!-- #exec cgi="ax.cgi" -->

Take a break guys and gals and have a look at some FREE beautiful horney guys and
young girls from all around the world!
Free "bella ladies and dudes, from all around the world"
Look at em, enjoy em, and if you like you can even go out with one.
Choose the beau you like, their all available!
Note: There is no charge to view, and no pop-up ads!
or try: NEW-BEAUTIFUL
**********************

JUST PRIOR TO THE BIG CAM SERVER ATTACK!

HA HA .. CAM TECHNICIANS JOKE AT MY PERSON! 

From - Thu Aug 19 00:59:40 1999
Received: from chris_m.hip.cam.org (Dialup-507.HIP.CAM.ORG [199.84.45.2])
          by Hydro.CAM.ORG (8.8.8/8.8.4) with SMTP
	  id VAA20434; Wed, 18 Aug 1999 21:51:38 -0400 (EDT)
Message-ID: <37BB622C.1030@cam.org>
Date: Wed, 18 Aug 1999 21:47:24 -0400
From: Chris Meyer 
Reply-To: chris_m@CAM.ORG
Organization: MEYCOM
X-Mailer: Mozilla 3.01Gold (Win95; I)
MIME-Version: 1.0
To: support@CAM.ORG
CC: mich@CAM.ORG, cro@CAM.ORG, webmaster@CAM.ORG
Subject: Seems, that the web 
 
hacker / agressor is staying away today! Maybe afraid to get caught?
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
X-UIDL: 06dda0078e9e37f4919d8397de93b0a7
Status: U
X-Mozilla-Status: 0001
Content-Length: 3047

To: Cam  Support Team!

i am very happy that you are finally doing something that is making a
positive difference to my web site traffic flow. It appears that what i
have been saying for the past few months is true!

Someone has been toying with my web traffic flow! Today Wednesday (which
in the past, has traditionally been the slowest day for web site
activity of the whole week), i already have recieved a constant/steady
flow of traffic for the first time in weeks! i had already 32 hits to my
web pages since you started monitoring my site this morning at ~~ 8:25
AM. This is the first day in a long while, that my web site activity,
although not huge, it is happily at least un-interrupted!
Note: That is not counting your Tracker visits every minute, which i
have disabled from my site tracker reporter (except for an hourly peek
check)!

i have further established, with very little margin of possible error,
that:
As i stated previously --- when traffic is minimal to my web pages, (ie.
my web site is being attacked), all traffic from outside the local area
routed (by the IP header address) through ATM1, is not ending up at its
destination! on those hours of nearly no traffic, i only recieve traffic
comming from ATM4 (usually Europe and the ASIA Pacific Rim)!

Someone i believe, (as soon as either i or you all, get out of a
tracking or watching mode "while were not looking"), sends the Internet
traffic router / Gateway, or ATM switch, the instructions, to dump or
re-route any and all packets, destined to my site through ATM1!

Hope this info is of some help!

PS: i noticed, that when this crap starts or ends happening, i usually
get a bogus lookup search from either Mindspring, AOL or Babelfish-
-DEC.com!

Somehow, during this connection time, i strongly believe, someone is
sending the software codes (instructions) to alter the ATM switches
behavior!

Or perhaps, (God Forbid), someone has the ability call a routine
whenever i recieve traffic to my site, to strip-and-replace the "IP
header address" for my site from the data blocks on the fly, and
replaces my address with their own address instead? 

Regards, and maby thanks for you efforts today and yesterday! It is
encurraging to see some real effort to find the problem, instead if
insisting that nothing is or was wrong.

This could be happening else-where on your server and customers, and you
or everyone else has not noticed it yet, since it only happens on and
off -- several hours each day! Also, it is hard to notice since we seem
to be guaruenteed at least a trickle of traffic through ATM4 24 hours a
day, while other traffic is branched somewhere else or into the
bit-bucket!

i just wonder what will happen, when your monitoring is suspended?

i wonder also, how web activities, (of other members with their own web
site monitoring software) would change, if you monitored their site as
well. Maybe i'm alone with this problem? However; i kind of doubt it.


