Documente Academic
Documente Profesional
Documente Cultură
Ticket TICK:51656
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Norris, Jonathan (CONTR)
None
IRblocks@eia.gov
2011/01/19 11:11:12
2011/06/18 03:45:23
Norris, Jonathan (CONTR)
None
None
done
- 2011/06/18 03:45:23
m]
Are we being blocked? And if so, would you tell me specifically why.
(b)(6),(b)(7)(C)
Sr. Analyst - Trader Support
Office: 7(b)(6),(b)(7)(C)
P. Cell: (b)(6),(b)(7)(C) 8
W. Cell (b)(6),(b)(7)(C)
Email:(b)(6),(b)(7)(C)
(b) (7)(A)
Changed ticket Owner from "Luu, Quan (CONTR)" to "Norris, Jonathan (CONTR)".
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Friday, January 28, 2011 4:16 PM
To: Norris, Jonathan (CONTR)
Subject: Re: Blocked ip (b)(6),(b)(7)(C)
Hi Jonathan,
Thank you for this email. I will supply this information to you shortly.
Do you happen to know why this IP is blocked? Is it from to many downloads? Thank you.
Thanks,
(b)(6),(b)(7)(C)
___________________________________________________________________________________________________________________________________________
Keeping People and Information Connected http://www.availability.sungard.com/
Think before you print
CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohi
received this e-mail in error, please notify the sender and delete this e-mail from your system.
https://kbox/adminui/ticket.php?ID=51656
2/16/2012
Page 2 of 4
Thank you for contacting the U.S. Energy Information Administration. We have created incident ticket #51656 to track your request.
We ask that you access the web site a reasonable number of times per second when attempting to download the files to avoid your traffic being categorized as a denial of serv
also ask that you limit the number of IP's accessing the web site. Many large organizations download the data once and redistribute the information internally. You may wan
option.
In order to process your unblock request we will need to have an official statement from your organization detailing how you will be modifying your download traffic and ho
abusive download attempts. This plan should include:
-(b) (7)(A) your organization will initiate downloads from.
-(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from happening again.
Once you have submitted your statement, EIA will review your Unblock request.
The EIA privacy statement and security policy can be found here http://www.eia..gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: Livingston, Marcus (CONTR)
Sent: Friday, January 28, 2011 3:12 PM
To: Norris, Jonathan (CONTR); DiMascio, Shannon (CONTR)
Subject: IP Address Blocked
(b)(6),(b)(7)(C) called from (b) (7)(A) and stated that someone from (b) (7)(A) was trying to view the eia.gov site but the IP was being blocked.
(b)(6),(b)(7)(C)
IP Address:(b)(6),(b)(7)(C)
Contact info:(b)(6),(b)(7)(C)
Marcus Livingston
Chenega Government Consulting, LLC, Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
Please consider the environment before printing this e-mail
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Bily, Glenn (CONTR)".
https://kbox/adminui/ticket.php?ID=51656
2/16/2012
Page 3 of 4
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
- - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C)
- - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 6.0; Windows N
CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.1)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 6.0; Windows N
CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.1)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2151 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727;
1.1.4322; InfoPath.1)
(b)(6),(b)(7)(C)
Ticket Created
(b)(6),(b)(7)(C)
Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=51656
2/16/2012
Page 4 of 4
- - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows N
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C) - - [13/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html HTTP/1.1 503 1398 - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET
.NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=51656
2/16/2012
Page 1 of 8
Ticket TICK:51747
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/06/18 03:45:23
Owners
Only:
Ticket Created
(7)(A)
(b) (7)(A)
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 2 of 8
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 3 of 8
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 4 of 8
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 5 of 8
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 6 of 8
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 7 of 8
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 8 of 8
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51747
2/16/2012
Page 1 of 3
Ticket TICK:51749
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/06/18 03:45:23
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)(A)
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51749
2/16/2012
Page 2 of 3
https://kbox/adminui/ticket.php?ID=51749
2/16/2012
Page 3 of 3
.NET4.0C; .NET4.0E)
- - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 - Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727;
