Hacker Court Carole Fennelly Jonathan Klein Richard Salgado

Jonathan Klein – Defense Expert Witness Jennifer Granick – Counsel for the Defendant Richard

ass bank (ejones) (lgeorge) bite (ddrago) boy (rjones) bye (mjones) cat (rthieme) chair (rbottom)

Nov 15 16: 07 2001 FLIGHT=PROD Time: 20: 28 - 01: 28 SQL results

D dbo TOWER Oct 23 2001 23: 17: 02 RATCO D dbo TOWER Oct

U msimpson TOWER Oct 24 2001 00: 29: 18 U msimpson TOWER Oct 24

15 2 * 4 * /usr/local/flight/db_backup 0 2 * * * /usr/local/flight/maintenance. csh 15,

isql -Usa -S$DSQUERY -P$PASSWD <<-! >>& $LOG select @@servername go. . print " "

Oct 23 22: 08: 28 guardian web-gw[7361]: permit destination 63. 251. 224. 177/8200 ID=73617397555

Oct 23 22: 54: 31 guardian web-gw[7362]: permit host=nodnsquery/10. 37. 130 use of proxy

Oct 23 19: 14: 52 tower su: [ID 366847 auth. notice] 'su root' succeeded

Speed Bump Communications (NETBLK-SB-143 -30) 1 Communcations Drive Reston, VA US Netname: SB-143 -30

rthieme: eo. Vxrmzba 5 g. Nw: 11891: : : asmith: mo. Uzi. W. 7

rthieme: x: 1000: 10: Richard Thieme: /opt/local/dragon: /bin/ksh asmith: x: 1001: 10: Angela Smith:

tryvyh. Zx. Ck 206: ass Np. Y 8 j 4/wd. Yy. SI: bank 5

Session begins 22 -Oct-2001 21: 45: 02 *** fbot (~fbot@shell. dhp. com) has joined

[munge(vesicant@forced. attrition. org)] howdy <rblock> not like the courts will believe me. everyone would

Session begins 25 -Oct-2001 11: 00: 15 *** squido (~squidsy@c 216 -92 -122 -93.

Session begins 18 -Jun-2001 11: 03: 20 <rblock> gah i'm tired of work shit

Oct 23 22: 45: 22 guardian web-gw[7371]: exit host=nodnsquery/10. 39. 35 cmds=0, in=96, out=92,

Oct 23 01: 09: 55 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 22. 100 use of

if ($DSQUERY == "PROD" || $DSQUERY == "DENVER" || $DSQUERY == "BETA" || $DSQUERY

Registrant: Richard A. Thieme Transport Company (RATCO-DOM) 999 State St Falls Church, VA US

Registrant: Spring. Field International Airport(SIA-DOM) 1 Flight Drive Spring. Field, MD US Domain Name:

Registrant: Speed Bump Communications(SPEED-DOM) 1 Communications Drive Reston, VA US Domain Name: SPEEDBUMP. COM

Slides: 28

Download presentation

Hacker Court Carole Fennelly, Jonathan Klein, Richard Salgado, Jesse Kornblum, Don Cavender, Rebecca Bace, William Tafoya, Richard Thieme, Jennifer Granick, Brian Martin, Kevin Manson, Simple Nomad & Jack Holleran

Jonathan Klein – Defense Expert Witness Jennifer Granick – Counsel for the Defendant Richard Thieme – The owner of one of the victims, Richard’s Air Transport Company Brian Martin – The Defendant Jack Holleran – Oscar J. Simpson, senior system administrator for RATCOM Jesse Kornblum – Special Agent for the Air Force Office of Special Investigations Don Cavender – investigative special agent from the FBI Richard Salgado – represents the people Rebecca Bace – Judge Judith Chamberlain Wapner (presiding judge)

ass bank (ejones) (lgeorge) bite (ddrago) boy (rjones) bye (mjones) cat (rthieme) chair (rbottom) creep (pklutz) cross (pprop) cry (kkruk) date (kstern) day (kkluk) dog (asmith) eat (lchan) fade (ldoor) friend (fsmith) gate (cchan) gin (mstein) girl (lsmith) goat got green (tjones) (pstein) (mschwartz)

