You can safely assume that all ports, source and destination, are 80. Errors on that should hav no consequence. The information about his source IP#s is on his checkuser report. Destination IP#s are not. Verizon might be able to get that from the datestamp on their own records. One list is almost entirely in Verizon's space. So, you can do it like this, for one example:
- Source IP address: 207.172.128.101 - Source port(s): 80 - Destination IP address: Wikipedia.org (not known to me) - Destination port(s): 80 - Date: 2008-10-16 - Specific time: 17:40:56 - Time zone (in which the log file time stamp is
recorded): UTC - Brief synopsis: Replaced content with "if some kid needs this for a report then.......................FUCK OFF!"
Retrieved from http://en.wikipedia.org/w/index.php?title=Piracy&oldid=245781063
"Dahsun" dahsun@yahoo.com wrote in message news:583575.28053.qm@web54107.mail.re2.yahoo.com...
I reported Grawp to Verizon earlier this week and got the following response, I'm circulating it here so that others reporting vandals to ISPs can follow their format. But more importantly can anyone tell me how to work out Destination IP address & Destination port(s)?
Jonathan (WereSpielChequers)
--- On Tue, 20/1/09, abuse@verizon.net abuse@verizon.net wrote:
From: abuse@verizon.net abuse@verizon.net Subject: Re: [AB-C24281409F] Threats by one of your customers to rape and bugger a Wikipedia user To: dahsun@yahoo.com Date: Tuesday, 20 January, 2009, 8:43 PM Thank you for writing.
Your report contained no log file excerpt, or incomplete information, and therefore cannot be investigated.
In order to investigate your report, please submit a new report with a log file excerpt providing the specific details for the malicious traffic specific to a Verizon Online customer only.
Log file excerpts must be in plain text format, and include:
- Source IP address - Source port(s) - Destination IP address - Destination port(s) - Date - Specific time - Time zone (in which the log file time stamp is
recorded) - Brief synopsis
Additionally, please note that due to the number of reports we receive, reports with log files containing extraneous information not pertinent to the specific report cannot be accepted.
Verizon Internet Services Security can only take action in response to traffic initiated by Verizon Internet customers. Traffic from non-Verizon sources must be reported directly to the appropriate owner of the IP space that is initiating the traffic.
The following web site may be helpful in determining the owner of the originating IP space:
We hope this provides the necessary information in order to re-submit your report with the data needed, so that an investigation may be initiated.
Sincerely,
Verizon Online Abuse http://www2.verizon.net/policies http://www.verizon.net/security Abuse@verizon.net
==== Original Message ====
- Threats by one of your customers to rape and bugger a
Wikipedia user Added by system at Monday, Jan 19 2009 09:17 am X-MailFrom: dahsun@yahoo.com X-RcptTo: security@abuse.mailsrvcs.net Received: from [172.18.169.123] by [172.18.45.30] (abacus) for security@abuse.mailsrvcs.net; Mon Jan 19 09:17:21 2009 Received: from web54109.mail.re2.yahoo.com ([206.190.37.244]) by vms169123.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with SMTP id 0KDQ009N854X2XE0@vms169123.mailsrvcs.net for security@abuse.mailsrvcs.net (ORCPT security@verizon.net); Mon, 19 Jan 2009 09:17:21 -0600 (CST) Received: (qmail 55849 invoked by uid 60001); Mon, 19 Jan 2009 15:17:16 +0000 Received: from [82.44.83.239] by web54109.mail.re2.yahoo.com via HTTP; Mon, 19 Jan 2009 07:17:15 -0800 (PST) Date: Mon, 19 Jan 2009 07:17:15 -0800 (PST) From: Dahsun dahsun@yahoo.com Subject: Threats by one of your customers to rape and bugger a Wikipedia user X-Originating-IP: [206.190.37.244] To: security@verizon.net Reply-to: dahsun@yahoo.com Message-id: 462123.55297.qm@web54109.mail.re2.yahoo.com MIME-version: 1.0 X-Mailer: YahooMailWebService/0.7.260.1 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: quoted-printable DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=UCdIgtiXRsWAhvhf8NKxKxQ9vYZAubqs6qyz0NrAB/pmKuh9smtFqntcNLZlMn3JogFojttb5+1kt4vSpTuY3PRM/U7tKsL9V9SAfZbeWRWmaDZPYCrZ+4Pr4u4vkUSesUqSsiIeEaDbqMsMXcpQeVmdt+XY7HoPRdENdijxXWI=;
X-YMail-OSG: QZ3aUWQVM1nhCP1GFxfRrYCzIxcq6z0yNEov_Km_Tf4Ld5FhTFk-
MIME element (text/plain) Dear Verizon,
According to ARIN 71.167.96.32 is one of your IP addresses. If so were you aware of this edit:
http://en.wikipedia.org/w/index.php?title=User:Juliancolton&diff=prev&am...
One of a series of vandalisms on Wikipedia by that IP, and looking very similar to other vandalism on Wikipedia by various Verizon IP addresses.
I expect that as a socially responsible company you have policies to deal with such incidents; however if you do decide to continue supplying Internet services to that particular customer would it be possible for you to assign them a permanent IP address so we can indefinitely block that particular address from editing Wikipedia?
Yours Sincerely
Dahsun
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: https://lists.wikimedia.org/mailman/listinfo/wikien-l