News, Weather, Mozart, Sports, Eurovision Love Ænema & Perverted Videogames from Vleeptron

NGO_Vleeptron (aka "Bob from Massachusetts") recently featured LIVE on BBC WORLD SERVICE, heard briefly by Gazillions!!!

About Me

My Photo
Name:
Location: Great Boreal Deciduous Hardwood Forest, New England, United States

old dude, all hair, swell new teeth

11 December 2005

Daniel Brandt tracks down the Wikipedia troll

from Daniel Brandt's

www.wikipedia-watch.org/usatoday.html

A whodunnit clue emerges

Chronology: 
2005-12-04: I noticed that the culprit's IP address has a server on it.

C:\TEMP>curl -I http://65.81.97.208/

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Content-Location: http://65.81.97.208/Default.htm
Date: Sun, 04 Dec 2005 19:53:13 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 19 Jan 2004 16:37:25 GMT
ETag: "30544d85aadec31:383c"
Content-Length: 24

The only thing it serves are these 24 bytes:  Welcome to Rush Delivery

2005-12-04: Knowing that the IP geolocates to Nashville, I discover that there
is a company in Nashville called Rush Delivery.

2005-12-05, 08:30: The fax below is sent.

2005-12-05, 11:15: I call Rush Delivery and the secretary says she didn't see
any fax like this. She will watch for it and I resend it.

2005-12-05, 11:30: I call again and yes, the fax arrived. I am transferred
to someone else. I explain the entire situation to her, and ask her to test
their machines that are on the Internet to find out if any are on this BellSouth
DSL IP address. I tell her how to do this. She says she will get back to me.

2005-12-05, 14:30: Having heard nothing, I fax the information to
John Seigenthaler, Sr. in Nashville. I inform him that I'm inclined to post
the fax below unless he feels it will hurt his interests. His office acknowledges
the fax and says that he is grateful, and he will pursue it, and has no objections
if I post it. I mentioned in the cover letter that if the http://65.81.97.208/
entered in a browser address bar stops returning "Welcome to Rush Delivery,"
then this is suspicious because I haven't posted this information anywhere.

2005-12-05, sometime between 16:30 and 19:30: After working all yesterday and
all day today, the connection suddenly starts timing out. It appears that the DSL
modem is unplugged. I still haven't heard from Rush Delivery.

2005-12-05, 22:00: This whodunnit is posted.

2005-12-06, 09:45: The woman I spoke with yesterday left a message to say that the
people she needs to speak with will not be back until tomorrow, and she will get
back to me when she knows something.

2005-12-06, 09:50: The Welcome to Rush Delivery server is back online.

2005-12-06: I noticed that this IP address also has a Resin server on port 81.

C:\TEMP>curl -I http://65.81.97.208:81/

HTTP/1.1 404 Not Found
Server: Resin/2.1.6
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Date: Tue, 06 Dec 2005 21:44:17 GMT

2005-12-06: Busted! Proof that the IP address is currently assigned to
Rush Delivery was obtained by sending an inquiry using an alias email account.
It was sent to the "info" email address listed on their website. The response
was from the woman I spoke with, and the originating IP I was looking for is
in the header. Now it's a matter of determining who was in the office on the
morning of May 26, assuming that they had the same DSL connection at that time
with the same IP address. Perhaps more than one machine is connected to the
same DSL line.

Received: from Maria ([65.81.97.208])
Subject: RE: Courier service inquiry
Date: Tue, 6 Dec 2005 17:05:37 -0600


posted by Vleeptron Dude | 18:24

0 Comments:

Post a Comment

<< Home