Re: Packet Kiddies Invade NANOG
You know how easy it is to fake IRC logs? Yes, I do. And I also know that these aren't fake. I've seen them before, from some respected sources in the ISP security community, and I've also seen Gregory's manifesto sent to the EFNet admins list admitting to having launched DDoS attacks against the servers, and attempting to rationalize his behavior. Are you denying that, too? I don't know why you people seem to think I'm involved with all of this stuff. Because you're friends of Andrew Kirch (aka trelane), who's Mr. Gregory OseK Taylor's right hand man. Guilt by association, and all that. If you want to show evidence, do it offlist and among yourselves, because I don't think people give a crap about your little spats between one another - especially not based on IRC logs. Sorry Brian, but I'm not going to play these games. If you can publicly dispute the claims that you and your friends are packet kiddies, I have just as much of a right to post to the list attempting to prove them, or at the least, pointing out the hyprocisy of your ways. Hopefully some prospective employer will find this thread when googling for info on you and your friends, and think twice about hiring you for security work. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427
Re: Packet Kiddies Invade NANOG
Matthew (yes I know it is you) No, my name is Albert. I have not attacked any Internet Service Provider or IRC server in several years. I am and have been retired from the underground for a long while now, despite the constant comments made to the contrary by people who do not represent me in any manner. Yeah, I bet. Guess that explains this exploit you contributed to recently: http://www.l33 (tsecurity.com/get.php?file=13 Furthermore, thanks for admitting to commiting felonies on this list. In case you were unaware, your statute of limitations has not yet expired. Signed, Albert Public (firstname lastname) Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427
Re: Packet Kiddies Invade NANOG
Hello, I just thought I should chime in here. Below you will find OseK's (Greg Taylor) manifesto sent to EFnet admins during an event last year where OseK was attacking most EFnet servers. Additionally, I can tell you that Greg was attacking my network at some point in the last year, and readily admitted to it at the time. Signed, J. Quincy Taxpayer - Forwarded message from Don Crossman [EMAIL PROTECTED] - DO NOT INCLUDE MY EMAIL ADDRESS IN THIS LETTER OR MY NAME KEEP ME ANONYMOUS MINUS MY NICKNAME - - -- To whom it may concern, I got by the nickname of OseK on the Eris Free Network, EFNet. I am sending this e-mail in response to certain claims and accusations being made by a few people in an attempt to clear up the situation for those who are both confused and aggitated. I will start off by giving you the reasons for my actions and what my intentions are and why I am taking the actions that I am taking. EFNet, throughout the existance of the network, has seen its good days and its bad. EFNet has had to deal with corrupt, abusive, egotistical opers who work contrary to the best interests of this network, and use their position of power to satisfy whatever ego they have. Unfortunately, for this network it has come to the point where the Network Administrators of certain servers have created an ironfist autocracy so to speak, where they can do whatever they want and answer to nobody. I myself, have put up with this constant abuse for several years. All of these years, every time I'm /killed, I do nothing, every time I'm /klined I do nothing, but most recently, a channel that I run that had no bots, only people, was taken over, mass /killed and set as a TROLL channel on #chanfix over a matter that didn't involve us to begin with. The person who committed this act was Darryl Williams, also known as shi on EFNet. Former torix admin and currently opered on NAC, Mindspring, Easynews, and Security Support. His abusive record extends much farther than even the most notorious criminals. He has run banned hacks on TorIX, has committed countless acts of abuse against users and then taunted those users into attempting to packet torix, which he thought, was invincible. After over 15 warnings to him to watch his actions, after constant emails to [EMAIL PROTECTED] which were either pasted back to me and laughed at, or thrown into the trash bin, and after attempting to talk to various opers on that server to complain, I decided to take matters into my own hands. Either Torix was going to remove his O: line or it would be dropped indefinately. Neither