Nov 15 16: 07 2001 FLIGHT=PROD Time: 20: 28 - 01: 28 SQL results from auditlog_flight_dump. sql Page 1 Action USERNAME Hostname Audit_Date_And_Time --------------- OLD_DATA ---- I dbo TOWER Oct 23 2001 20: 29: 16 Null VALUE 346827 I dbo TOWER Oct 23 2001 20: 38: 17 0 I dbo TOWER Oct 23 2001 20: 49: 18 D I dbo TOWER Oct 23 2001 21: 02: 18 Y I dbo TOWER Oct 23 2001 21: 05: 18 2840 I dbo TOWER Oct 23 2001 21: 39: 18 0 258 I dbo TOWER Oct 23 2001 21: 49: 18 0 14 13088 D dbo TOWER Oct 23 2001 22: 47: 38 RATCO D dbo TOWER Oct 23 2001 22: 49: 17 RATCOM U dbo TOWER Oct 23 2001 22: 51: 18 01/01/1900 04/01/2002 I dbo TOWER Oct 23 2001 22: 52: 18 01/01/1900 03/15/2021 I dbo TOWER Oct 23 2001 22: 59: 18 01/01/1900 05/15/2002 I dbo TOWER Oct 23 2001 23: 09: 18 V I dbo TOWER Oct 23 2001 23: 13: 23 USD I dbo TOWER Oct 23 2001 23: 14: 18 USD U dbo TOWER Oct 23 2001 23: 15: 37 01/01/1900 12/15/2035 U dbo TOWER Oct 23 2001 23: 16: 41 01/01/1900 08/01/2001 NEW_DATA

D dbo TOWER Oct 23 2001 23: 17: 02 RATCO D dbo TOWER Oct 23 2001 23: 19: 17 RATCOM U dbo TOWER Oct 23 2001 23: 22: 24 5005 U dbo TOWER Oct 23 2001 23: 21 AX I dbo TOWER Oct 23 2001 23: 38: 21 I dbo TOWER Oct 23 2001 23: 39: 21 Y U dbo TOWER Oct 23 2001 23: 41: 22 -1 60640 U dbo TOWER Oct 23 2001 23: 42: 26 D P U msimpson TOWER U ojsimpson TOWER D dbo TOWER Oct 23 2001 23: 47: 38 RATCO D dbo TOWER Oct 23 2001 23: 49: 17 RATCOM U ojsimpson Oct 23 2001 23: 43: 19 0 Oct 23 2001 23: 44: 28 TOWER ojsimpson TOWER Oct 24 2001 00: 02: 23 I ojsimpson TOWER Oct 24 2001 00: 07: 30 0 I acook TOWER Z Oct 23 2001 23: 53: 28 01/01/1900 I U 13 Oct 24 2001 00: 09: 04 11/15/2035 N 10 60 acook TOWER XCSP Oct 24 2001 00: 15: 03 71240 U msimpson TOWER Oct 24 2001 00: 16: 51 0. 000000 0. 709000 D dbo TOWER Oct 24 2001 00: 17: 38 RATCO D dbo TOWER Oct 24 2001 00: 19: 17 RATCOM U msimpson TOWER Oct 24 2001 00: 04: 51 U msimpson TOWER Oct 24 2001 00: 06: 31 0. 709000 0. 709031 46827 M I msimpson TOWER Oct 24 2001 00: 29: 16 Null VALUE I msimpson TOWER Oct 24 2001 00: 29: 18 AAA

U msimpson TOWER Oct 24 2001 00: 29: 18 U msimpson TOWER Oct 24 2001 00: 29: 30 01/01/1900 I U I msimpson TOWER AAA Oct 24 2001 00: 29: 31 acook TOWER AAA Oct 24 2001 00: 26: 01 Oct 24 2001 00: 27: 40 U ojsimpson TOWER Oct 24 2001 00: 38: 29 D dbo TOWER Oct 24 2001 00: 37: 38 RATCO D dbo TOWER Oct 24 2001 00: 39: 17 RATCOM 04/04/2002 1 CMBS Z| | 236 M I ojsimpson TOWER Oct 24 2001 00: 42: 29 KJR I ojsimpson TOWER Oct 24 2001 00: 48: 30 N/A I dba TOWER Oct 24 2001 00: 52: 45 AAA U dba TOWER Oct 24 2001 01: 02: 35 U dba TOWER Oct 24 2001 01: 08: 11 AAA U dba TOWER Oct 24 2001 01: 09: 32 U dba TOWER Oct 24 2001 01: 12: 23 AAA U dba TOWER Oct 24 2001 01: 13: 55 D dbo TOWER Oct 24 2001 01: 17: 38 RATCO D dbo TOWER Oct 24 2001 01: 19: 17 RATCOM U dba TOWER Oct 24 2001 01: 23: 24 AAA U dba TOWER Oct 24 2001 01: 28: 24 AAA AAA

