After being AVed nearly thirty times during the course of the last week, we have accumulated enough evidence to identify with certainty the source of the recent AV attacks. I was on ICQ with Stealth earlier and I have provided him with the extensive evidence we have collected, and he will, in turn, relay that information to you so that you can take action. I have provided the IPs in a latter post.

Thanks for your time.

If you want to contact me about this, my ICQ is 102966334.

[ 08 December 2001: Edit by: The Benevolent Despot ]

WASSUP!:

...And I anticipate. Until then...

PEACE OUT!,
{bac_V/E}VengeancE

All critical info in the members area of bz2 section only. The files and data I have recieved is will be made available for download once we are positive of who this is...Please refer to memebrs section for further info.....

::Note from Stealth Added after your last psot sieg::

In our conversation u asked not to reveal the Ip's in public, but oh well was confusion on that I guess. I posted it all over the members only section and will bring it to this one if its going to be put int he public forumz....

[ 08 December 2001: Edit by: BAC_StealthMode ]

The IPs are as follows:

172.138.254.84 (the most recently used)

172.149.216.183 (yesterday)

Both of them check out as Sterling, Virginia at 39.017N, 77.417W.

smilies/biggrin.gif
Stolen from my post in bz2 members only thread recent av's....

"I logged on the net tonight and went in bz2. I am in session chilling and in walks Sieg under "stealthed" nick Benevolent Despot. He asks me to go to icq cause he and many have been havin probs with av game sabotage all day. So i was curious, I got some files off of sieg and persued them to see what they may hold....
First thing I notice is the Ip's of the two suspected attackers....

172.149.216.183
172.138.254.84

Worst fear. Dialup...Sieg seems to think they may be broadband though due to some lo latencies. He says these are the two recurring Ip's I ahve checked the logs. But saw on a few occassions, not exact, but damn similar Ip's as well. My concern still. Dialup. If it is dialup the attackers have new numerals after the 172. every time they log on...

I have the evidence sieg is providing proving his suspicions. I have looked at it. And read through the packet logz as well as the firewall logs. and the Ip tracing. Etc.

It seems probable that sieg is correct. Although most times on the records it is only the bz2 port being accessed by the suspect ip's 17770, 17771, 17772 sometimes it wasnt or was of a different packet type eg: udp tcp etc....

And once or twice a port other then the known bz2 ports was attempted access on by a 172.* ip

I will try and find a host for this data. I only have 3 megs free in my site but this data takes up almost 4-5 so if anyone can host I got the goodz. And of course Sieg has final say. We are respecting this persons privacy as of now by not releasing the nick. Just in case it is coincidentally accidental. I think not...Anyway we are withholding name until Sieg and the community has absolute multiple sources proof taht it is this person or person(s) that are responsible for ruining this gr8 game. Now what we do once we have that proof is up to the community...."

smilies/clap.gif smilies/clap.gif smilies/clap.gif smilies/clap.gif

stealth i got plenty of storage for that if you want. just post or icq me