.NET CLR 3.5.30729; .NET CLR 3.0.30618; MS-RTC LM 8;
.NET4.0C; .NET4.0E)
(b)(6), (b)(7)(C) - - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 - Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; MS-RTC LM 8;
.NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C;
.NET4.0E)
(b)(6), (b)(7)(C) - - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; MS-RTC LM 8; .NET CLR 3.5.30729; .NET CLR
3.0.30618; .NET4.0C; .NET4.0E)
(b)(6), (b)(7)(C) - - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR
2.0.50727; MS-RTC LM 8; .NET CLR 3.5.30729; .NET CLR
3.0.30618; .NET4.0C; .NET4.0E)
(b)(6), (b)(7)(C) - - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; MS-RTC
LM 8; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
(b)(6), (b)(7)(C) - - [20/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.0 200 15897 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0;
SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; MS-RTC
LM 8; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=51749
2/16/2012
Page 1 of 9
Ticket TICK:52105
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/06/18 03:45:23
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 2 of 9
than
(b) (7)(A)
(b) (7)(A)
(b)(6), (b)(7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 3 of 9
Thanks
(b)(6), (b)(7)(C)
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 4 of 9
(b) (7)(A)
(b)(6),(b)(7)(C)
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6), (b)(7)(C) [mailto:(b)(6), (b)(7)(C)(b)(6), (b)(7)(C)
Sent: Thursday, February 03, 2011 11:57 AM
To: Norris, Jonathan (CONTR)
Subject: RE: (b)(6), (b)(7)(C)
Jonathan,
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 5 of 9
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 6 of 9
Owners
Only:
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 7 of 9
Owners
Only:
Ticket Created
(b) (7)(E)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 8 of 9
MDDR; .NET4.0C)
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 9 of 9
https://kbox/adminui/ticket.php?ID=52105
2/16/2012
Page 1 of 26
Ticket TICK:52110
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/01/28 14:40:29
2011/02/02 08:28:30
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
Ticket Created
(b) (7)(A)
) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 2 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 3 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 4 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 5 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 6 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 7 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 8 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 9 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 10 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 11 of 26
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 12 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 13 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 14 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 15 of 26
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 16 of 26
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 17 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 18 of 26
http://www.eia.doe.gov/oil_gas/natural_gas/info_glance/natural_gas.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.1 503 1398
http://www.eia.doe.gov/oil_gas/natural_gas/info_glance/natural_gas.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500] GET /ngs/ngs.html
HTTP/1.1 503 1398
http://www.eia.doe.gov/oil_gas/natural_gas/info_glance/natural_gas.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b)(6),(b)(7)(C) - - [27/Jan/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 19 of 26
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 20 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 21 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 22 of 26
3.5.30729)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 23 of 26
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 24 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 25 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 26 of 26
https://kbox/adminui/ticket.php?ID=52110
2/16/2012
Page 1 of 3
Ticket TICK:52898
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
None
2011/02/17 15:57:47
2011/02/24 08:23:50
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
Ticket Created
(b) (7)(
(b) (7)(E)
(b) (7)(A)
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
https://kbox/adminui/ticket.php?ID=52898
2/16/2012
Page 2 of 3
https://kbox/adminui/ticket.php?ID=52898
2/16/2012
Page 3 of 3
https://kbox/adminui/ticket.php?ID=52898
2/16/2012
Page 1 of 28
Ticket TICK:53020
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/02/23 11:03:20
2011/05/25 08:46:34
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Friday, May 20, 2011 12:20 PM
To: Norris, Jonathan (CONTR); 'abuse@cv.net'
Cc: DiMascio, Shannon (CONTR); (b)(6),(b)(7)(C)
Subject: RE: Abuse from (b)(6),(b)(7)(C)
Also,
Here is our current rate limiting policy. Issue is if I turn it down
any less, the countdown on Thursday at 10:30am does not work or
the page does not display correctly.