15 2 * 4 * /usr/local/flight/db_backup 0 2 * * * /usr/local/flight/maintenance. csh 15, 45 * * /usr/local/flightline_configuration_info. csh > /dev/null 2>&1

isql -Usa -S$DSQUERY -P$PASSWD <<-! >>& $LOG select @@servername go. . print " " print "===========" print "$DSQUERY CONFIGURATIONS" print "===========" go sp_configure go #Roadblock 0 wns U delete from flightline where flight_no like "RATCO*" print "===============" print "$DSQUERY sp_configure for Groups: " print "===============" go. . . . END. .

Oct 23 22: 08: 28 guardian web-gw[7361]: permit destination 63. 251. 224. 177/8200 ID=73617397555 Oct 23 22: 08: 31 guardian web-gw[7371]: permit host=nodnsquery/10. 35. 54 use of proxy ID=73717407818 Oct 23 22: 08: 34 guardian web-gw[7371]: permit destination 63. 251. 224. 177/8200 ID=73717407818 Oct 23 22: 09: 35 guardian web-gw[7371]: exit host=nodnsquery/10. 35. 18 cmds=0, in=95, out=91, duration=0, mode=Packet ID=73717407817 Oct 23 22: 09: 38 guardian web-gw[7360]: permit host=nodnsquery/10. 38. 141 use of proxy ID=73607252834 Oct 23 22: 09: 40 guardian tn-gw[1199]: permit host=nodnsquery/140. 33. 15 use of proxy ID=11995873597 Oct 23 22: 09: 41 guardian web-gw[7360]: permit destination 63. 251. 224. 177/8200 ID=73607252834 Oct 23 22: 10: 44 guardian web-gw[7365]: permit host=nodnsquery/10. 37. 223 use of proxy ID=73657319948 Oct 23 22: 10: 48 guardian web-gw[7365]: permit destination 63. 251. 224. 177/8200 ID=73657319948 Oct 23 22: 10: 50 guardian web-gw[7362]: exit host=nodnsquery/10. 39. 74 cmds=0, in=93, out=89, duration=0, mode=Packet ID=73627393319

Oct 23 22: 54: 31 guardian web-gw[7362]: permit host=nodnsquery/10. 37. 130 use of proxy ID=73627393326 Oct 23 22: 54: 34 guardian web-gw[7362]: permit destination 63. 251. 224. 177/8200 ID=73627393326 Oct 23 22: 54: 35 guardian web-gw[7362]: exit host=nodnsquery/10. 39. 113 cmds=0, in=95, out=91, duration=0, mode=Packet ID=73627393325 Oct 23 22: 55: 38 guardian unix: securityalert: tcp if=hme 1 from 10. 37. 56: 1545 to 168. 100. 195. 42 on unserved port 110 Oct 23 22: 55: 40 guardian web-gw[7365]: exit host=nodnsquery/10. 32. 79 cmds=0, in=88, out=92, duration=0, mode=Packet ID=73657319955 Oct 23 22: 55: 40 guardian tn-gw[1199]: exit host=nodnsquery/140. 33. 15 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 22: 55: 41 guardian ftp-gw[1199]: exit host=nodnsquery/10. 38. 26 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873816 Oct 23 22: 56: 44 guardian web-gw[7360]: permit host=nodnsquery/10. 39. 94 use of proxy ID=73607252843 Oct 23 22: 56: 48 guardian web-gw[7360]: permit destination 63. 251. 224. 177/8200 ID=73607252843 Oct 23 22: 56: 50 guardian web-gw[7371]: permit host=nodnsquery/10. 32. 129 use of proxy ID=73717407823