Regards,

Chris M.  CAM


From - Thu Aug 19 00:59:45 1999
Received: from Tefnut.CAM.ORG (Tefnut.CAM.ORG [198.168.100.42])
          by Hydro.CAM.ORG (8.8.8/8.8.4) with ESMTP
	  id AAA21560; Thu, 19 Aug 1999 00:52:53 -0400 (EDT)
Date: Thu, 19 Aug 1999 00:53:04 -0400 (EDT)
From: Chris Michalak 
To: Chris Meyer 
cc: support@CAM.ORG, webmaster@CAM.ORG
Subject: Re: Seems, that the web hacker / agressor is staying away today!
 Maybe afraid to get caught?
In-Reply-To: <37BB622C.1030@cam.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-UIDL: e0cec348c6d573240b76f9b7b16be4f8
X-Mozilla-Status: 0011
Content-Length: 6815


On Wed, 18 Aug 1999, Chris Meyer wrote:

> To: Cam  Support Team!
> 
> i am very happy that you are finally doing something that is making a
> positive difference to my web site traffic flow. It appears that what i
> have been saying for the past few months is true!

Yes you have been right all along. And after months of difficulties, we
have finaly enlisted the help of the little green men known as the
gwydions (you may have seen their logs visiting your web site, they
control the gwydion.ofc.cam.org domain). They seem to have managed, after
numerous battles in cyberspace, to neutralise the infiltrators of your web
site.

> 
> Someone has been toying with my web traffic flow! Today Wednesday (which
> in the past, has traditionally been the slowest day for web site
> activity of the whole week), i already have recieved a constant/steady
> flow of traffic for the first time in weeks! i had already 32 hits to my
> web pages since you started monitoring my site this morning at ~~ 8:25
> AM. This is the first day in a long while, that my web site activity,
> although not huge, it is happily at least un-interrupted!
> Note: That is not counting your Tracker visits every minute, which i
> have disabled from my site tracker reporter (except for an hourly peek
> check)!

Yes it is true. With the help of our friends the gwydions, we have been
able to locate a blanxter installed on our 10Mbps uplink to UUNET. This
device was implated in our server room, apparently when all CAM employees
were gone for lunch. Due to it's secure attachment to the fiber optic
line, the gwydions were not able to remove the device. However by rewiring
the DC fan motors of the power supplies of some unused 486s in the office,
we were able to create enough electromagnetic interference to reduce the
effects of the blanxter. Since this discovery, most CAM employees have
been waking up exeptionaly early, at about 8am, to monitor your site.
According to the gwydions, only 10% of the traffic is going through to
your site. This is up from about 4% before the DC fans were rewired.


> 
> i have further established, with very little margin of possible error,
> that:
> As i stated previously --- when traffic is minimal to my web pages, (ie.
> my web site is being attacked), all traffic from outside the local area
> routed (by the IP header address) through ATM1, is not ending up at its
> destination! on those hours of nearly no traffic, i only recieve traffic
> comming from ATM4 (usually Europe and the ASIA Pacific Rim)!

Your vast experience in networking has enabled you to diagnose this
problem with exeptional precision! In fact, the gwydions were speaking of
a similar thing. Unfortunetly, they're flying saucer was needed in another
part of the galaxie, so we didn't get a full explanation. However, it was
made clear that the blanxter had powerful control of people's sleep
pattern. In fact, it would appear that at certain times of the day, most
people misteriously fall asleep in certain continents. Consequent to this
loss of consiousness, residents of the area are no longer able to visit
your site. This behaviour of the blanxter is not fully understood, but the
gwydions have promissed to look into it next time they are in our galaxie.

> 
> Someone i believe, (as soon as either i or you all, get out of a
> tracking or watching mode "while were not looking"), sends the Internet
> traffic router / Gateway, or ATM switch, the instructions, to dump or
> re-route any and all packets, destined to my site through ATM1!

Our wonderfull webmaster has left us. He decided to join the gwydions for
a short jaunt through the universe to learn more about the blanxter. He
will return shortly, and hopefully will have learned enough from his
galactic travels to be of assistance to finaly destroy the blanxter with
all the force and might that only a webmaster has!

> 
> Hope this info is of some help!
> 
> PS: i noticed, that when this crap starts or ends happening, i usually
> get a bogus lookup search from either Mindspring, AOL or Babelfish-
> -DEC.com!

Sometimes the boogie man looks me up in the phone book.

> 
> Somehow, during this connection time, i strongly believe, someone is
> sending the software codes (instructions) to alter the ATM switches
> behavior!
> 
> Or perhaps, (God Forbid), someone has the ability call a routine
> whenever i recieve traffic to my site, to strip-and-replace the "IP
> header address" for my site from the data blocks on the fly, and
> replaces my address with their own address instead? 

Are you suggesting that there is more to this then just the blanxster ?
Well, we did here something from the little blue men known as the zods
(zod.ofc.cam.org).. They told us of a device known as the plingrim. We may
have one of those secrectly installed on our network too. Unfortunetly,
like the deadly gas carbon monoxide, it is colorless and odorless. This
has prevented us from detecting it.

