[PROXYPER] DNETC installed without my knowledge ??
Peter Richards
jehoshua at tpg.com.au
Mon Jul 22 11:38:33 EDT 2002
On 21 Jul 2002 at 3:19, Sir Abarth wrote:
> This is a known problem for them. Some lamer made this thing, without the
> knowledge of the head of DPC Division Eindhoven. If you simply mail at the
> hotmail account, you should get a reply with some explanation I think.
Okay
> You can't see anything at that ip-adress because the owner of that
> proxy changed ip after he noticed a lot of illegal clients (and some
> other unnecessary traffic).
When I use the "Domain Dossier" at http://www.tatumweb.com/iptools.htm , it
shows me:
Address lookup
canonical name node-d-2670.a2000.nl.
aliases
addresses 62.195.38.112
Domain Whois record
nl = Netherlands
Querying whois.nic.nl with "a2000.nl"...
Rights restricted by copyright. See
http://www.domain-registry.nl/whois.php
Domain name:
a2000.nl (first domain)
Organisation:
A2000 Holding B.V.
Willem De Zwijgerlaan 350
1055 RD AMSTERDAM
Administrative Contact:
T. Gale
Phone: +31 20 5848888
E-mail: postmaster at a2000.nl
Technical Contact:
B van Bebber
Phone: +31 20 7788600
E-mail: hostmaster at prioritytelecom.nl
Technical Contact:
H Bokhove
Phone: +31 20 7788600
E-mail: abuse at prioritytelecom.nl
Registrar:
Priority Telecom Netherlands B.V.
Beechavenue 100
1119 PW SCHIPHOL-RIJK
Domain Nameservers:
ns1.a2000.nl 62.108.1.65
ns1.unisource.nl 194.151.253.18
ns2.a2000.nl 62.108.1.66
Domain first registered: 23-02-1996
Record last updated: 11-01-2002
Record maintained by: NL Domain Registry
Alternate resources:
http://www.domain-registry.nl/NLwhois.html
Network Whois record
Querying whois.arin.net with "62.195.38.112"...
Querying whois.ripe.net with "62.195.38.112"...
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit http://www.ripe.net/rpsl for more information.
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 62.194.0.0 - 62.195.255.255
netname: NL-A2000-20001010
descr: UPC Netherlands
descr: Provider Local Registry
country: NL
admin-c: RIHU1-RIPE
tech-c: RIHU1-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: A2000-KTA-MNT
mnt-routes: A2000-KTA-MNT
changed: hostmaster at ripe.net 20001010
changed: hostmaster at ripe.net 20010115
changed: lir-help at ripe.net 20011217
changed: hostmaster at ripe.net 20020419
changed: hostmaster at ripe.net 20020423
changed: hostmaster at ripe.net 20020603
changed: hostmaster at ripe.net 20020709
source: RIPE
route: 62.194.0.0/15
descr: A2000 / Kabeltelevisie Amsterdam B.V.
origin: AS8209
remarks: ---------------------------------------------------
remarks: E-mail is the preferred contact method!
remarks: ---------------------------------------------------
remarks: Please use one of the following addresses:
remarks: abuse at a2000.nl - for abuse notification
remarks: helpdesk at A2000.nl - Technical support for customers
remarks: hostmaster at a2000.com - For the hostmaster team
remarks: ---------------------------------------------------
notify: hostmaster at A2000.com
mnt-by: A2000-KTA-MNT
changed: rhuisman at upc.nl 20010105
source: RIPE
person: Richard Huisman
address: A2000 / Kabeltelevisie Amsterdam bv
address: Kabelweg 51
address: 1014 BA Amsterdam
address: The Netherlands
phone: +31 20 7707 313
fax-no: +31 20 7707 817
e-mail: hostmaster at A2000.com
nic-hdl: RIHU1-RIPE
remarks: E-mail is the preferred contact method!
