red
DejaNews cracking
They track us, therefore we crack them

DejaNews is a scary subject, as we have seen in my redanonymity page and in my redcounter measures page. They keep track of all usenet entries. This allows to trace the profile of anybody that has contributed (non anonymously) to a newsgroup. It seems to me therefore all too correct to snoop a little on these guys...
When printing from "deja news" on the web you may notice that before printing Netscape throws up a little box saying it was contacting "Globaltrak.net" Is somebody keeping track of what people print on their news searches?
Yes! At the very least they are keeping track of how many people see their ugly advertisements. But I fear Globaltrak is doing a bit more. Check your cookies.txt file in your Netscape directory. You may very well have an entry from Globaltrak in there (that is... you'll have it only if you do not have already created a directory with the name "cookies.txt" inside your Netscape directory, as I would advice you to do, in order to eliminate once for all every cookie they would like to throw at you :-)

Let's find out who these globaltrack guys are... trying to go to www.globaltrak.com doesn't get you anywhere. A search on the web and through usenet news doesn't reveal anything about Globaltrak. Looks like somebody is trying to hide something. Let's see who Globaltrak is.

 host:~> whois globaltrak.net
 Globaltrak (GLOBALTRAK2-DOM)
    1504 Carriage Hills Trail
    Cedar Park, Texas 78613
    USA
 
    Domain Name: GLOBALTRAK.NET
 
    Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
       Knight, Stephanie  (SK1019)  knights@GLOBALTRAK.NET
       (512) 292-5593
 
    Record last updated on 30-May-96.
    Record created on 30-May-96.
 
    Domain servers in listed order:
 
    NS.REALTIME.NET              205.238.128.39
    NS2.REALTIME.NET             205.238.128.42

We have a name now. Let's see what we can find from that.
 
   host:~> finger knights@GLOBALTRAK.NET
   unknown host: GLOBALTRAK.NET


Hmm. "unknown host" Well let see where the mail for Globaltrak goes.
 host:~> dig mx globaltrak.net
 
 ; <<>> DiG 2.0 <<>> mx globaltrak.net
 ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 6
 ;; flags: qr aa rd ra ; Ques: 1, Ans: 2, Auth: 2, Addit: 4
 ;; QUESTIONS:
 ;;      globaltrak.net, type = MX, class = IN
 
 ;; ANSWERS:
 globaltrak.net. 21600   MX      50 giga.bga.com.
 globaltrak.net. 21600   MX      10 zoom.bga.com.
 
 ;; AUTHORITY RECORDS:
 /globaltrak.net. 21600   NS      ns.realtime.net.
 globaltrak.net. 21600   NS      ns2.realtime.net.
 
 ;; ADDITIONAL RECORDS:
 giga.bga.com.   21600   A       205.238.128.46
 zoom.bga.com.   21600   A       205.238.128.40
 ns.realtime.net.        21600   A       205.238.128.39
 ns2.realtime.net.       21600   A       205.238.128.42
 
 ;; Sent 1 pkts, answer found in time: 112 msec
 ;; FROM: host to SERVER: default -- 255.255.255.255
 ;; WHEN: Tue Nov 19 23:27:48 1996
 ;; MSG SIZE  sent: 32  rcvd: 192
 

Ok. Mail for Globaltrak goes to bga.com. Let's see if we can find are person there.

 host:~> finger knights@bga.com
 [bga.com]


Hmm. Looks like they don't give out finger information. Maybe they're concerned about their privacy. Let's see who bga.com is.
 host:~> whois bga.com
 Bob Gustwick & Associates, Inc. (BGA-DOM)
    822 Brentwood
    Austin, TX 78757-3031
 
    Domain Name: BGA.COM
 
    Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
       DNS Administrator, Real/Time  (RD182)  rt_tech@REALTIME.NET
       +1 512 451 0046 (FAX) +1 512 459 3858
 
    Record last updated on 27-Jun-96.
    Record created on 08-Feb-93.
 
    Domain servers in listed order:
 
    NS.REALTIME.NET              205.238.128.39
    NS2.REALTIME.NET             205.238.128.42
    NS1.SPRINTLINK.NET           204.117.214.10
    NS2.SPRINTLINK.NET           199.2.252.10
    NS3.SPRINTLINK.NET           204.97.212.10


That's interesting. So bga is Bob Gustwick & Associates. Let's see what bga has at their web site.

 host:~> lynx www.BGA.COM
 
                              Real/Time Communications Local Home Page
 
                                   [INLINE]
                           Real/Time Communications
 
 Real/Time Communications?  That's odd.  Let's do a little more digging.
 