(b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C)
Sent: Friday, May 20, 2011 12:05 PM
To: 'Jonathan.Norris@eia.gov'; 'abuse@cv.net'
Cc: 'Shannon.DiMascio@eia.gov'
Subject: Re: Abuse from (b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 2 of 28
(b)(6),(b)(7)(C)
Platform Services Manager - Director
(b) (7)(A)
(b)(6),(b)(7)(C)
(b) (7)(A)
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, May 20, 2011 12:01 PM
To: (b)(6),(b)(7)(C) ; abuse@cv.net <abuse@cv.net>
Cc: DiMascio, Shannon (CONTR) <Shannon.DiMascio@eia.gov>
Subject: RE: Abuse from (b)(6),(b)(7)(C)
This our policy, I cannot stop the block.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto(b)(6),(b)(7)(C)
Sent: Friday, May 20, 2011 11:26 AM
To: Norris, Jonathan (CONTR); abuse@cv.net
Subject: RE: Abuse from (b)(6),(b)(7)(C)
Johnathon,
I am going to enable more detailed logging on the Netscaler so I
can see where this traffic you are seeing is being generated from.
We are rate limiting so as you can imagine I am a bit surprised.
Can you please not block us at this point and let me try to
determine the root cause/user?
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 3 of 28
[mailto:Jonathan.Norris@eia.gov]
Sent: Thursday, May 19, 2011 3:48 PM
To: (b)(6),(b)(7)(C) abuse@cv.net
Subject: RE: Abuse from (b)(6),(b)(7)(C)
Ir.eia.gov.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Thursday, May 19, 2011 3:47 PM
To: Norris, Jonathan (CONTR); abuse@cv.net
Subject: RE: Abuse from (b)(6),(b)(7)(C)
Is that for ir.eia.gov or www.eia.gov?
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
i J
(CONTR) 2011/05/19 15 47 46
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 4 of 28
Owners
Only:
Repeat offender
Caught by IPS
(b) (7)(A)
(b) (7)(E)
(b) (7)(E)
(b) (7)(A)
in 1 second
in 1 second
then
(b) (7)(A)
(b) (7)(E)
(b) (7)(E)
(b) (7)(A)
(b) (7)(A)
(b) (7)(E)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 5 of 28
(b) (7)(E)
(b) (7)(E)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 6 of 28
Owners
Only:
Repeat offender
Caught by IPS
(b) (7)(A)
(b) (7)(E)
(b) (7)(A)
(b) (7)(
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 7 of 28
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 8 of 28
SensorName IPSdot7
Date/Time 2011-05-19 14:26:06 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count
Cleared Flag false
Target IP Address 205.254.135.25
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b)(6),(b)(7)(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:coalescer-info Forwarded due to age
:end-time 2011-05-19 14:26:06
:event-type Attack
:opened
:pam.(b) (7)(E)
:Protocol Name TCP
:repeat-count
:start-time 2011-05-19 14:26:06
:target-ip-addr-end 205.254.135.25
:target-ip-addr-start 205.254.135.25
:total-proxied-connections
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
(b) (7)(E)
(b) (7)(A)
(b) (7)(E)
(b) (7)(A)
Owners
Only:
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Wednesday, March 16, 2011 3:17 PM
To: Norris, Jonathan (CONTR)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 9 of 28
(b)(6),(b)(7)(C)
(b) (7)(E)
(b) (7)(A)
ou plan to access the web site.
- What measures you put in place to prevent the attack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 10 of 28
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Wednesday, March 16, 2011 10:45 AM
To: Norris, Jonathan (CONTR)
Subject: RE: Unblock us
Thanks John. Forwarding these messages on still does not answer
my question however.
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 11 of 28
Even thought you stating that you cannot be definitive, we need the
number of times you will access the site per second.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585 (b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C) [mailto:
(b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 4:09 PM
To: Norris, Jonathan (CONTR)
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
Sorry to keep on about this but we havent heard anything back
from you and we still dont have access to the site or approval to
implement our new solution. Is there someone else we should be
approaching? Thanks again for any assistance you can provide us.
Im out on vacation next week so (b)(6),(b)(7)(C) (ccd) will be
point person.
(b)(6),(b)(7)(C)
Regards
(b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 1:41 PM
To: 'Norris, Jonathan (CONTR)'
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
Just reaching out to understand where we currently stand.
Thanking you in advance for your assistance.