Oct 23 19: 14: 52 tower su: [ID 366847 auth. notice] 'su root' succeeded for msimpson on /dev/pts/3 Oct 23 19: 34: 53 tower login: [ID 728157 auth. notice] msimpson authorized for service Oct 23 20: 14: 55 tower su: [ID 366847 auth. notice] 'su root' succeeded for msimpson on /dev/pts/4 Oct 23 20: 57 tower login: [ID 728157 auth. notice] msimpson authorized for service Oct 23 20: 37: 58 tower su: [ID 366847 auth. notice] 'su root' succeeded for msimpson on /dev/pts/5 Oct 23 21: 04: 01 tower login: [ID 728157 auth. notice] acook authorized for service Oct 23 21: 10: 03 tower su: [ID 366847 auth. notice] 'su root' succeeded for acook on /dev/pts/4 Oct 23 21: 14: 08 tower su: [ID 366847 auth. notice] 'su root' succeeded for msimpson on /dev/pts/3 Oct 23 22: 10: 11 tower login: [ID 728157 auth. notice] ojsimpson authorized for service Oct 23 22: 11: 14 tower su: [ID 366847 auth. notice] 'su root' succeeded for ojsimpson on /dev/pts/5 Oct 23 22: 24: 18 tower login: [ID 728157 auth. notice] msimpson authorized for service Oct 23 22: 27: 22 tower su: [ID 366847 auth. notice] 'su root' succeeded for msimpson on /dev/pts/3 Oct 23 22: 29: 25 tower login: [ID 728157 auth. notice] acook authorized for service Oct 23 22: 34: 28 tower su: [ID 366847 auth. notice] 'su root' succeeded for acook on /dev/pts/6 Oct 23 22: 36: 31 tower login: [ID 728157 auth. notice] msimpson authorized for service

Speed Bump Communications (NETBLK-SB-143 -30) 1 Communcations Drive Reston, VA US Netname: SB-143 -30 Netblock: 143. 30. 0. 0 - 143. 30. 255 Coordinator: Smith, John (JS 2299 -ARIN) jsmith@WKEYS. COM (301) 555 -9679 Record last updated on 16 -Apr-1997. Database last updated on 21 -Jul-2002 20: 00: 38 EDT.

rthieme: eo. Vxrmzba 5 g. Nw: 11891: : : asmith: mo. Uzi. W. 7 KMLSY: 11891: : : tjones: to 0 l. DYzyyt 0 Bs: 11891: : : hgray: 0 pz 7 s. Fq. J/go. AY: 11891: : : fsmith: 8 p 9 Cjr. 7 ii. Ck. M: 11891: : : bsmith: Gp. Q 5 y. KAO 4 v. OPg: 11891: : : lgeorge: Np. Y 8 j 4/wd. Yy. SI: 11891: : : mjones: Vph. C 2 rx/z. WLS 2: 11891: : : bmartin: gpi 7/g 9 Rto. OZY: 11891: : : klee: op 1 hal. Jd 55/6 w: 11891: : : mluther: zp. T 8 i 8 y. MXt 2 Os: 11891: : : kdean: 4 qc. Pnf. Vzg. AHNk: 11891: : : rjones: Bqs. Go. Q 6 ff 18 JQ: 11891: : : lsmith: Hq. DHn. SLTSOddk: 11891: : : kstern: Pqqkz 2 L 6 M 610 k: 11891: : : rbottom: Wq 1 Nms 2 i. F/jr. M: 11891: : : prussell: lqhscg. Ru. He. UOM: 11891: : : lgrayson: sq. CXT 83 j. P 9 Ut. Y: 11891: : : cspot: . r. mh. B 1 l. Bq 3 Gs: 11891: : : ddrago: 5 rgt 1 SQRw. R 3 Xo: 11891: : : alee: Cr 14 mf. Lo/2 J 12: 11891: : : mlamb: Kr 24 w. QM 19 ESxk: 11891: : :