> 
> Regards, and maby thanks for you efforts today and yesterday! It is
> encurraging to see some real effort to find the problem, instead if
> insisting that nothing is or was wrong.

Yes... It was a difficult task. The gwydions do not accept canadian
dollars as payment for services. We had to pay them in pure plutonium
rods. 8 in total. We had a hard time convincing the US military to sell us
those rods. We finaly decided to send one of CAM's tech support employees
to Russia to find a better deal. He found the rods under a pile of rubble.
Unfortunetly, due to the radiation exposure, the employee, who will remain
unamed, has grown a third eye. His 50% increase in opthamologist fees
will be difficult to absorb by our collective eye insurance.

> 
> This could be happening else-where on your server and customers, and you
> or everyone else has not noticed it yet, since it only happens on and
> off -- several hours each day! Also, it is hard to notice since we seem
> to be guaruenteed at least a trickle of traffic through ATM4 24 hours a
> day, while other traffic is branched somewhere else or into the
> bit-bucket!
> 
> i just wonder what will happen, when your monitoring is suspended?
> 
> i wonder also, how web activities, (of other members with their own web
> site monitoring software) would change, if you monitored their site as
> well. Maybe i'm alone with this problem? However; i kind of doubt it.

I used to think, maybe we are alone in the universe ? I kind of doubted
it. Now that I've seen the gwyidions and the zods, I know we aren't.

> 
> 
> Regards,
> 
> Chris M.  CAM
> 
> 

Service with a smile.

Christophe Michalak
Technical Support Technique
CAM Internet
(514) 529-3000 x. 300



From - Thu Aug 19 01:53:24 1999
Received: from enki.CAM.ORG (enki.CAM.ORG [198.168.100.38])
          by Hydro.CAM.ORG (8.8.8/8.8.4) with ESMTP
	  id BAA29333; Thu, 19 Aug 1999 01:15:38 -0400 (EDT)
Date: Thu, 19 Aug 1999 01:15:48 -0400 (EDT)
From: Jonathan Geagea 
To: Chris Michalak 
cc: Chris Meyer , support@CAM.ORG, webmaster@CAM.ORG
Subject: Re: Seems, that the web hacker / agressor is staying away today!
 Maybe afraid to get caught?
In-Reply-To: 
Message-ID: 
MIME-Version: 1.0
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
X-UIDL: 1d2ca87f4e5f83a4c5df8fca7d73f527
Status: U
X-Mozilla-Status: 0011
Content-Length: 7468



THAT WAS SIMPLY HILARIOUS!!! =20


Bien =E0 vous,
Regards,
Jonathan Geagea----->514-529-3000-300

"...  And knowing is half the battle."=09
=09=09=09=09G.I. Joe



On Thu, 19 Aug 1999, Chris Michalak wrote:

>=20
> On Wed, 18 Aug 1999, Chris Meyer wrote:
>=20
> > To: Cam  Support Team!
> >=20
> > i am very happy that you are finally doing something that is making a
> > positive difference to my web site traffic flow. It appears that what i
> > have been saying for the past few months is true!
>=20
> Yes you have been right all along. And after months of difficulties, we
> have finaly enlisted the help of the little green men known as the
> gwydions (you may have seen their logs visiting your web site, they
> control the gwydion.ofc.cam.org domain). They seem to have managed, after
> numerous battles in cyberspace, to neutralise the infiltrators of your we=
b
> site.
>=20
> >=20
> > Someone has been toying with my web traffic flow! Today Wednesday (whic=
h
> > in the past, has traditionally been the slowest day for web site
> > activity of the whole week), i already have recieved a constant/steady
> > flow of traffic for the first time in weeks! i had already 32 hits to m=
y
> > web pages since you started monitoring my site this morning at ~~ 8:25
> > AM. This is the first day in a long while, that my web site activity,
> > although not huge, it is happily at least un-interrupted!
> > Note: That is not counting your Tracker visits every minute, which i
> > have disabled from my site tracker reporter (except for an hourly peek
> > check)!
>=20
> Yes it is true. With the help of our friends the gwydions, we have been
> able to locate a blanxter installed on our 10Mbps uplink to UUNET. This
> device was implated in our server room, apparently when all CAM employees
> were gone for lunch. Due to it's secure attachment to the fiber optic
> line, the gwydions were not able to remove the device. However by rewirin=
g
> the DC fan motors of the power supplies of some unused 486s in the office=
,
> we were able to create enough electromagnetic interference to reduce the
> effects of the blanxter. Since this discovery, most CAM employees have
> been waking up exeptionaly early, at about 8am, to monitor your site.
> According to the gwydions, only 10% of the traffic is going through to
> your site. This is up from about 4% before the DC fans were rewired.
>=20
>=20
> >=20
> > i have further established, with very little margin of possible error,
> > that:
> > As i stated previously --- when traffic is minimal to my web pages, (ie=
=2E
> > my web site is being attacked), all traffic from outside the local area
> > routed (by the IP header address) through ATM1, is not ending up at its
> > destination! on those hours of nearly no traffic, i only recieve traffi=
c
> > comming from ATM4 (usually Europe and the ASIA Pacific Rim)!
>=20
> Your vast experience in networking has enabled you to diagnose this
> problem with exeptional precision! In fact, the gwydions were speaking of
> a similar thing. Unfortunetly, they're flying saucer was needed in anothe=
r
> part of the galaxie, so we didn't get a full explanation. However, it was
> made clear that the blanxter had powerful control of people's sleep
> pattern. In fact, it would appear that at certain times of the day, most
> people misteriously fall asleep in certain continents. Consequent to this
> loss of consiousness, residents of the area are no longer able to visit
> your site. This behaviour of the blanxter is not fully understood, but th=
e
> gwydions have promissed to look into it next time they are in our galaxie=
=2E
>=20
> >=20
> > Someone i believe, (as soon as either i or you all, get out of a
> > tracking or watching mode "while were not looking"), sends the Internet
> > traffic router / Gateway, or ATM switch, the instructions, to dump or
> > re-route any and all packets, destined to my site through ATM1!
>=20
> Our wonderfull webmaster has left us. He decided to join the gwydions for
> a short jaunt through the universe to learn more about the blanxter. He
> will return shortly, and hopefully will have learned enough from his
> galactic travels to be of assistance to finaly destroy the blanxter with
> all the force and might that only a webmaster has!
>=20
> >=20
> > Hope this info is of some help!
> >=20
> > PS: i noticed, that when this crap starts or ends happening, i usually
> > get a bogus lookup search from either Mindspring, AOL or Babelfish-
> > -DEC.com!
>=20
> Sometimes the boogie man looks me up in the phone book.
>=20
> >=20
> > Somehow, during this connection time, i strongly believe, someone is
> > sending the software codes (instructions) to alter the ATM switches
> > behavior!
> >=20
> > Or perhaps, (God Forbid), someone has the ability call a routine
> > whenever i recieve traffic to my site, to strip-and-replace the "IP
> > header address" for my site from the data blocks on the fly, and
> > replaces my address with their own address instead?=20
>=20
> Are you suggesting that there is more to this then just the blanxster ?
> Well, we did here something from the little blue men known as the zods
> (zod.ofc.cam.org).. They told us of a device known as the plingrim. We ma=
y
> have one of those secrectly installed on our network too. Unfortunetly,
> like the deadly gas carbon monoxide, it is colorless and odorless. This
> has prevented us from detecting it.
>=20
> >=20
> > Regards, and maby thanks for you efforts today and yesterday! It is
> > encurraging to see some real effort to find the problem, instead if
> > insisting that nothing is or was wrong.
>=20
> Yes... It was a difficult task. The gwydions do not accept canadian
> dollars as payment for services. We had to pay them in pure plutonium
> rods. 8 in total. We had a hard time convincing the US military to sell u=
s
> those rods. We finaly decided to send one of CAM's tech support employees
> to Russia to find a better deal. He found the rods under a pile of rubble=
=2E
> Unfortunetly, due to the radiation exposure, the employee, who will remai=
n
> unamed, has grown a third eye. His 50% increase in opthamologist fees
> will be difficult to absorb by our collective eye insurance.
>=20
> >=20
> > This could be happening else-where on your server and customers, and yo=
u
> > or everyone else has not noticed it yet, since it only happens on and
> > off -- several hours each day! Also, it is hard to notice since we seem
> > to be guaruenteed at least a trickle of traffic through ATM4 24 hours a
> > day, while other traffic is branched somewhere else or into the
> > bit-bucket!
> >=20
> > i just wonder what will happen, when your monitoring is suspended?
> >=20
> > i wonder also, how web activities, (of other members with their own web
> > site monitoring software) would change, if you monitored their site as
> > well. Maybe i'm alone with this problem? However; i kind of doubt it.
>=20
> I used to think, maybe we are alone in the universe ? I kind of doubted
> it. Now that I've seen the gwyidions and the zods, I know we aren't.
>=20
> >=20
> >=20
> > Regards,
> >=20
> > Chris M.  CAM
> >=20
> >=20
>=20
> Service with a smile.
>=20
> Christophe Michalak
> Technical Support Technique
> CAM Internet
> (514) 529-3000 x. 300
>=20
>=20