of which happened. I was approached by the admin of torix asking why this was going on and I posted him legit and authentic logs (despite what shi may try to say). The TorIX admin decided because the logs showed too much incriminating evidence against shi, that he would suspend shi's O: line for further review of his future on that server. shi meanwhile utilized a backdoor in the IRCD itself to re-add his O: line and try to hide as a TCM bot. That is the direct reason he was permanently removed from TorIX. For adding himself back without permission from the other admins. Now we will talk about Qeast and what their big deal is. Qeast is WELL KNOWN for being the home of abusive admins in .CA EFNet. xyst and atomix have run server hacks, and have committed various forms of abuse including channel take overs, packeting of other .ca servers in order to reduce those servers max clients, and nickname juping. xyst also sees any potential future hub as a threat to qeast and utilizes his 2 of 4 votes to deny links to such servers. I will bring up irc.magic.ca and irc.total.net which were servers on efnet for many years, who even sponsored qeast's link to efnet, but xyst utilized his 2 votes per server to deny them links. For the record, xyst and shi are friends, they say they aren't but they are. IRCD/HUB IP addresses: These IPs were obtained through several confidential sources, some of which are operlist users, operwall viewers, and opers themselves. I will let you know that the HUB IP I had gotten for Qeast in the 192.77.73.* block which was broadcasting multiple IPs on various ports. I decided to drop the router which is what is currently under attack. Servers that will not be attacked: Servers that will NOT be attacked are those that the admins of said servers and opers, have shown countless times that they are truly here for the network and not for their ego. Opers who work hard every day to provide users with the most comfortable atmosphere to chat in. Opers who follow their own policies and will not allow abusive admins to push them around. These servers include all of .EU EFNet. irc.aloha.net, irc.vrfx.com, irc.nac.net, irc.limelight.us, irc.xo, and more. Take
Re: Packet Kiddies Invade NANOG (retry)
Sorry about the last post, my client's linewrap seems to not work properly, I'll try again. Hello, I just thought I should chime in here. Below you will find OseK's (Greg Taylor) manifesto sent to EFnet admins during an event last year where OseK was attacking most EFnet servers. Additionally, I can tell you that Greg was attacking my network at some point in the last year, and readily admitted to it at the time. Signed, J. Quincy Taxpayer - Forwarded message from Don Crossman [EMAIL PROTECTED] - DO NOT INCLUDE MY EMAIL ADDRESS IN THIS LETTER OR MY NAME KEEP ME ANONYMOUS MINUS MY NICKNAME - - -- To whom it may concern, I got by the nickname of OseK on the Eris Free Network, EFNet. I am sending this e-mail in response to certain claims and accusations being made by a few people in an attempt to clear up the situation for those who are both confused and aggitated. I will start off by giving you the reasons for my actions and what my intentions are and why I am taking the actions that I am taking. EFNet, throughout the existance of the network, has seen its good days and its bad. EFNet has had to deal with corrupt, abusive, egotistical opers who work contrary to the best interests of this network, and use their position of power to satisfy whatever ego they have. Unfortunately, for this network it has come to the point where the Network Administrators of certain servers have created an ironfist autocracy so to speak, where they can do whatever they want and answer to nobody. I myself, have put up with this constant abuse for several years. All of these years, every time I'm /killed, I do nothing, every time I'm /klined I do nothing, but most recently, a channel that I run that had no bots, only people, was taken over, mass /killed and set as a TROLL channel on #chanfix over a matter that didn't involve us to begin with. The person who committed this act was Darryl Williams, also known as shi on EFNet. Former torix admin and currently opered on NAC, Mindspring, Easynews, and Security Support. His abusive record extends much farther than even the most notorious criminals. He has run banned hacks on TorIX, has committed countless acts of abuse against users and then taunted those users into attempting to packet torix, which he thought, was invincible. After over 15 warnings to him to watch his actions, after constant emails to [EMAIL PROTECTED] which were either pasted back to me and laughed at, or thrown into the trash bin, and after attempting to talk to various opers on that server to complain, I decided to take matters into my own hands. Either Torix was going to remove his O: line or it would be dropped indefinately. Neither of which happened. I was approached by the admin of torix asking why this was going on and I posted him legit and authentic logs (despite what shi may try to say). The TorIX admin decided because the logs showed too much incriminating evidence against shi, that he would suspend shi's O: line for further review of his future on that server. shi meanwhile utilized a backdoor in the IRCD itself to re-add his O: line and try to hide as a TCM bot. That is the direct reason he was permanently removed from TorIX. For adding himself back without permission from the other admins. Now we will talk about Qeast and what their big deal is. Qeast is WELL KNOWN for being the home of abusive admins in .CA EFNet. xyst and atomix have run server hacks, and have committed various forms of abuse including channel take overs, packeting of other .ca servers in order to reduce those servers max clients, and nickname juping. xyst also sees any potential future hub as a threat to qeast and utilizes his 2 of 4 votes to deny links to such servers. I will bring up irc.magic.ca and irc.total.net which were servers on efnet for many years, who even sponsored qeast's link to efnet, but xyst utilized his 2 votes per server to deny them links. For the record, xyst and shi are friends, they say they aren't but they are. IRCD/HUB IP addresses: These IPs were obtained through several confidential sources, some of which are operlist users, operwall viewers, and opers themselves. I will let you know that the HUB IP I had gotten for Qeast in the 192.77.73.* block which was broadcasting multiple IPs on various ports. I decided to drop the router which is what is currently under attack. Servers that will not be attacked: Servers that will NOT be attacked are those that the admins of said servers and opers, have shown countless times that they are truly here for the network and not for their ego. Opers who work hard every day to provide users with the most comfortable atmosphere to chat in. Opers who follow their own policies and will not allow abusive admins to push them around. These servers include all of .EU EFNet. irc.aloha.net, irc.vrfx.com,
Re: Packet Kiddies Invade NANOG
People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air. Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers? (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004, [EMAIL PROTECTED] wrote: People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air. Can anyone from Banetele/who knows Banetele confirm this attack took place? Steve Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers? (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself
Re: Packet Kiddies Invade NANOG
People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air. Can anyone from Banetele/who knows Banetele confirm this attack took place? According to the people I spoke to, they had not noticed such an attack on the date specified. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] (who used to work for BaneTele, and was intimately involved with getting suitable BGP filters in place)
Re: Packet Kiddies Invade NANOG
--- [EMAIL PROTECTED] wrote: Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers? Even better is to seperate the control plane from the forwarding plane, and ensure that the control plane of a given router cannot be spoken to by anyone who is not either internal or a direct BGP peer. Why permit garbage to touch your network? -David Barak -Fully RFC 1925 Compliant- = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004 04:14:01 -0800 [EMAIL PROTECTED] wrote: According to the people I spoke to, they had not noticed such an attack on the date specified. And, while not knowing the specifics of this situation, if you were being attacked, and it hurt your network, would you continue to piss the attacker off by validating it? You'll have a problem finding anyone that crazy, I think. On Tue, 16 Mar 2004 02:54:43 -0800 [EMAIL PROTECTED] wrote: People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air. I don't know anything about the banetele attack mentioned specifically, other than to say, this matches his M.O. entirely, and, he isn't the only kiddie who figured out that attacking routers is sometimes more effective than attacking the intended victim. John Quincy Taxpayer Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427