Best regards
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 12 of 28
(b) (7)(A)
From: (b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 9:07 AM
To: 'Norris, Jonathan (CONTR)'
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
After further discussions with the level 3 technical group at Citrix
last night, they confirmed that our proposed approach and
configuration will reduce our traffic hitting the EIA sites. The new
Proxy appliances also have detail monitoring and logging so that
we can fine tune any setting going forward.
Please let us know the next steps.
Best regards
(b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 3:54 PM
To: 'Norris, Jonathan (CONTR)'
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
Updated configuration
1. When approved by you we will finalize the configuration of our
DNS for ir.eia.gov to point to an internal Proxy that has caching
enabled
2. All access from (b) (7)(A) will come from one of the following 3 IP
addresses:
a. (b)(6),(b)(7)(C) Primary
b. (b)(6),(b)(7)(C) backup
c. (b)(6),(b)(7)(C) Backup
While our Proxy (NetScaler) will be caching and the vendor
(Citrix) states that this will reduce the hits to your site we (b) (7)(A)
cannot definitively state at this point we can restrict the hits to
per second. Are we doing enough with the Proxy and the caching
to unblock the site or is there still more we need to do?
(b) (7)(A)
Regards
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 13 of 28
[mailto:Jonathan.Norris@eia.gov]
Sent: Thursday, March 10, 2011 12:31 PM
To: (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Thank you. Yes we require the IP address that your company will
use to access the site, and we will need you to expand on your
definition of (b) (7)(E)
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585 (b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C) [mailto:
(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 12:24 PM
To: Norris, Jonathan (CONTR)
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
Could you please review the following to see if this is appropriate?
1. We will configure our DNS for ir.eia.gov to point to an internal
Proxy that will allow caching
2. The proxy will limit the number of connection to 1 with a
constant connection
3. The Proxy would only request data from the site if requested by
a user at no more than 1 attempt per second.
I understand you will also require an IP Address to be associated
with this approach?
Regards
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 14 of 28
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585 (b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C) [mailto:
(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 11:17 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Thank you Jonathon,
We are working on a plan and a statement for you. Once we have
one and you agree to the approach how long would it take to be
unblocked?
Regards
(b)(6),(b)(7)(C)
(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 15 of 28
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 10:44 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: Unblock us
(b)(6),(b)(7)(C)
Johnathan,
We are unable to reach www.ir.eia.gov from our companys
primary networks in (b) (7)(A) CT and (b) (7)(A) , TX.
I spoke to someone on your main number yesterday, and our
company has sent requests via email last week to unblock us on
your network.
We are coming from the IP addresses of : (b)(6),(b)(7)(C) &
(b)(6),(b)(7)(C)
How long will it take to unblock us from your network, and what
steps can we take to make sure doesnt happen again.
Thank you for your help,
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 16 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 17 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 18 of 28
Owners
Only:
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
(b) (7)(A)
From: (b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 19 of 28
(b)(6),(b)(7)(C)
Owners
Only:
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 20 of 28
Cc: (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Thank you for contacting the U.S. Energy Information
Administration. We have created incident tickets #53020 and
#53586 to track your request.
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
- (b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 10:44 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: Unblock us
Johnathan,
We are unable to reach www.ir.eia.gov from our companys
primary networks in (b) (7)(A) CT and (b) (7)(A) , TX.
I spoke to someone on your main number yesterday, and our
company has sent requests via email last week to unblock us on
your network.