From - Thu Aug 19 01:53:54 1999
Received: from chris_m.hip.cam.org (Dialup-509.HIP.CAM.ORG [199.84.45.4])
          by Hydro.CAM.ORG (8.8.8/8.8.4) with SMTP
	  id BAA01664; Thu, 19 Aug 1999 01:38:27 -0400 (EDT)
Message-ID: <37BB985A.383A@cam.org>
Date: Thu, 19 Aug 1999 01:38:34 -0400
From: Chris Meyer 
Reply-To: chris_m@CAM.ORG
Organization: MEYCOM
X-Mailer: Mozilla 3.01Gold (Win95; I)
MIME-Version: 1.0
To: cmich@CAM.ORG
CC: support@CAM.ORG, webmaster@CAM.ORG, cro@CAM.ORG
Subject: Re: Seems, that the web 

hacker / agressor is staying away today! Maybe afraid to get caught?
References: 
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
X-UIDL: 79393398e9b86f1f5b8bef64e0b8c044
Status: U
X-Mozilla-Status: 0010
Content-Length: 9006

Chris Michalak wrote:
> 
> On Wed, 18 Aug 1999, Chris Meyer wrote:
> 
> > To: Cam  Support Team!
> >
> > i am very happy that you are finally doing something that is making a
> > positive difference to my web site traffic flow. It appears that what i
> > have been saying for the past few months is true!
> 
> Yes you have been right all along. And after months of difficulties, we
> have finaly enlisted the help of the little green men known as the
> gwydions (you may have seen their logs visiting your web site, they
> control the gwydion.ofc.cam.org domain). They seem to have managed, after
> numerous battles in cyberspace, to neutralise the infiltrators of your web
> site.
> 
> >
> > Someone has been toying with my web traffic flow! Today Wednesday (which
> > in the past, has traditionally been the slowest day for web site
> > activity of the whole week), i already have recieved a constant/steady
> > flow of traffic for the first time in weeks! i had already 32 hits to my
> > web pages since you started monitoring my site this morning at ~~ 8:25
> > AM. This is the first day in a long while, that my web site activity,
> > although not huge, it is happily at least un-interrupted!
> > Note: That is not counting your Tracker visits every minute, which i
> > have disabled from my site tracker reporter (except for an hourly peek
> > check)!
> 
> Yes it is true. With the help of our friends the gwydions, we have been
> able to locate a blanxter installed on our 10Mbps uplink to UUNET. This
> device was implated in our server room, apparently when all CAM employees
> were gone for lunch. Due to it's secure attachment to the fiber optic
> line, the gwydions were not able to remove the device. However by rewiring
> the DC fan motors of the power supplies of some unused 486s in the office,
> we were able to create enough electromagnetic interference to reduce the
> effects of the blanxter. Since this discovery, most CAM employees have
> been waking up exeptionaly early, at about 8am, to monitor your site.
> According to the gwydions, only 10% of the traffic is going through to
> your site. This is up from about 4% before the DC fans were rewired.
> 
> >
> > i have further established, with very little margin of possible error,
> > that:
> > As i stated previously --- when traffic is minimal to my web pages, (ie.
> > my web site is being attacked), all traffic from outside the local area
> > routed (by the IP header address) through ATM1, is not ending up at its
> > destination! on those hours of nearly no traffic, i only recieve traffic
> > comming from ATM4 (usually Europe and the ASIA Pacific Rim)!
> 
> Your vast experience in networking has enabled you to diagnose this
> problem with exeptional precision! In fact, the gwydions were speaking of
> a similar thing. Unfortunetly, they're flying saucer was needed in another
> part of the galaxie, so we didn't get a full explanation. However, it was
> made clear that the blanxter had powerful control of people's sleep
> pattern. In fact, it would appear that at certain times of the day, most
> people misteriously fall asleep in certain continents. Consequent to this
> loss of consiousness, residents of the area are no longer able to visit
> your site. This behaviour of the blanxter is not fully understood, but the
> gwydions have promissed to look into it next time they are in our galaxie.
> 
> >
> > Someone i believe, (as soon as either i or you all, get out of a
> > tracking or watching mode "while were not looking"), sends the Internet
> > traffic router / Gateway, or ATM switch, the instructions, to dump or
> > re-route any and all packets, destined to my site through ATM1!
> 
> Our wonderfull webmaster has left us. He decided to join the gwydions for
> a short jaunt through the universe to learn more about the blanxter. He
> will return shortly, and hopefully will have learned enough from his
> galactic travels to be of assistance to finaly destroy the blanxter with
> all the force and might that only a webmaster has!
> 
> >
> > Hope this info is of some help!
> >
> > PS: i noticed, that when this crap starts or ends happening, i usually
> > get a bogus lookup search from either Mindspring, AOL or Babelfish-
> > -DEC.com!
> 
> Sometimes the boogie man looks me up in the phone book.
> 
> >
> > Somehow, during this connection time, i strongly believe, someone is
> > sending the software codes (instructions) to alter the ATM switches
> > behavior!
> >
> > Or perhaps, (God Forbid), someone has the ability call a routine
> > whenever i recieve traffic to my site, to strip-and-replace the "IP
> > header address" for my site from the data blocks on the fly, and
> > replaces my address with their own address instead?
> 
> Are you suggesting that there is more to this then just the blanxster ?
> Well, we did here something from the little blue men known as the zods
> (zod.ofc.cam.org).. They told us of a device known as the plingrim. We may
> have one of those secrectly installed on our network too. Unfortunetly,
> like the deadly gas carbon monoxide, it is colorless and odorless. This
> has prevented us from detecting it.
> 
> >
> > Regards, and maby thanks for you efforts today and yesterday! It is
> > encurraging to see some real effort to find the problem, instead if
> > insisting that nothing is or was wrong.
> 
> Yes... It was a difficult task. The gwydions do not accept canadian
> dollars as payment for services. We had to pay them in pure plutonium
> rods. 8 in total. We had a hard time convincing the US military to sell us
> those rods. We finaly decided to send one of CAM's tech support employees
> to Russia to find a better deal. He found the rods under a pile of rubble.
> Unfortunetly, due to the radiation exposure, the employee, who will remain
> unamed, has grown a third eye. His 50% increase in opthamologist fees
> will be difficult to absorb by our collective eye insurance.
> 
> >
> > This could be happening else-where on your server and customers, and you
> > or everyone else has not noticed it yet, since it only happens on and
> > off -- several hours each day! Also, it is hard to notice since we seem
> > to be guaruenteed at least a trickle of traffic through ATM4 24 hours a
> > day, while other traffic is branched somewhere else or into the
> > bit-bucket!
> >
> > i just wonder what will happen, when your monitoring is suspended?
> >
> > i wonder also, how web activities, (of other members with their own web
> > site monitoring software) would change, if you monitored their site as
> > well. Maybe i'm alone with this problem? However; i kind of doubt it.
> 
> I used to think, maybe we are alone in the universe ? I kind of doubted
> it. Now that I've seen the gwyidions and the zods, I know we aren't.
> 
> >
> >
> > Regards,
> >
> > Chris M.  CAM
> >
> >
> 
> Service with a smile.
> 
> Christophe Michalak
> Technical Support Technique
> CAM Internet
> (514) 529-3000 x. 300