Re: Packet Kiddies Invade NANOG
Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. - Original Message - From: Stephen J. Wilcox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 3:54 AM Subject: Re: Packet Kiddies Invade NANOG On Tue, 16 Mar 2004, [EMAIL PROTECTED] wrote: People should be worried about stuff like this. Banetele is a facilities-based network operator in Norway and these guys are directly attacking their BGP sessions to put them off the air. Can anyone from Banetele/who knows Banetele confirm this attack took place? Steve Assuming that they are not sourcing the attacks in Banetele's AS, then you, the peer of Banetele are delivering the packet stream that kills the BGP session. How long before peering agreements require ACLs in border routers so that only BGP peering routers can source traffic destined to your BGP speaking routers? (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself
Re: Packet Kiddies Invade NANOG
Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. BaneTele hosts an EFnet IRC server. Caused no significant problems while I was working at BaneTele. That's probably because we *expected* DoS attacks on the IRC server, and engineered the network accordingly. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004, Alexei Roudnev wrote: Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. What about undernet? A customer wants us to help him setup an undernet IRC server. My gut feeling is, hosting IRC servers (especially on the well known networks) is like wearing a kick me/flood me sign on your network, and it's probably not going to be worth the pain pages. -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote: On Tue, 16 Mar 2004, Alexei Roudnev wrote: Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. What about undernet? A customer wants us to help him setup an undernet IRC server. My gut feeling is, hosting IRC servers (especially on the well known networks) is like wearing a kick me/flood me sign on your network, and it's probably not going to be worth the pain pages. It probably depends how much money is involved and if they are willing to pay for all the network tech's time such server brings in. My own dealings with people wanting to run IRC servers and services is that they may have some fixed amount of money for the server but whatever they are expecting to generate from such irc-related services does not happen and they ran out of money and most end-up having to be canceled for non-pay (usually after first 4 or 6 months) and you end-up having to decide if your company want to sponsor this server for the long term... Some other things that you end-up having to consider if the server is run by the customer what are their policies and how white/black/grey are their admins and people they allow to be operators. Operators way too often end-up being targets of attacks on the servers ... As far as Undernet is probably not as bad as Efnet as attack target, but you'll still see some attacks for sure. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote: Hmm, if someone (except masochists and security vendiors) still hosts efnet... I can only send them my condoleences. I saw sthe same dialogs 6 years ago. Nothing changes. What about undernet? Thats even worse :) A customer wants us to help him setup an undernet IRC server. My gut feeling is, hosting IRC servers (especially on the well known networks) is like wearing a kick me/flood me sign on your network, and it's probably not going to be worth the pain pages. Sounds about right. Unless you feel like charging someone several thousands of dollars per month to host an EFNet server, don't do it unless you have a personal interest.
Re: Packet Kiddies Invade NANOG
Why is NANOG starting to sound like full-disclosure? Can't you kids just argue amongst yourselves on IRC or something? This is so off-charter... If any of the involved parties thinks anyone cares, you'd do well to check your egos. -- Charles Sprickman [EMAIL PROTECTED] On Mon, 15 Mar 2004, Matthew S. Hallacy wrote: On Sun, Mar 14, 2004 at 10:43:29PM -0600, Gregory Taylor wrote: Matthew (yes I know it is you), The personal information you have posted regarding my phone number is me. However, the slanderous material and obvious hate/flame statements you made against me are absolutely false. For the record, I've been in-transit between the cold state of Minnesota to the semi-warm state of Texas for the past two days via car, Without internet access. If I wanted to post the urls in this thread I would have no issues doing it without hiding behind an anonymous email account. As for the accusations made being false, I know nothing about them. I do recall the 2 or 3 times you've attacked me by the direct, or indirect request of Andrew Kirch (trelane). -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: Packet Kiddies Invade NANOG
Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... (08:35:45) #sigdie!OseK_ :[NEMESIS] Nodes are attacking 212.242.41.0/24 on port 666 for 60 seconds using spoofed TCP RESET Packets ... (08:36:04) #sigdie!OseK_ doesn't help the port 666 tho :( (08:36:31) #sigdie!OseK_ you prolly have a much larger dosnet than me tho (08:36:34) #sigdie!OseK_ i only have 500 nodes (08:38:55) #sigdie!OseK_ you dropped it (08:38:58) #sigdie!OseK_ so it cant take ICMP (08:39:00) #sigdie!OseK_ what'd you hit? (08:39:18) #sigdie!p .17 (08:39:54) #sigdie!OseK_ down (08:39:55) #sigdie!OseK_ i got it (08:39:56) #sigdie!OseK_ :) (08:40:03) #sigdie!p let me try by myself ! (08:40:07) #sigdie!p no (08:40:07) #sigdie!p its up (08:40:08) #sigdie!OseK_ hold (08:40:10) #sigdie!OseK_ wait 60 seconds (08:40:15) #sigdie!OseK_ ah (08:40:16) #sigdie!OseK_ wtf (08:40:20) #sigdie!OseK_ i only dropped one box? (08:40:29) #sigdie!OseK_ cuz it wouldn't respond for a second there (08:40:44) #sigdie!OseK_ i wanna fucking drop banetele (08:40:49) #sigdie!p well (08:40:50) #sigdie!p my turn (08:40:51) #sigdie!OseK_ cuz those fags are the ones that put that page up on there (08:40:55) #sigdie!OvEr_LoAD lol lets do it (08:41:05) #sigdie!p OK (08:41:06) #sigdie!p wach (08:41:08) #sigdie!p watch (08:41:13) #sigdie!p is everyone watching (08:41:18) #sigdie!OseK_ yeah (08:41:28) #sigdie!OseK_ pwned (08:41:31) #sigdie!OseK_ p- (08:41:32) #sigdie!OseK_ u (08:41:34) #sigdie!p no i didnt even do anything (08:41:35) #sigdie!OseK_ pwn (08:41:36) #sigdie!p :P (08:41:38) #sigdie!OseK_ wtf (08:41:44) #sigdie!OseK_ why are they all fucked now (08:41:48) #sigdie!p they arent.. (08:42:01) #sigdie!p unless youre talking about 212.242.41.35 (08:42:05) #sigdie!p im flooding its httpd (08:42:28) #sigdie!p ok ok (08:42:29) #sigdie!p watch (08:42:57) #sigdie!p bewm (08:43:00) #sigdie!OseK_ ok (08:43:02) #sigdie!OseK_ dammit (08:43:05) #sigdie!OseK_ you hit it right when i do (08:43:07) #sigdie!p it doesnt like ICMP (08:43:07) #sigdie!OseK_ i can never tell (08:43:10) #sigdie!OseK_ if my shit is working (08:43:22) #sigdie!OseK_ :) (08:43:33) #sigdie!OseK_ its up (08:43:44) #sigdie!p i only did 50 seconds (08:44:06) #sigdie!OseK_ hrm (08:44:20) #sigdie!p 212.242.41.17 no like the icmp (08:45:19) #sigdie!OseK_ ok (08:45:23) #sigdie!OseK_ imma go play with banetele (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself (08:50:33) #sigdie!OseK_ its something you only find UU net and IRC servers doing (08:50:34) #sigdie!OseK_ hehe (08:51:19) #sigdie!OseK_ they should recover now (08:51:21) #sigdie!OseK_ any time (08:53:30) #sigdie!OseK_ damn (08:48:02) #sigdie!OseK_ i just collapse (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnet irc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on (08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but
Re: Packet Kiddies Invade NANOG
On Monday, March 15, 2004 1:11 PM [EST], John Harold [EMAIL PROTECTED] wrote: Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... You know how easy it is to fake IRC logs? (16:12:01) #nanog!jh I l33t hax0red y0uz! (16:12:30) #nanaog!skrptkd No, I l33t hax0red y0uz first! and on and on, I don't know why you people seem to think I'm involved with all of this stuff. If you want to show evidence, do it offlist and among yourselves, because I don't think people give a crap about your little spats between one another - especially not based on IRC logs. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Packet Kiddies Invade NANOG
Stop it children. The thousands of people on this mailing list do not need to watch this road kill. -ren At 06:11 PM 3/15/2004 +, John Harold wrote: Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... (08:35:45) #sigdie!OseK_ :[NEMESIS] Nodes are attacking 212.242.41.0/24 on port 666 for 60 seconds using spoofed TCP RESET Packets ... (08:36:04) #sigdie!OseK_ doesn't help the port 666 tho :( (08:36:31) #sigdie!OseK_ you prolly have a much larger dosnet than me tho (08:36:34) #sigdie!OseK_ i only have 500 nodes (08:38:55) #sigdie!OseK_ you dropped it (08:38:58) #sigdie!OseK_ so it cant take ICMP (08:39:00) #sigdie!OseK_ what'd you hit? (08:39:18) #sigdie!p .17 (08:39:54) #sigdie!OseK_ down (08:39:55) #sigdie!OseK_ i got it (08:39:56) #sigdie!OseK_ :) (08:40:03) #sigdie!p