rthieme: x: 1000: 10: Richard Thieme: /opt/local/dragon: /bin/ksh asmith: x: 1001: 10: Angela Smith: /opt/local/dragon: /bin/ksh tjones: x: 1002: 10: Tom Jones: /opt/local/dragon: /bin/ksh hgray: x: 1003: 10: Nenry Gray: /opt/local/dragon: /bin/ksh fsmith: x: 1004: 10: Frank Smith: /opt/local/dragon: /bin/ksh bsmith: x: 1005: 10: Barbara Smith: /opt/local/dragon: /bin/ksh lgeorge: x: 1006: 10: Larry George: /opt/local/dragon: /bin/ksh mjones: x: 1007: 10: Marcus Jones: /opt/local/dragon: /bin/ksh bmartin: x: 1008: 10: Brian Martin: /opt/local/dragon: /bin/ksh klee: x: 1009: 10: Ken Lee: /opt/local/dragon: /bin/ksh mluther: x: 1010: Martin Luther: /opt/local/dragon: /bin/ksh kdean: x: 1011: 10: Kathleen Dean: /opt/local/dragon: /bin/ksh rjones: x: 1012: 10: Roberta Jones: /opt/local/dragon: /bin/ksh lsmith: x: 1013: 10: Lance Smith: /opt/local/dragon: /bin/ksh kstern: x: 1014: 10: Kevin Stern: /opt/local/dragon: /bin/ksh rbottom: x: 1015: 10: Robert Bottom: /opt/local/dragon: /bin/ksh prussell: x: 1016: 10: Peter Russell: /opt/local/dragon: /bin/ksh lgrayson: x: 1017: 10: Lydia Grayson: /opt/local/dragon: /bin/ksh cspot: x: 1018: 10: Charles Spot: /opt/local/dragon: /bin/ksh ddrago: x: 1019: 10: Darren Drago: /opt/local/dragon: /bin/ksh alee: x: 1020: 10: Alex Lee: /opt/local/dragon: /bin/ksh mlamb: x: 1021: 10: Michael Lamb: /opt/local/dragon: /bin/ksh

tryvyh. Zx. Ck 206: ass Np. Y 8 j 4/wd. Yy. SI: bank 5 rgt 1 SQRw. R 3 Xo: bite Bqs. Go. Q 6 ff 18 JQ: boy Vph. C 2 rx/z. WLS 2: bye eo. Vxrmzba 5 g. Nw: cat Wq 1 Nms 2 i. F/jr. M: chair 8 spz. Qjq 6/V 9 WA: creep ir. R 72 to 9 a. Ps 4 U: cross bs. 8 w 7 gez 5 Z 7 k: cry Pqqkz 2 L 6 M 610 k: date pu. LAs 1 ayn 1 dj. Q: day mo. Uzi. W. 7 KMLSY: dog Zu. Dddu 9 ueps. F 6: eat gtgjyx. L 8 b. JBAM: fade 8 p 9 Cjr. 7 ii. Ck. M: friend Ru. O 7. RU. n 0 ju. E: gate ps. F. DEe. QIg. TTI: gin Hq. DHn. SLTSOddk: girl to 0 l. DYzyyt 0 Bs: goat hsv. Rfc. Luh. R 2 so: got vt 4 d. RCFb. Pxodk: green

Session begins 22 -Oct-2001 21: 45: 02 *** fbot (~fbot@shell. dhp. com) has joined channel #hakchat <rblock> hey fbot *** squido (~squidsy@c 216 -92 -122 -84. md 1. cablespeed. com) has joined channel #hakchat <squido> rar hi all <rblock> hey squido <sephyroth> hi squido <granthor> hey bitz <squido> how goes? <rblock> sucks bigtime <squido> why? ! <rblock> work! that asshole richard fire me and won't give me my last paycheck <granthor> doh! <squido> jeez, why not? isnt that illegal? <rblock> he claims i didn't give back the fucking emergency pager even tho i gave it to his secretary. bitch lost it or something <rblock> so now im out a lot of money and i just got a new car <squido> isnt there something you can do?