You're a nut case!

i suppose you are not aware of a simple element of all Gateways/Switches
relating to ARP and RARP, by which a network name (RARP) address (ie.
www.cam.org/~chris_m/.....) is translated to a logical/physical address?

The same is true in the reverse direction! ARP by which an address (iw
199.84.45.xxx is translated in the UNIX system or Gateway through a
look-up table, to a logical / Physical connection.

There is today available, equipment that does this on the fly, while the
connections and messages are being transfered, as well as in and on the
servers the messages go through or are stored.

It is a relatively easy task to change these lookup table values, and
redirect traffic from one specified (Socket or connection point) to
quite another, by a simple means of changing the ARP/RARP table!

If for example, i worked at CAM, and had access to some of the
equipment. I could sent mail destined to you while you have a long
vacation in LaLa land, and no-one would ever know you were in LaLa land!

In fact, i could steal your web sites, copy them to my site, direct
everyone that looks to find your web pages ---> to my pages, and no-one
would be the wiser (except maybe you who notices that there are gaps in
your web site visits)!

Now bug off with your non-sense!

Maybe you have nothing better to do over there than pester your
customers with idle sillyness.

Maybe you should take up writing fiction. You seem better at that than
tracking down a serious violation of that which i pay you all for; --
(web access to my sites from anywhere in the world, and at all times!) 


Give me a few hours at your T1 or ISDN line with a good datascope (i
doubt if you even know what that is), and i'll find out what the problem
is! 

By the way; i hope who-ever is in France from your all company, is
having a good time!

Chris M.