let me try by myself ! (08:40:07) #sigdie!p no (08:40:07) #sigdie!p its up (08:40:08) #sigdie!OseK_ hold (08:40:10) #sigdie!OseK_ wait 60 seconds (08:40:15) #sigdie!OseK_ ah (08:40:16) #sigdie!OseK_ wtf (08:40:20) #sigdie!OseK_ i only dropped one box? (08:40:29) #sigdie!OseK_ cuz it wouldn't respond for a second there (08:40:44) #sigdie!OseK_ i wanna fucking drop banetele (08:40:49) #sigdie!p well (08:40:50) #sigdie!p my turn (08:40:51) #sigdie!OseK_ cuz those fags are the ones that put that page up on there (08:40:55) #sigdie!OvEr_LoAD lol lets do it (08:41:05) #sigdie!p OK (08:41:06) #sigdie!p wach (08:41:08) #sigdie!p watch (08:41:13) #sigdie!p is everyone watching (08:41:18) #sigdie!OseK_ yeah (08:41:28) #sigdie!OseK_ pwned (08:41:31) #sigdie!OseK_ p- (08:41:32) #sigdie!OseK_ u (08:41:34) #sigdie!p no i didnt even do anything (08:41:35) #sigdie!OseK_ pwn (08:41:36) #sigdie!p :P (08:41:38) #sigdie!OseK_ wtf (08:41:44) #sigdie!OseK_ why are they all fucked now (08:41:48) #sigdie!p they arent.. (08:42:01) #sigdie!p unless youre talking about 212.242.41.35 (08:42:05) #sigdie!p im flooding its httpd (08:42:28) #sigdie!p ok ok (08:42:29) #sigdie!p watch (08:42:57) #sigdie!p bewm (08:43:00) #sigdie!OseK_ ok (08:43:02) #sigdie!OseK_ dammit (08:43:05) #sigdie!OseK_ you hit it right when i do (08:43:07) #sigdie!p it doesnt like ICMP (08:43:07) #sigdie!OseK_ i can never tell (08:43:10) #sigdie!OseK_ if my shit is working (08:43:22) #sigdie!OseK_ :) (08:43:33) #sigdie!OseK_ its up (08:43:44) #sigdie!p i only did 50 seconds (08:44:06) #sigdie!OseK_ hrm (08:44:20) #sigdie!p 212.242.41.17 no like the icmp (08:45:19) #sigdie!OseK_ ok (08:45:23) #sigdie!OseK_ imma go play with banetele (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself (08:50:33) #sigdie!OseK_ its something you only find UU net and IRC servers doing (08:50:34) #sigdie!OseK_ hehe (08:51:19) #sigdie!OseK_ they should recover now (08:51:21) #sigdie!OseK_ any time (08:53:30) #sigdie!OseK_ damn (08:48:02) #sigdie!OseK_ i just collapse (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnet irc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on (08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border
Re: Packet Kiddies Invade NANOG
: Stop it children. The thousands of people on this mailing list do not need : to watch this road kill. -ren But they sure make good kill file fodder ! James Edwards Routing and Security [EMAIL PROTECTED] At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday 505-988-9200 SIP:1(747)669-1965
Re: Packet Kiddies Invade NANOG
ren wrote: Stop it children. The thousands of people on this mailing list do not need to watch this road kill. -ren mode=voice in the wilderness Some where it was ineffectively written that if you stop responding to them, and particularly, if you stop endorsing the crap by quoting it all verbatim over your signature, they will eventually stop reacting. additional_mode=grabage, removal snip /mode Kind of like this cold--I was asked why I didn't I a, b, c, and d--guaranteed to get rid of it in 14 days. I responded that I am unemployed and can not afford all that and am therefore doomed to wait out the whole 2 weeks. -- Requiescas in pace o email
Re: Packet Kiddies Invade NANOG
Susan, could you please clarify the NANOG AUP for the benefit of some of our young/new posters? Thank you, -David Barak -Fully RFC 1925 Compliant- --- John Harold [EMAIL PROTECTED] wrote: snipped IRC junk = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Re: Packet Kiddies Invade NANOG
On Mon, 15 Mar 2004, David Barak wrote: Susan, could you please clarify the NANOG AUP for the benefit of some of our young/new posters? Thank you, -David Barak -Fully RFC 1925 Compliant- Either that or they can check out the website, http://www.nanog.org/aup.html -- (o_ stefan larsson(o_ (o_ //\ mailto:[EMAIL PROTECTED] (/)_ (/)_ V_/_ 9210 2EED 1153 C985 C010 C9F8 B9A5 2B46 5638 52A7
Re: Packet Kiddies Invade NANOG