[munge(vesicant@forced. attrition. org)] howdy <rblock> not like the courts will believe me. everyone would believe a big company over me <squido> why'd he fire you anyway? <rblock> i was bored, portscanning some systems to see what was running. nothing bad or anything <rblock> didnt give me a warning, just canned me the same day <squido> lame =( <rblock> yeah, he'll pay for it one way or another <rblock> afk brb <squido> ? ? <rblock> richard knows jack about security and never gave us time to fix the network <rblock> he's still running vulnerable cgi's on the apache server, still has a few vulnerable RPC servers that are net accessable <rblock> he's just begging to get hacked *hint* *cough* <granthor> man, dont get in more trouble. feds come down hard on you for that shit. FBI are complete assclowns <rblock> i know, i'm just saying. . . could happen <rblock> gotta run <granthor> hasta <squido> doh stepped afk, see ya rblock

Session begins 25 -Oct-2001 11: 00: 15 *** squido (~squidsy@c 216 -92 -122 -93. md 1. cablespeed. com) has joined channel <rblock> hey squido! <squido> rar hi all <squido> hey rblock =) <rblock> hehehe check this out <rblock> richard (ex boss dickhead) mysteriously got hacked >=) <squido>. . . *** stalkin (Stalkin@12 -254 -9 -118. client. attbi. com) has joined channel <squido> tell me you didn't! <rblock> oh err uhm, i didnt! <stalkin> didn't what? <squido> why don't i believe you. . . <rblock> <-- innocent! hehehe <rblock> i just heard through the grapevine ole richard ran into a lot of problems. apparently one of his servers ran into problems. . or so i hear <stalkin> <- lost in this conversation <squido> evil man! <rblock> <-- innocent! *snicker*

Session begins 18 -Jun-2001 11: 03: 20 <rblock> gah i'm tired of work shit <squido> why now? <rblock> i'm tired of these little script kiddie assholes <rblock> day in and day out they run the most inane crap against my network <prymate> bitch all you want, but they know more than you often and they keep yer ass employed <rblock> stfu prymate, quit defending your script kiddy brethren <prymate> d 00 d you know shit, you are shit <rblock> /yawn, when you hit puberty feel free to come knocking, until then keep working on your wet dreams kid <prymate> this coming from a l 4 m 3 r admin who been owned be 4 <rblock> sure, and your impressive advisories on russian CGI packages used by four people worldwide sure qualify you as a security expert <prymate> d 00 d fuck u and stfu or ill 0 wn u hard <rblock> i think you'd have a hard time owning mommy and daddy at a PTA meeting kid <prymate> remember this asshole *** Signoff: prymate (f u rblock)

Oct 23 22: 45: 22 guardian web-gw[7371]: exit host=nodnsquery/10. 39. 35 cmds=0, in=96, out=92, duration=0, mode=Packet ID=73717407821 Oct 23 22: 45: 25 guardian web-gw[7370]: permit host=nodnsquery/10. 35. 72 use of proxy ID=73707279039 Oct 23 22: 46: 28 guardian web-gw[7370]: permit destination 63. 251. 224. 177/8200 ID=73707279039 Oct 23 22: 46: 31 guardian web-gw[7362]: exit host=nodnsquery/10. 34. 142 cmds=0, in=85, out=89, duration=0, mode=Packet ID=73627393323 Oct 23 22: 46: 34 guardian web-gw[7362]: exit host=nodnsquery/10. 32. 71 cmds=0, in=93, out=89, duration=0, mode=Packet ID=73627393324 Oct 23 22: 47: 35 guardian unix: securityalert: tcp if=hme 1 from 10. 37. 56: 1545 to 168. 100. 195. 42 on unserved port 110 Oct 23 22: 47: 38 guardian web-gw[7360]: permit host=nodnsquery/10. 34. 120 use of proxy ID=73607252842: wq Oct 23 22: 47: 40 guardian web-gw[7360]: permit destination 63. 251. 224. 177/8200 ID=73607252842 Oct 23 22: 48: 41 guardian web-gw[7365]: permit host=nodnsquery/10. 32. 60 use of proxy ID=73657319954