From - Thu Aug 19 13:22:30 1999
Received: from Tefnut.CAM.ORG (Tefnut.CAM.ORG [198.168.100.42])
          by Hydro.CAM.ORG (8.8.8/8.8.4) with ESMTP
	  id CAA06272; Thu, 19 Aug 1999 02:18:45 -0400 (EDT)
Date: Thu, 19 Aug 1999 02:18:56 -0400 (EDT)
From: Chris Michalak 
To: Chris Meyer 
cc: support@CAM.ORG, webmaster@CAM.ORG
Subject: Re: Seems, that the web hacker / agressor is staying away today!
 Maybe afraid to get caught?
In-Reply-To: <37BB985A.383A@cam.org>
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-UIDL: a9817a676c2a88fdc75843d7797271cc
Status: U
X-Mozilla-Status: 0015
Content-Length: 9561


On Thu, 19 Aug 1999, Chris Meyer wrote:

> Chris Michalak wrote:
> > 
> > On Wed, 18 Aug 1999, Chris Meyer wrote:
> > 
> > > To: Cam  Support Team!
> > >
> > > i am very happy that you are finally doing something that is making a
> > > positive difference to my web site traffic flow. It appears that what i
> > > have been saying for the past few months is true!
> > 
> > Yes you have been right all along. And after months of difficulties, we
> > have finaly enlisted the help of the little green men known as the
> > gwydions (you may have seen their logs visiting your web site, they
> > control the gwydion.ofc.cam.org domain). They seem to have managed, after
> > numerous battles in cyberspace, to neutralise the infiltrators of your web
> > site.
> > 
> > >
> > > Someone has been toying with my web traffic flow! Today Wednesday (which
> > > in the past, has traditionally been the slowest day for web site
> > > activity of the whole week), i already have recieved a constant/steady
> > > flow of traffic for the first time in weeks! i had already 32 hits to my
> > > web pages since you started monitoring my site this morning at ~~ 8:25
> > > AM. This is the first day in a long while, that my web site activity,
> > > although not huge, it is happily at least un-interrupted!
> > > Note: That is not counting your Tracker visits every minute, which i
> > > have disabled from my site tracker reporter (except for an hourly peek
> > > check)!
> > 
> > Yes it is true. With the help of our friends the gwydions, we have been
> > able to locate a blanxter installed on our 10Mbps uplink to UUNET. This
> > device was implated in our server room, apparently when all CAM employees
> > were gone for lunch. Due to it's secure attachment to the fiber optic
> > line, the gwydions were not able to remove the device. However by rewiring
> > the DC fan motors of the power supplies of some unused 486s in the office,
> > we were able to create enough electromagnetic interference to reduce the
> > effects of the blanxter. Since this discovery, most CAM employees have
> > been waking up exeptionaly early, at about 8am, to monitor your site.
> > According to the gwydions, only 10% of the traffic is going through to
> > your site. This is up from about 4% before the DC fans were rewired.
> > 
> > >
> > > i have further established, with very little margin of possible error,
> > > that:
> > > As i stated previously --- when traffic is minimal to my web pages, (ie.
> > > my web site is being attacked), all traffic from outside the local area
> > > routed (by the IP header address) through ATM1, is not ending up at its
> > > destination! on those hours of nearly no traffic, i only recieve traffic
> > > comming from ATM4 (usually Europe and the ASIA Pacific Rim)!
> > 
> > Your vast experience in networking has enabled you to diagnose this
> > problem with exeptional precision! In fact, the gwydions were speaking of
> > a similar thing. Unfortunetly, they're flying saucer was needed in another
> > part of the galaxie, so we didn't get a full explanation. However, it was
> > made clear that the blanxter had powerful control of people's sleep
> > pattern. In fact, it would appear that at certain times of the day, most
> > people misteriously fall asleep in certain continents. Consequent to this
> > loss of consiousness, residents of the area are no longer able to visit
> > your site. This behaviour of the blanxter is not fully understood, but the
> > gwydions have promissed to look into it next time they are in our galaxie.
> > 
> > >
> > > Someone i believe, (as soon as either i or you all, get out of a
> > > tracking or watching mode "while were not looking"), sends the Internet
> > > traffic router / Gateway, or ATM switch, the instructions, to dump or
> > > re-route any and all packets, destined to my site through ATM1!
> > 
> > Our wonderfull webmaster has left us. He decided to join the gwydions for
> > a short jaunt through the universe to learn more about the blanxter. He
> > will return shortly, and hopefully will have learned enough from his
> > galactic travels to be of assistance to finaly destroy the blanxter with
> > all the force and might that only a webmaster has!
> > 
> > >
> > > Hope this info is of some help!
> > >
> > > PS: i noticed, that when this crap starts or ends happening, i usually