Greg, Let me spell it out crystal clear so you can understand. Are you, or are you not, the Gregory Taylor referenced in the URL's I sent below? Albert P. (signing his real name so Susan won't remove him from the list) maturity in its purest form. -- Original Message -- From: [EMAIL PROTECTED] Date: Sat, 13 Mar 2004 17:17:42 -0800 I've noticed a number of shining stars in the network engineering industry have graced us with their presence and infinite wisdom in the past few days, including Gregory Taylor. I can't help but wonder if this is the same who launched multi-gigabit DDoS attacks against IRC servers and major ISP's recently: http://www.geocities.com/osek_owned/ http://www.urbandictionary.com/define.php?term=osek Coincidence? You decide. Better yet, call his mother at 1-253- 475-1227, and let her know you don't approve of his hacking activities. If enough of us put the pressure on, it's possible he'll be grounded, and his computer priviledges will be revoked. It's happened before, it can happen again. For those of you wondering, Xpert Web Builders (XWB.COM) is bogus. They don't operate a network, they're a sole proprietorship tech support and web dev group, run by some clue- challenged kids who don't even have the cashflow needed to invest in a post-paid cellular phone. Then there's Andrew Kirch, aka trelane, who just published a fascinating (albeit highly technically inaccurate, and bearing little or no basis in reality) whitepaper on the script kiddie culture: http://software.newsforge.com/software/04/02/28/0130209.shtml Only problem is, he hangs out on EFNet in #sigdie, a channel known in security circles as a place where large-scale DDoS attacks, usually involving 1000's of drone nets or otherwise compromised machines, are coordinated. Takes one to know one, I guess. The fun doesn't stop there: he's publicly admitted to helping packet IRC servers before! I'm still working on building a rap sheet on Kirch's friend, Brian Bruns, and their Summit Open Source Development Group (which, by all accounts, is a legitimate-looking front for their not-so-legitimate activities). If anyone has any info, mail me privately, and I'll summarize. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427 Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427
Re: Packet Kiddies Invade NANOG
Matthew (yes I know it is you), The personal information you have posted regarding my phone number is me. However, the slanderous material and obvious hate/flame statements you made against me are absolutely false. I have not attacked any Internet Service Provider or IRC server in several years. I am and have been retired from the underground for a long while now, despite the constant comments made to the contrary by people who do not represent me in any manner. I admit publically to everyone who may read this posting, that I have made some very stupid decisions in the past and I had hurt alot of people in the process. Despite my attempts to justify my actions, the fact is two wrongs do not make a right. XWB is my dad's personal sole propietership. Not once has anyone involved with XWB ever attempted to represent that business as anything more than a Sole propietership that does web development work for non-profit organizations and small businesses. My father works very hard and your attempt at attacking his character was uncalled for and unnecessary. I do not know what your problem with me is, Matthew, but whatever they are, you need to leave them off of NANOG and the phone calls to my house are not appreciated either. I hope you realize that posting personal information about people, such as phone numbers, addresses, and any other such stuff to a public forum without the consent of the person to whom that information belongs to, is illegal. It is a felony in fact. Your unfounded truthless statements about myself and my father's business are a felony as well and if I wanted to take action, could end in a civil lawsuit against you for libel and slander. Will I take that approach? Probably not, mostly because the people on this list, minus certain people, are for the most part mature, intelligent adults who do not care to take part in flame wars, nor do they listen to slanderous statements made by someone who obviously has some kind of jealousy towards someone to the point that he has to make public unprovoked attacks against that person's character. The people who matter on this list will most likely ignore this thread and what not. Good luck in whatever future endeavor you may take. And this is my only and last response to this thread. Greg -- Original Message -- From: [EMAIL PROTECTED] Date: Sun, 14 Mar 2004 14:37:38 -0800 Greg, Let me spell it out crystal clear so you can understand. Are you, or are you not, the Gregory Taylor referenced in the URL's I sent below? Albert P. (signing his real name so Susan won't remove him from the list) maturity in its purest form. -- Original Message -- From: [EMAIL PROTECTED] Date: Sat, 13 Mar 2004 17:17:42 -0800 I've noticed a number of shining stars in the network engineering industry have graced us with their presence and infinite wisdom in the past few days, including Gregory Taylor. I can't help but wonder if this is the same who launched