remarks: Please use one of the following addresses:
remarks: abuse at a2000.nl - for abuse notification
remarks: helpdesk at A2000.nl - Technical support for customers
remarks: hostmaster at a2000.com - For the hostmaster team
notify: hostmaster at A2000.com
changed: R.Huisman at A2000.com 20000417
source: RIPE
DNS records
name class type data time to live
node-d-2670.a2000.nl IN A 62.195.38.112 86400s (1d)
a2000.nl IN MX
preference: 100
exchange: smtp1.a2000.nl
69318s (19h 15m 18s)
a2000.nl IN MX
preference: 110
exchange: smtp2.a2000.nl
69318s (19h 15m 18s)
a2000.nl IN SOA
server: ns1.a2000.nl
email: hostmaster at a2000.com
serial: 2002072116
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 86400
86400s (1d)
112.38.195.62.in-addr.arpa IN PTR node-d-2670.a2000.nl 86400s (1d)
195.62.in-addr.arpa IN SOA
server: ns1.a2000.nl
email: hostmaster at a2000.com
serial: 2001010502
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 86400
86400s (1d)
Service scan
FTP - 21 Error: Timed out
SMTP - 25 Error: Timed out
HTTP - 80 Error: Timed out
POP3 - 110 Error: Timed out
NNTP - 119 Error: Timed out
Traceroute
Tracing route to node-d-2670.a2000.nl [62.195.38.112]
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 216.46.228.228 port-216-3073252-dal16509a-
drtn.devices.datareturn.net
2 0 0 0 64.29.192.242 port-64-1949938-zzt0prespect.devices.datareturn.net
3 0 10 0 64.29.192.229 port-64-1949925-zzt0prespect.devices.datareturn.net
4 0 0 0 209.246.152.193 gige4-1-187.ipcolo1.dallas1.level3.net
5 0 0 0 209.244.15.77 gigabitethernet11-0.core1.dallas1.level3.net
6 0 0 0 209.247.10.105 so-4-0-0.mp2.dallas1.level3.net
7 30 40 30 64.159.0.138 so-0-0-0.mp1.washington1.level3.net
8 110 101 110 212.187.128.137 so-2-0-0.mp1.london2.level3.net
9 110 120 110 212.187.128.14 so-3-0-0.mp1.amsterdam1.level3.net
10 120 110 110 213.244.165.3 gige4-0.hsipaccess1.amsterdam1.level3.net
11 111 110 120 212.72.44.98
12 110 110 120 212.142.32.42 srp10-0.am00rt02.brain.upc.nl
13 120 120 110 212.142.32.5 srp0-0.hm00rt01.brain.upc.nl
14 110 121 120 212.142.32.68 srp0-0.hm00rt04.brain.upc.nl
15 110 120 110 212.142.15.54 p15054.net.upc.nl
16 * * *
17 * * *
18 * * *
19 * * *
Trace aborted
-- end --
URL for this output
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interesting eh !!
Peter
>
> ----- Original Message -----
> From: "Peter Richards" <jehoshua at tpg.com.au>
> To: <proxyper at llamas.net>
> Sent: Saturday, July 20, 2002 6:08 AM
> Subject: [PROXYPER] DNETC installed without my knowledge ??
>
>
> > Hi,
> >
> > I noticed DNETC.exe running on my computer, and to my
> > knowledge I did not install it.