> > > get a bogus lookup search from either Mindspring, AOL or Babelfish-
> > > -DEC.com!
> > 
> > Sometimes the boogie man looks me up in the phone book.
> > 
> > >
> > > Somehow, during this connection time, i strongly believe, someone is
> > > sending the software codes (instructions) to alter the ATM switches
> > > behavior!
> > >
> > > Or perhaps, (God Forbid), someone has the ability call a routine
> > > whenever i recieve traffic to my site, to strip-and-replace the "IP
> > > header address" for my site from the data blocks on the fly, and
> > > replaces my address with their own address instead?
> > 
> > Are you suggesting that there is more to this then just the blanxster ?
> > Well, we did here something from the little blue men known as the zods
> > (zod.ofc.cam.org).. They told us of a device known as the plingrim. We may
> > have one of those secrectly installed on our network too. Unfortunetly,
> > like the deadly gas carbon monoxide, it is colorless and odorless. This
> > has prevented us from detecting it.
> > 
> > >
> > > Regards, and maby thanks for you efforts today and yesterday! It is
> > > encurraging to see some real effort to find the problem, instead if
> > > insisting that nothing is or was wrong.
> > 
> > Yes... It was a difficult task. The gwydions do not accept canadian
> > dollars as payment for services. We had to pay them in pure plutonium
> > rods. 8 in total. We had a hard time convincing the US military to sell us
> > those rods. We finaly decided to send one of CAM's tech support employees
> > to Russia to find a better deal. He found the rods under a pile of rubble.
> > Unfortunetly, due to the radiation exposure, the employee, who will remain
> > unamed, has grown a third eye. His 50% increase in opthamologist fees
> > will be difficult to absorb by our collective eye insurance.
> > 
> > >
> > > This could be happening else-where on your server and customers, and you
> > > or everyone else has not noticed it yet, since it only happens on and
> > > off -- several hours each day! Also, it is hard to notice since we seem
> > > to be guaruenteed at least a trickle of traffic through ATM4 24 hours a
> > > day, while other traffic is branched somewhere else or into the
> > > bit-bucket!
> > >
> > > i just wonder what will happen, when your monitoring is suspended?
> > >
> > > i wonder also, how web activities, (of other members with their own web
> > > site monitoring software) would change, if you monitored their site as
> > > well. Maybe i'm alone with this problem? However; i kind of doubt it.
> > 
> > I used to think, maybe we are alone in the universe ? I kind of doubted
> > it. Now that I've seen the gwyidions and the zods, I know we aren't.
> > 
> > >
> > >
> > > Regards,
> > >
> > > Chris M.  CAM
> > >
> > >
> > 
> > Service with a smile.
> > 
> > Christophe Michalak
> > Technical Support Technique
> > CAM Internet
> > (514) 529-3000 x. 300
> 
> 
> You're a nut case!
> 
> i suppose you are not aware of a simple element of all Gateways/Switches
> relating to ARP and RARP, by which a network name (RARP) address (ie.
> www.cam.org/~chris_m/.....) is translated to a logical/physical address?
> 
> The same is true in the reverse direction! ARP by which an address (iw
> 199.84.45.xxx is translated in the UNIX system or Gateway through a
> look-up table, to a logical / Physical connection.
> 
> There is today available, equipment that does this on the fly, while the
> connections and messages are being transfered, as well as in and on the
> servers the messages go through or are stored.
> 
> It is a relatively easy task to change these lookup table values, and
> redirect traffic from one specified (Socket or connection point) to
> quite another, by a simple means of changing the ARP/RARP table!
> 
> If for example, i worked at CAM, and had access to some of the
> equipment. I could sent mail destined to you while you have a long
> vacation in LaLa land, and no-one would ever know you were in LaLa land!
> 
> In fact, i could steal your web sites, copy them to my site, direct
> everyone that looks to find your web pages ---> to my pages, and no-one
> would be the wiser (except maybe you who notices that there are gaps in
> your web site visits)!
> 
> Now bug off with your non-sense!
> 
> Maybe you have nothing better to do over there than pester your
> customers with idle sillyness.
> 
> Maybe you should take up writing fiction. You seem better at that than
> tracking down a serious violation of that which i pay you all for; --
> (web access to my sites from anywhere in the world, and at all times!) 
> 
> 
> Give me a few hours at your T1 or ISDN line with a good datascope (i
> doubt if you even know what that is), and i'll find out what the problem
> is! 
> 
> By the way; i hope who-ever is in France from your all company, is
> having a good time!
> 
> Chris M.
> 

Ok. Thank you for your input.

Christophe Michalak
Technical Support Technique
CAM Internet
(514) 529-3000 x. 300