally posted by: kamper
Another way to prevent this from happening in the future is to change the port that seti runs on. That's assuming that he just tries the default port on whatever machines he decides to bomb, and that he doesn't lurk in the forums that his victims hang out in.

Jeremy,

The only problem I'd have doing that is there are so many users of that Queue. There would be no way to get the word to all of them. There are 49 separate Queues and 172 Clients.

Hopefully, the SetiQueue's TORCH feature will keep him at bay.

 

[kamper]

Heh, I guess that could be a problem . It's kindof funny to think of setiQ as a mission-critical application. Stand firm Enterprise SetiQueue!!!

 

[wischeez]

% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 80.128.0.0 - 80.146.159.255
netname: DTAG-DIAL16
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
remarks: ************************************************************
remarks: * ABUSE CONTACT: abuse@t-ipnet.de IN CASE OF HACK ATTACKS, *
remarks: * ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. *
remarks: ************************************************************
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20010807
changed: ripe.dtip@telekom.de 20030211
source: RIPE

route: 80.128.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
mnt-by: DTAG-RR
changed: bp@nic.dtag.de 20010807
source: RIPE

person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
address: D-90492 Nuernberg
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: ripe.dtip@telekom.de
nic-hdl: DTIP
mnt-by: DTAG-NIC
changed: ripe.dtip@telekom.de 20031013
source: RIPE

person: Security Team
address: Deutsche Telekom AG
address: Germany
phone: +49 180 5334332
fax-no: +49 180 5334252
e-mail: abuse@t-ipnet.de
nic-hdl: DTST
mnt-by: DTAG-NIC
changed: abuse@t-ipnet.de 20030210
source: RIPE

I will hopefully have a more detailed report for you in a day or two Smoke.....

 

[Smoke]

Thank you Tom

I'd really like to find out what team (if any) this guy is on so I could report him to them right in their own forum.

I'm sure this is not going to be the last we hear from him. As I wrote earlier, after this low-life dumped on Woodie's Q I DISABLED the ability of any new USERS to join mine. I thought that made me safe but it didn't. All it accomplished was the guy could not download any NEW WUs but that is not what he is after. He is only interested in submitting the same old WUs over and over again. Why he just doesn't just keep dumping them directly to Berkeley is what makes me believe he is a mean spirited vandal and gets his kicks screwing up the work of others.

What I have wished we could do for the longest time is identify Seti Accounts by way of their Seti User Numbers. The way it is now, if a Seti User doesn't enter a name ... he is listed as a BLANK NAME. The only identifier a SetiQueue operator can see is in his "user.ini" and UserInfo.sah" files.

This guy has three accounts:

User #4796509, #4683123, and #4674522

If he is on a team he will be one with a BLANK NAME. Think I'll do a little snooping around.

 

[ICXRa]

Glad you got this fixed Smoke!

 

[Assimilator1]

Originally posted by: Smoke

Originally posted by: Assimilator1
To delete the dupes (in the Dir) go to SETIQ>Client>Duplicates.
I hope that's what your looking for.
[edit] I wonder if they only get there after an attempted submission?.......

Btw that sucks that someone is bombing your Q like that .
Have you tried email them with their SETI email add?
Or contacting SETIQ HQ with the ID numbers?

Hope you can get it sorted

About the User's Seti Email Address. I only wish there was a user email address I could find for that would be the end of this bas............. :|

I am going to write S@H as soon as I can get together as much info as possible but with the changeover situation I really hate to burden them.

If you log onto your Q it gives the email address of the client ,or are you saying that you've tried that & the add is no good?

[edit] glad to see you got it sorted

 

[wischeez]

Smoke, this is the best I could do for information.Couldn't get it down as far as the users computer.

Search Results for IP Address: 80.131.87.218

City: Griesheim
Region: Hessen
Latitude: 50.1000
Longitude: 8.6000
Country: Germany

Owner of IP Address:

DTAG Global IP-Addressing
Deutsche Telekom AG
D-90492 Nuernberg
Germany
phone: 49 180 5334332
fax-no: 49 180 5334252
ripe.dtip@telekom.de

Security Team
Deutsche Telekom AG
Germany
phone: 49 180 5334332
fax-no: 49 180 5334252
abuse@t-ipnet.de

You might want to try the abuse e-mail and see if that gets you anywhere.Sorry

 

[Unforgiven]

ive written these people up before with an issue regarding an ip and they were outstanding. im not sure what action they can take in this particular instance though. i mean the purpetrator really didnt do anything illegal or probe your ports with any kind of malicious code. dont get me wrong i think its majorly fvcked up but im just not too sure what they will do about it or even understand the situation....

 

[Smoke]

Assimilator1, the Seti User Name and Seti User Email are BLANK for this guy. This person has covered his tracks pretty good. The only way to ID him would be for the S@H Admins to check out his User ID Number(s).

wischeez, I appreciate your work. Thank you. I have looked through the rosters of some of the teams that might harbor this individual and could not find enough evidence to even come up with a list of suspects.

unforgiven, you are right ... pressing this kind of action to an ISP would probably be pointless. And thanks for the kind offer of your Q.

 

[Unforgiven]

not a problem man. i thought i would pm you asking you rather than posting it because i dont know where this jackass is and he/she could be looking at these forums so i didnt wanna post the ip and have my queue attacked. anyhow, if you have any further issues with anyone from that isp i highly recommend writing them up, they were very helpful and friendly when i kept getting hammered by hits from one of their ip addy's earlier this year. the best thing is.....that you got the issue resolved and you are back in business now

 

[Rattledagger]

A user doesn't show up with a name in your setiqueue before he has uploaded a result successfully, or asked for wu and gotten from Berkeley. Since these 3 users has never done anything of the sort, they're showing up as blank in SetiQueue.
Oh, and the e-mail-address was removed from user_info.sah in 2001 or something... At the same time some other info like country was also removed from user_info.sah

Anyway, a little poking around shows:
4796509 is Lynxx
registered 27.11.2003 at 02:15:14
28277 results; 305480697.190847 seconds cpu-time

4683123 is LynxxKlamm
registered 06.09.2003 at 03:16:50
2895 results; 24925546.041504 seconds cpu-time

4674522 is esilent
registered 30.08.2003 at 01:15:38
2826 results; 22925860.987133 seconds cpu-time


Of course, both results & cpu-time will increase next time a result is successfully returned. The easiest to find should be the 1st, since this has largest production...

edit -- on the class-pages, all 3 shows up with names & Germany.

 

[Assimilator1]

How the heck did you find that out!?:Q

(good combo of smilies!^^)

 

[Smoke]

Thank you RD!

 

[Smoke]

Is this the guy? Quite possibly.

Maybe one of our German speakers can engage him?

 

[Pokey]

I'm impressed...............:thumbsup: RD

 

[MoFunk]

Holy cow!!!!!!

So what can guys do to protect their Q from this kind of junk???

 

[Unforgiven]

well i think there are things that can be done such as not publically advertising your queue on the seti queue homepage, using a port for your queue other than the default seti queue port and torching users when they violate your queue. there are really limited steps you can take but these are what im doing with my queue to keep it HOPEFULLY safe

 

[Shuxclams]

Yeah I have a shltload of this clowns WU's in my Q as well......



















SHUX