We are coming from the IP addresses of : (b)(6),(b)(7)(C) &
(b)(6),(b)(7)(C)
How long will it take to unblock us from your network, and what
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 21 of 28
(b)(6),(b)(7)(C)
Owners
Only:
(b) (7)(A)
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 22 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 23 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 24 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 25 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 26 of 28
Owners
Only:
Ticket Created
(b) (7)(A)
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
(b)(6),(b)(7)(C) - - [17/Feb/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 27 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 28 of 28
https://kbox/adminui/ticket.php?ID=53020
2/16/2012
Page 1 of 3
Ticket TICK:53104
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=53104
2/16/2012
Page 2 of 3
(b)(6), (b)(7)(C)
https://kbox/adminui/ticket.php?ID=53104
2/16/2012
Page 3 of 3
https://kbox/adminui/ticket.php?ID=53104
2/16/2012
Page 1 of 1
Ticket TICK:53105
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)(E)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53105
2/16/2012
Page 1 of 4
Ticket TICK:53346
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/10/07 03:45:44
Owners
Only:
(b) (7)(E)
(7)(E)
at time of release
https://kbox/adminui/ticket.php?ID=53346
2/16/2012
Page 2 of 4
Owners
Only:
https://kbox/adminui/ticket.php?ID=53346
2/16/2012
Page 3 of 4
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=53346
2/16/2012
Page 4 of 4
https://kbox/adminui/ticket.php?ID=53346
2/16/2012
Page 1 of 24
Ticket TICK:53409
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/03/03 12:14:37
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
- 2011/10/07 03:45:44
Owners
Only:
(b) (7)(A)
(b) (7)(E)
) (7)(A)
POC (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C) - - [03/Mar/2011:(b) (7)(A) -0500]
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 2 of 24
.NET4.0C; .NET4.0E)
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 3 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 4 of 24
.NET4.0C; .NET4.0E)
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 5 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 6 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 7 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 8 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 9 of 24
.NET4.0C; .NET4.0E)
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 10 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 11 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 12 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 13 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 14 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 15 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 16 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 17 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 18 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 19 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 20 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 21 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 22 of 24
Owners
Only:
Ticket Created
(b) (7)(A)
(b) (7)(A)
hits a sec
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C) - - [03/Mar/2011:(b) (7)(A) -0500]
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 23 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 24 of 24
https://kbox/adminui/ticket.php?ID=53409
2/16/2012
Page 1 of 37
Ticket TICK:53453
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
unBlock (b)(6),(b)(7)(C)
Single IP
Unblock
Completed
Medium
Luu, Quan (CONTR)
(b)(6),(b)(7)(C)
None
(b)(6),(b)(7)(C)
2011/03/04 10:21:13
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
- 2011/10/07 03:45:44
Owners
Only:
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Tuesday, March 15, 2011 9:56 AM
To: Norris, Jonathan (CONTR)
Subject: RE: Abuse From (b)(6),(b)(7)(C) - Urgent Please Reply
Jonathan,
Many thanks,
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 2 of 37
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Commodities & Energy Global Service Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
________________________________________
From: Norris, Jonathan (CONTR)
[mailto:(b)(6),(b)(7)(C)
Sent: 15 March 2011 13:53
To: (b)(6),(b)(7)(C) M. (M ST CandE)
Cc: iSecurity; (b)(6),(b)(7)(C) (M RTT); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M Cont NT); (b)(6),(b)(
(M ST CandE);
(b)(6),(b)(7)(C) (M ST CandE); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M ST CandE)
Subject: RE: Abuse From (b)(6),(b)(7)(C) - Urgent Please Reply
Thank you for your response. Your unblock request has been
approved and will be processed by C.O.B. today. I suggest you test
before the Wednesday release.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Tuesday, March 15, 2011 7:34 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 3 of 37
changes that have since been made in the way that we will access
your data.
Grateful if you can confirm that this provides the level of detail
and assurances that you need in order to be able to unblock our IP
address so that we can retrieve the Wednesday EIA updates
tomorrow.
Regards,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Commodities & Energy Global Service Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
________________________________________
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: 09 March 2011 19:30
To: (b)(6),(b)(7)(C) M. (M ST CandE)
Cc: iSecurity; (b)(6),(b)(7)(C) (M RTT); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M Cont NT); (b)(6),(b)(7)(C) (M ST CandE);
(b)(6),(b)(7)(C) (M ST CandE); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M ST CandE)
Subject: RE: Abuse From (b)(6),(b)(7)(C) - Urgent Please Reply
(b)(6),(b)(7)(C)
You message did not address how you plan to access the data
during the release and the number of times. I highlighted the items
from the previous meessage. You can reach me at 2022876069 if
you need clarification
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Wednesday, March 09, 2011 12:13 PM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 4 of 37
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Commodities & Energy Global Service Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
________________________________________
From: (b)(6),(b)(7)(C) M. (M ST CandE)
Sent: 09 March 2011 11:31
To: 'Norris, Jonathan (CONTR)'
Cc: iSecurity; (b)(6),(b)(7)(C) (M RTT); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M Cont NT); (b)(6),(b)(
(M ST CandE);
(b)(6),(b)(7)(C) (M ST CandE); (b)(6),(b)(7)(C) (M Cont ST);
(b)(6),(b)(7)(C) (M ST CandE); (b)(6),(b)(7)(C) M. (M ST
CandE)
Subject: RE: Abuse From (b)(6),(b)(7)(C) (Resent with image)
Importance: High
Jonathan,
Thank you for your email below. I can confirm that the following
steps have been put into place effective from today.
