Any TCP/IP experts out there?

I have a thread going about how someone posted a veiled threat to me and my family on a Usenet newsgroup. Can we gleem any useful data from the header information? Here's the message:

Path: attbi_s51!attbi_slave52!attbi_master51!attbi_feed3!attbi.com!204.127.161.156!wn12feed!worldnet.att.net!205.188.226.97!ngpeer.news.aol.com!feed1.newsreader.com!newsreader.com!zeus.visi.com!priapus.visi.com!news-out.visi.com!petbe.visi.com!newsfeed2.dallas1.level3.net!news.level3.com!crtntx1-snh1.gtei.net!news.gtei.net!newsfeed1.easynews.com!easynews.com!easynews!elnk-pas-nf1!newsfeed.earthlink.net!cyclone.socal.rr.com!cyclone2.kc.rr.com!news2.kc.rr.com!twister.rdc-kc.rr.com.POSTED!53ab2750!not-for-mail
Message-ID: <3FBEB908.253571DE@yahoo.com>
From: "COL. BILL KILGORE" <bilkil@yahoo.com>
X-Mailer: Mozilla 4.7 (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: alt.radio.talk.dr-laura
Subject: New Info on Scott C. Smith
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 17
Date: Sat, 22 Nov 2003 01:13:06 GMT
NNTP-Posting-Host: 24.211.23.211
X-Complaints-To: abuse@rr.com
X-Trace: twister.rdc-kc.rr.com 1069463586 24.211.23.211 (Fri, 21 Nov 2003 19:13:06 CST)
NNTP-Posting-Date: Fri, 21 Nov 2003 19:13:06 CST
Organization: RoadRunner
Xref: attbi_master51 alt.radio.talk.dr-laura:102815
X-Received-Date: Sat, 22 Nov 2003 01:18:06 GMT (attbi_s51)

In reality, there is none. He is the same lying coward and un-American
sloth he was prior to his promised departure from Usenet (a promise
since broken). However, for those interested (and I doubt that there
are many) Scott is being attacked with increasing frequency on his
so-called web page. It seems several military vets (real vets) have
taken issue with the treasonous tripe he has been posting there. He has
condemned these attacks as "hate mail", and has set up a special link on
his site just for these letters of condemnation that have been sent to
him. His past is catching up with him, and he is angering more military
vets on a daily basis. The Colonel will be monitoring his site for
further developments. In an upcoming post, The Colonel will be
providing Scott's actual mailing address so that the real vets he
trashes on his web page can personally get in touch with him to address
their concerns.

Or any IP tracing program. Input the IP address (24.211.23.111) to find out the ISP. Contact that ISP to get this bozo's name and address. Assuming they comply, send all info to the police. If they don't comply, go to the police with what you have.

http://www.mailingequipment.net/print2mail/issues.asp (scroll to the middle)

Hope this helps!

Road Runner HoldCo, LLC (RR6-DOM)
13241 Woodland Park Rd
Herndon, VA 20171
US

Domain Name: RR.COM

Administrative Contact, Technical Contact:
Road Runner HoldCo LLC (XGUKSSRMIO) abuse@RR.COM
13241 Woodland Park Rd
Herndon, VA 20171
US
703-345-3416 fax: 703-345-3607

Record expires on 30-Sep-2010.
Record created on 01-Oct-1996.
Database last updated on 23-Nov-2003 16:29:09 EST.

Domain servers in listed order:

DNS1.RR.COM 24.30.200.3
DNS2.RR.COM 24.30.201.3
DNS3.RR.COM 24.30.199.7
DNS4.RR.COM 65.24.0.172

When doing a Tracert on 24.211.23.111 this is the first bit of data to appear:


Tracing route to CPE-24-211-23-111.wi.rr.com

Would that indicate Wisconsin?

I've been in contact with others who were stalked by this guy and they said he lived in either Milwaukie or Greendale.

One of the hops does reference Milwaukie (although it doesn't spell it right):

rr-milwaukee.atdn.net <66.185.148.78>

ATDN.NET is the AOL Transit Data Network.

It may be the IP of the Usenet news server.

I think the post may be coming from a ComCast (formerly AT&T Broadband?) user

This is the beginning of the path:
attbi_s51!attbi_slave52!attbi_master51!attbi_feed3!attbi.com

Administrative Contact:
Comcast
Domain Admin
183 Inverness Drive West
Englewood, CO 80112
US
Phone: 1-888-565-4329
Fax..: 720-267-2802
Email: abuse@ATTBI.COM

I would e-mail abuse@attbi.com

Would the Comcast header info be my info, as I'm a Comcast subscriber?

I know the stalker uses Time Warner's Road Runner ISP.

Then it would be abuse@rr.com that you should contact.

Sorry for the mixup. I wasn't sure of the "order" of hosts in the header, but you just confirmed it for me. Definitely contact them, by e-mail, phone, letter, and everything else! (Candygram?)

address (assuming it's valid).

I think they will have some information for you since this threat involves interstate data communication.