multi-gigabit DDoS attacks against IRC servers and major ISP's recently: http://www.geocities.com/osek_owned/ http://www.urbandictionary.com/define.php?term=osek Coincidence? You decide. Better yet, call his mother at 1-253- 475-1227, and let her know you don't approve of his hacking activities. If enough of us put the pressure on, it's possible he'll be grounded, and his computer priviledges will be revoked. It's happened before, it can happen again. For those of you wondering, Xpert Web Builders (XWB.COM) is bogus. They don't operate a network, they're a sole proprietorship tech support and web dev group, run by some clue- challenged kids who don't even have the cashflow needed to invest in a post-paid cellular phone. Then there's Andrew Kirch, aka trelane, who just published a fascinating (albeit highly technically inaccurate, and bearing little or no basis in reality) whitepaper on the script kiddie culture: http://software.newsforge.com/software/04/02/28/0130209.shtml Only problem is, he hangs out on EFNet in #sigdie, a channel known in security circles as a place where large-scale DDoS attacks, usually involving 1000's of drone nets or otherwise compromised machines, are coordinated. Takes one to know one, I guess. The fun doesn't stop there: he's publicly admitted to helping packet IRC servers before! I'm still working on building a rap sheet on Kirch's friend, Brian Bruns, and their Summit Open Source Development Group (which, by all accounts, is a legitimate-looking front for their not-so-legitimate activities). If anyone has any info, mail me privately, and I'll summarize. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the
Re: Packet Kiddies Invade NANOG
On Sun, Mar 14, 2004 at 10:43:29PM -0600, Gregory Taylor wrote: Matthew (yes I know it is you), The personal information you have posted regarding my phone number is me. However, the slanderous material and obvious hate/flame statements you made against me are absolutely false. For the record, I've been in-transit between the cold state of Minnesota to the semi-warm state of Texas for the past two days via car, Without internet access. If I wanted to post the urls in this thread I would have no issues doing it without hiding behind an anonymous email account. As for the accusations made being false, I know nothing about them. I do recall the 2 or 3 times you've attacked me by the direct, or indirect request of Andrew Kirch (trelane). -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: Packet Kiddies Invade NANOG
maturity in its purest form. -- Original Message -- From: [EMAIL PROTECTED] Date: Sat, 13 Mar 2004 17:17:42 -0800 I've noticed a number of shining stars in the network engineering industry have graced us with their presence and infinite wisdom in the past few days, including Gregory Taylor. I can't help but wonder if this is the same who launched multi-gigabit DDoS attacks against IRC servers and major ISP's recently: http://www.geocities.com/osek_owned/ http://www.urbandictionary.com/define.php?term=osek Coincidence? You decide. Better yet, call his mother at 1-253-475-1227, and let her know you don't approve of his hacking activities. If enough of us put the pressure on, it's possible he'll be grounded, and his computer priviledges will be revoked. It's happened before, it can happen again. For those of you wondering, Xpert Web Builders (XWB.COM) is bogus. They don't operate a network, they're a sole proprietorship tech support and web dev group, run by some clue- challenged kids who don't even have the cashflow needed to invest in a post-paid cellular phone. Then there's Andrew Kirch, aka trelane, who just published a fascinating (albeit highly technically inaccurate, and bearing little or no basis in reality) whitepaper on the script kiddie culture: http://software.newsforge.com/software/04/02/28/0130209.shtml Only problem is, he hangs out on EFNet in #sigdie, a channel known in security circles as a place where large-scale DDoS attacks, usually involving 1000's of drone nets or otherwise compromised machines, are coordinated. Takes one to know one, I guess. The fun doesn't stop there: he's publicly admitted to helping packet IRC servers before! I'm still working on building a rap sheet on Kirch's friend, Brian Bruns, and their Summit Open Source Development Group (which, by all accounts, is a legitimate-looking front for their not-so-legitimate activities). If anyone has any info, mail me privately, and I'll summarize. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messengerl=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliatel=427