Please can you confirm that any requests from us are now
unblocked in preparation for the EIA updates today.
IP address:(b)(6),(b)(7)(C)
2. We have modified the grabbing window from contiguous
(b) (7)(E)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
) (7)(A)
(b) (7)
below;
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 5 of 37
Regards,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Commodities & Energy Global Service Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
________________________________________
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: 07 March 2011 16:34
To: (b)(6),(b)(7)(C) (M RTT)
(b)(6),(b)(7)(C)
Cc: i
Subject: RE: Abuse From (b)(6),(b)(7)(C)
Thank you for contacting the U.S. Energy Information
Administration. We have created incident ticket #53453 to track
your request. I can tell you that the activity occurred on March 3
2011 between 10am and 11am, please look over your logs.
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
- (b) (7)(A) your organization will initiate downloads from.
- (b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 6 of 37
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Monday, March 07, 2011 11:25 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: RE: Abuse From (b)(6),(b)(7)(C)
Hi Jonathan,
Thank you for contacting bringing this to our attention. Could you
please provide further details about the nature of the traffic youre
seeing if available?
Were investigating this under reference IM0000678500.
Best regards
________________________________________
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 7 of 37
Washington, DC 20585
This e-mail is for the sole use of the intended recipient and
contains information that may be privileged and/or confidential. If
you are not an intended recipient, please notify the sender by return
e-mail and delete this e-mail and any attachments. Certain required
legal entity disclosures can be accessed on our website.
This email was sent to you by (b) (7)(A)
the global news
and information company.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be the
views of (b) (7)(A)
This email was sent to you by (b) (7)(A)
the global news
and information company. Any views expressed in this message
are those of the individual sender, except where the sender
specifically states them to be the views of (b) (7)(A)
This email was sent to you by (b) (7)(A)
the global news
and information company. Any views expressed in this message
are those of the individual sender, except where the sender
specifically states them to be the views of (b) (7)(A)
Attachment: US Energy Information Administration.doc
(76.00 KB)
Owners
Only:
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)
Sent: Monday, March 07, 2011 11:44 AM
To: Norris, Jonathan (CONTR);
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 8 of 37
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Data Center Lan Development Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
Norris, Jonathan (CONTR) - 2011/03/07 11:34:54
Owners
Only:
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 9 of 37
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 10 of 37
This e-mail is for the sole use of the intended recipient and
contains information that may be privileged and/or confidential. If
you are not an intended recipient, please notify the sender by return
e-mail and delete this e-mail and any attachments. Certain required
legal entity disclosures can be accessed on our website.
Owners
Only:
contacted '(b)(6),(b)(7)(C)
'(b)(6),(b)(7)(C)
Owners
Only:
(7)(A)
Capture of synfloods only during the time of the load release, time
windo is just under 4 mins
Attachment: (b)
Owners
Only:
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 11 of 37
(b) (7)(A)
Shannon DiMascio
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
shannon.dimascio@eia.gov
202-586-7523
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 12 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 13 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 14 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 15 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 16 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 17 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 18 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 19 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 20 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 21 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 22 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 23 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 24 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 25 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 26 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 27 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 28 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 29 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 30 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 31 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 32 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 33 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 34 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 35 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 36 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 37 of 37
https://kbox/adminui/ticket.php?ID=53453
2/16/2012
Page 1 of 9
Ticket TICK:53510
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Survey
Satisfaction:
unBlock (b)(6),(b)(7)(C)
Single IP
Unblock
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/03/07 10:11:24
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
done
5
Owners
Only:
- 2011/10/07 03:45:44
Owners
Only:
From: (b)(6),(b)(7)(C)
Sent: Wednesday, March 16, 2011 1:00 PM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: RE: IEA NG Storage Report Website blocked
Jonathan,
As discussed, (b) (7)(A) will limit access to
second for accessing the reports.