 host:~> traceroute vern.bga.com
 traceroute to vern.bga.com (205.238.128.38), 30 hops max, 40 byte packets
 ...
  8  sl-bobgust-1-S1-T1.sprintlink.net (144.228.12.2)  222 ms  103 ms  103 ms
  9  vern.realtime.net (205.238.128.38)  103 ms  102 ms  107 ms
 
 host:~> traceroute vern.realtime.net
 traceroute to vern.realtime.net (205.238.128.38), 30 hops max, 40 byte packets
 ...
  8  sl-bobgust-1-S1-T1.sprintlink.net (144.228.12.2)  105 ms  107 ms  103 ms
  9  vern.realtime.net (205.238.128.38)  103 ms  102 ms  102 ms


Looks like Real/Time Communications and Bob Gustwick & Associates are one in the same. Let's see if we can get to Globaltrak at all.

 host:~> ping www.globaltrak.net
 PING www.globaltrak.net (205.238.128.205): 56 data bytes
 ^C
 
 ----www.globaltrak.net PING Statistics----
 11 packets transmitted, 0 packets received, 100% packet loss
 

Well that doesn't work. Looks like they doen't want to acknowledge they exist. Let's try another way.
 host:~> traceroute www.globaltrak.net
 traceroute to www.globaltrak.net (205.238.128.205), 30 hops max, 40 byte packets
 ...
  4  sl-chi-15-H3/0-T3.sprintlink.net (144.228.10.62)  40 ms  41 ms  40 ms
  5  sl-kc-2-H3/0-T3.sprintlink.net (144.228.10.70)  52 ms  51 ms  52 ms
  6  sl-fw-5-H3/0-T3.sprintlink.net (144.228.10.78)  91 ms  91 ms  93 ms
  7  sl-fw-13-F0/0.sprintlink.net (144.228.30.13)  92 ms  91 ms  98 ms
  8  sl-bobgust-1-S1-T1.sprintlink.net (144.228.12.2)  185 ms  192 ms  202 ms
  9  sl-bobgust-1-S1-T1.sprintlink.net (144.228.12.2)  164 ms * *
 10  * * *
 11  * * *
 12  * * *


Well that didn't get there, but it tells us something interesting: "sl-bobgust-1-S1-T1.sprintlink.net" or just "bobgust". Looks like this Bob Gustwick guy is some major player in Globaltrak.

A search of usenet shows that this guy is hiring a lot of people in the Austin area of Texas. And a search on the web shows this.

 Name
      Bob Gustwick Associates, Inc.
 Location
      Travis county
 Postal Address
      8760A Research Blvd. Suite 152
      Austin, Tx 78758
 Phone Number
      +1 512 451-0046
 Description
      A supplier of Unix consulting services and Internet services.
 

The web search also provided this little nugget.
Case in point: DejaNews, a searcher that digs through Usenet posts. It doesn't carry every newsgroup, but it's fast, and for the moment it's free. Internic has them registered as being Bob Gustwick Associates of Austin, Texas. They're coy about their future plans: "we may eventually need to charge for some queries. We will try to avoid this but we can not rule it out." Draw your own conclusions.

Hmm. Dejanews is part of Bob Gustwick Associates?
 
 host:~> whois dejanews.com
 Deja News, Inc. (DEJANEWS2-DOM)
    5407-B Clay Avenue
    Austin, TX 78756
 
    Domain Name: DEJANEWS.COM
 
    Administrative Contact:
       Madere, Steve  (SM1488)  madere@DEJANEWS.COM
       1-512-451-0433
    Technical Contact, Zone Contact:
       DNS Administrator  (DA389-ORG)  dntech@DEJANEWS.COM
       1-512-451-0433
    Billing Contact:
       Accounts Payable, Deja News  (DNA8)  accounting@DEJANEWS.COM
       1-512-451-0433
 
    Record last updated on 23-Oct-96.
    Record created on 19-Mar-96.
 
    Domain servers in listed order:
 
    NS.DEJANEWS.COM              205.238.157.74
    NS.REALTIME.NET              205.238.128.39
    NS2.REALTIME.NET             205.238.128.42
 

Yep. Looks like Dejanews and Real/Time Communications are all part of Bob Gustwick Associates. That's as much as I could find at the moment. You might try and contact Globaltrak (512) 292-5593 and ask them what they're doing. You might also contact Bob Gustwick Associates (512) 451-0046 and ask if they are related to Globaltrak or just providing their Internet connection.

redhomepage redlinks red+ORC redstudents' essays redacademy database
redtools redanonymity redantismut redcounter measures redcocktails redsearch_forms redmail_fravia
redIs reverse engineering legal?

(c) reverser May 1997. All rights reserved