Oct 23 01: 09: 55 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 22. 100 use of proxy ID=11995873597 Oct 23 02: 14: 52 guardian tn-gw[1199]: exit host=nodnsquery/140. 30. 22. 100 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 03: 21: 48 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 22. 100 use of proxy ID=11995873597 Oct 23 04: 18: 41 guardian tn-gw[1199]: exit host=nodnsquery/140. 30. 22. 100 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 05: 04: 38 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 22. 200 use of proxy ID=11995873597 Oct 23 05: 27: 34 guardian tn-gw[1199]: exit host=nodnsquery/140. 30. 22. 200 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 05: 50: 28 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 39 use of proxy ID=11995873597 Oct 23 06: 12: 22 guardian tn-gw[1199]: exit host=nodnsquery/140. 30. 39 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 06: 35: 14 guardian tn-gw[1199]: permit host=nodnsquery/140. 33. 39 use of proxy ID=11995873597 Oct 23 07: 00: 08 guardian tn-gw[1199]: exit host=nodnsquery/140. 33. 39 cmds=0, in=93, out=89, duration=0, mode=Packet ID=11995873597 Oct 23 08: 06: 01 guardian tn-gw[1199]: permit host=nodnsquery/140. 30. 18. 123 use of proxy ID=11995873597

if ($DSQUERY == "PROD" || $DSQUERY == "DENVER" || $DSQUERY == "BETA" || $DSQUERY == "PRODNEW" || $DSQUERY == "BETANEW") then set PASSWD = `cat $SYBASE/magicword` else if ($DSQUERY == "SYSTEM 12") then set PASSWD = `cat $SYBASE/magicword. SYSTEM 12` else if ($DSQUERY == "CMFPROD") then set PASSWD = `cat $SYBASE/magicword. CMFPROD` else if ($DSQUERY == "PORTIAPROD") then set PASSWD = `cat $SYBASE/magicword. PORTIAPROD` else set PASSWD = `cat $SYBASE/magicword. TEST` endif echo `date`" JOB: $DSQUERY sybase_configuration_info. csh" >>&! $LOG echo `date`" FILE: $LOG" >>&! $LOG echo " " >> $LOG echo `date`" Getting Configuration Information for $DSQUERY Server. . . " >> $LOG echo " " >> $LOG

Registrant: Richard A. Thieme Transport Company (RATCO-DOM) 999 State St Falls Church, VA US Domain Name: RATCO. COM Administrative, Technical and Billing Contact: Thieme, Richard (RT 2229) rthieme@RATCO. COM 999 State St Falls Church, VA US (301) 555 -2112 (FAX) (301) 555 -4555 Record expires on 17 -Aug-2006. Record created on 16 -Aug-1995. Database last updated on 22 -Jul-2002 11: 33: 20 EDT. Domain servers in listed order: NS 1. SPEEDBUMP. COM 143. 30. 2. 18 NS 2. SPEEDBUMP. COM 143. 30. 9. 18

Registrant: Spring. Field International Airport(SIA-DOM) 1 Flight Drive Spring. Field, MD US Domain Name: SIA. COM Administrative , Technical Contact: Simpson, Oscar J. (OS 239) ojsimpson@SIA. COM Spring. Field International Airport 1 Flight Drive Spring. Field, MD (301) 555 -9239 (FAX) (301) 555 -5334 Record expires on 17 -Aug-2006. Record created on 16 -Aug-1995. Database last updated on 22 -Jul-2002 11: 33: 20 EDT. Domain servers in listed order: NS 1. MSN. COM NS 2. ATT. NET 138. 21. 22. 18 131. 80. 90. 28

Registrant: Speed Bump Communications(SPEED-DOM) 1 Communications Drive Reston, VA US Domain Name: SPEEDBUMP. COM Administrative Contact: Smith, John (JS 2299) jsmith@SPEEDBUMP. COM Speed Bump Communications 1 Communications Drive Reston, VA (301) 555 -9679 (FAX) (301) 555 -5222 Technical Contact: Jones, Anthony (AJ 9999) ajones@SPEEDBUMP. COM 1 Communications Drive Reston, VA (301) 555 -2298 (FAX) (301) 555 -5222 Record expires on 17 -Aug-2006. Record created on 16 -Aug-1995. Database last updated on 22 -Jul-2002 11: 33: 20 EDT. Domain servers in listed order: NS 1. SPEEDBUMP. COM 143. 30. 2. 18 NS 2. SPEEDBUMP. COM 143. 30. 9. 18