https://kbox/adminui/ticket.php?ID=53510
(b) (7)(A)
times per
2/16/2012
Page 2 of 9
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 3 of 9
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Infrastructure Demand Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 4 of 9
(b) (7)(A)
We will need some time to sort the download and internal posting
of the file for reference.
Regards,
(b)(6),(b)(7)(C)
Infrastructure Demand Manager
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 5 of 9
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, March 11, 2011 12:59 PM
To: (b)(6),(b)(7)(C)
Subject: RE: Website blocked
Thank you for contacting the U.S. Energy Information
Administration. We
have created incident ticket #53510 to track your request.
We ask that you access the web site a reasonable number of times
per
second when attempting to download the files to avoid your traffic
being
categorized as a denial of service attack. We also ask that you limit
the number of IP's accessing the web site. Many large
organizations
download the data once and redistribute the information internally.
You
may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will
be
modifying your download traffic and how you will prevent
abusive
download attempts. This plan should include:
(b) (7)(A)
- What measures you put in place to prevent theattack from
happening
again.
Once you have submitted your statement, EIA will review your
Unblock
request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
-----Original Message----From: (b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 10:31 AM
To: Norris, Jonathan (CONTR)
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 6 of 9
Thanks,
(b)(6),(b)(7)(C)
(7)(A)
(b)(6),(b)(7)(C)
Owners
Only:
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 7 of 9
Jonathan:
My users in Houston with (b) (7)(A) are being blocked getting
to
ir.eia.gov/ngs/ngs.html. We should be coming from (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Can you unblock these addresses, and prevent us from being
blocked in
the future?
Thanks,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(7)(A)
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 8 of 9
(b) (7)(A)
(7)(A)
(7)(A)
(b)(6),(b)(7)(C) -- (b) (7)(A)
(b)(6),(b)(7)(C) (b) (7)(A)
-(b)(6),(b)(7)(C) (b) (7)(A)
-(b)(6),(b)(7)(C) -- (b) (7)(A)
(b)(6),(b)(7)(C) -- (b)
(7)(A)
Glenn Bily
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
-----Original Message----From: DiMascio, Shannon (CONTR)
Sent: Thursday, March 03, 2011 10:57 AM
To: Narayanan, Prashanth (CONTR)
Cc: Peterson, Marshall (CONTR); Collins, Christian (CONTR);
Norris, Jonathan (CONTR); Bily, Glenn (CONTR); Mencias,
Alvin (CONTR)
Subject: RE: ir load issue
Is there a list of IPs associated aside from the ones listed on the top
talkers?
Shannon DiMascio
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 9 of 9
Glenn Bily
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
https://kbox/adminui/ticket.php?ID=53510
2/16/2012
Page 1 of 3
Ticket TICK:53533
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53533
2/16/2012
Page 2 of 3
(b)(6),(b)(7)(C)
Glenn Bily
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
-----Original Message----From: DiMascio, Shannon (CONTR)
Sent: Thursday, March 03, 2011 10:57 AM
To: Narayanan, Prashanth (CONTR)
Cc: Peterson, Marshall (CONTR); Collins, Christian (CONTR);
Norris, Jonathan (CONTR); Bily, Glenn (CONTR); Mencias,
Alvin (CONTR)
Subject: RE: ir load issue
Is there a list of IPs associated aside from the ones listed on the
top talkers?