> >
> > The DNETC.INI file contents are:
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~
> > [parameters]
> > id=dpc_de at hotmail.com
> > [misc]
> > project-priority=RC5,OGR=0,DES=0,CSC=0
> >
> > [networking]
> > keyserver=62.195.38.112:2064
> > nofallback=true
> > autofindkeyserver=no
> >
> > [rc5]
> > preferred-blocksize=33
> > fetch-time-threshold=0
> > fetch-workunit-threshold=100
> > randomprefix=252
> >
> > [ogr]
> > fetch-workunit-threshold=5
> >
> > [buffers]
> > frequent-threshold-checks=0
> > checkpoint-filename=dpc
> >
> > [logging]
> > log-file=koelog.txt
> > log-file-type=fifo
> >
> > [triggers]
> > restart-on-config-file-change=yes
> >
> > [display]
> > progress-indicator=on
> > detached=yes
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > It's almost as if someone is using my computer to relay RC5
> > packets ? There is a file called KOELOG.TXT conatining:
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > [Feb 09 10:32:31 UTC] The perproxy says: "The Four Horsemen
> > Personal Proxy!"
> > [Feb 09 10:32:40 UTC] Retrieved 45 RC5 packets (113 work units)
> > >from server
> >
> > dnetc v2.8010-463-CTR-00071214 for Win32 (Windows 4.0).
> > Using email address (distributed.net ID) 'dpc_de at hotmail.com'
> >
> > [Jul 17 05:00:26 UTC] Recovered 1 checkpoint packet
> > [Jul 17 05:00:26 UTC] RC5: using core #2 (RG class 6).
> > [Jul 17 05:00:26 UTC] Loaded RC5 7*2^28 packet
> > FCDE37BF:60000000 (73.40% done)
> > [Jul 17 05:00:26 UTC] 0 RC5 packets (0 work units) remain in buff-
> > in.rc5
> > [Jul 17 05:00:26 UTC] 0 RC5 packets (0 work units) are in buff-
> > out.rc5
> > [Jul 17 05:00:26 UTC] 1 cruncher has been started.
> > [Jul 17 05:01:15 UTC] *Break* Shutting down...
> > [Jul 17 05:01:16 UTC] Saved RC5 7*2^28 packet
> > FCDE37BF:60000000 (75.20% done)
> > [Jul 17 05:01:16 UTC] Summary: 0 RC5 packets (0*2^28 keys)
> > 0.00:00:00.00
> > [Jul 17 05:01:16 UTC] 1 RC5 packet (7 work units) is in buff-in.rc5
> > [Jul 17 05:01:16 UTC] 0 RC5 packets (0 work units) are in buff-
> > out.rc5
> >
> > dnetc v2.8010-463-CTR-00071214 for Win32 (Windows 4.0).
> > Using email address (distributed.net ID) 'dpc_de at hotmail.com'
> >
> > [Jul 17 23:29:00 UTC] RC5: using core #2 (RG class 6).
> > [Jul 17 23:29:00 UTC] Loaded RC5 7*2^28 packet
> > FCDE37BF:60000000 (75.20% done)
> > [Jul 17 23:29:00 UTC] 0 RC5 packets (0 work units) remain in buff-
> > in.rc5
> > [Jul 17 23:29:00 UTC] 0 RC5 packets (0 work units) are in buff-
> > out.rc5
> > [Jul 17 23:29:00 UTC] 1 cruncher has been started.
> > [Jul 17 23:40:00 UTC] Completed RC5 packet
> > FCDE37BF:60000000 (7*2^28 keys)
> > 0.00:11:00.30 - [704,724.61 keys/sec]
> >
> > {SNIP}
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > Can the person who is responsible for this (assuming it is
> > dpc_de at hotmail.com) be reported in some way ??
> >
> > Peter
> >
> >
> > --
> > To unsubscribe, send 'unsubscribe proxyper' to
> majordomo at lists.distributed.net
> >
> > --
> > To unsubscribe, send 'unsubscribe proxyper' to
> majordomo at lists.distributed.net
> >
>
> --
> To unsubscribe, send 'unsubscribe proxyper' to
> majordomo at lists.distributed.net
>
> --
> To unsubscribe, send 'unsubscribe proxyper' to
> majordomo at lists.distributed.net
>
--
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
--
To unsubscribe, send 'unsubscribe proxyper' to majordomo at lists.distributed.net
More information about the proxyper
mailing list