Shannon DiMascio
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
shannon.dimascio@eia.gov
202-586-7523
-----Original Message----From: Narayanan, Prashanth (CONTR)
Sent: Thursday, March 03, 2011 10:55 AM
To: Mencias, Alvin (CONTR)
Cc: DiMascio, Shannon (CONTR); Peterson, Marshall
(CONTR); Collins, Christian (CONTR); Norris, Jonathan
(CONTR); Bily, Glenn (CONTR)
Subject: FW: ir load issue
AJ,
(b) (7)(A)
It appears this was a
attack. Christian and I are analyzing
the pcap now.
thanks
-----Original Message----From: Bily, Glenn (CONTR)
Sent: Thursday, March 03, 2011 10:53 AM
To: Narayanan, Prashanth (CONTR)
Cc: Norris, Jonathan (CONTR)
https://kbox/adminui/ticket.php?ID=53533
2/16/2012
Page 3 of 3
(b) (7)(A)
attack:
Ticket Created
Added attachment '(b)
Owners
Only:
(7)(A)
(7)(A)
(7)(A)
(204.63 KB)
https://kbox/adminui/ticket.php?ID=53533
2/16/2012
Page 1 of 1
Ticket TICK:53560
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Repeat offender
Owners
Only:
Ticket Created
Added attachment 'load03032011.txt'
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=53560
2/16/2012
Page 1 of 25
Ticket TICK:53586
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
unBlock (b)(6),(b)(7)(C)
Single IP
Unblock
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/03/08 14:55:46
2011/06/18 03:45:23
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
- 2011/06/18 03:45:23
Owners
Only:
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Wednesday, March 16, 2011 3:17 PM
To: Norris, Jonathan (CONTR)
Subject: RE: Unblock us
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 2 of 25
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 3 of 25
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Wednesday, March 16, 2011 10:45 AM
To: Norris, Jonathan (CONTR)
Subject: RE: Unblock us
Thanks John. Forwarding these messages on still does not answer
my question however.
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Wednesday, March 16, 2011 10:38 AM
To: (b)(6),(b)(7)(C)
Subject: FW: Unblock us
Thank you for contacting the U.S. Energy Information
Administration. We have created incident tickets #53020 and
#53586 to track your request.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: Norris, Jonathan (CONTR)
Sent: Friday, March 11, 2011 4:14 PM
To: '(b)(6),(b)(7)(C)
Cc:(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 4 of 25
(b)(6),(b)(7)(C)
(b) (7)(A)
Regards
(b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 1:41 PM
To: 'Norris, Jonathan (CONTR)'
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
(
(b) (7)(A)
From: (b)(6),(b)(7)(C)
Sent: Friday, March 11, 2011 9:07 AM
To: 'Norris, Jonathan (CONTR)'
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 5 of 25
After further discussions with the level 3 technical group at (b) (7)(A)
last night, they confirmed that our proposed approach and
configuration will reduce our traffic hitting the EIA sites. The new
Proxy appliances also have detail monitoring and logging so that
we can fine tune any setting going forward.
Please let us know the next steps.
Best regards
(b)(6),(b)(7)(C)
From: (b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 3:54 PM
To: 'Norris, Jonathan (CONTR)'
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
c. (b)(6),(b)(7)(C) Backup
While our Proxy (NetScaler) will be caching and the vendor
(b)(6),(b)(7)(C)
) states that this will reduce the hits to your site we
cannot definitively state at this point we can restrict the hits to one
per second. Are we doing enough with the Proxy and the caching
to unblock the site or is there still more we need to do?
(b) (7)(A)
Regards
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 6 of 25
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) [mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 12:24 PM
To: Norris, Jonathan (CONTR)
(b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Subject: RE: Unblock us
Jonathon,
Could you please review the following to see if this is appropriate?
1. We will configure our DNS for ir.eia.gov to point to an internal
Proxy that will allow caching
2. The proxy will limit the number of connection to with a
constant connection
3. The Proxy would only request data from the site if requested by
a user at no more than (b) (7)(A)
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 7 of 25
(b)(6),(b)(7)(C)
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto(b)(6),(b)(7)(C)
]
Sent: Thursday, March 10, 2011 10:44 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 8 of 25
Subject: Unblock us
Johnathan,
We are unable to reach www.ir.eia.gov from our companys
primary networks in (b) (7)(A) CT and (b) (7)(A) , TX.
I spoke to someone on your main number yesterday, and our
company has sent requests via email last week to unblock us on
your network.
We are coming from the IP addresses of : (b)(6),(b)(7)(C) &
(b)(6),(b)(7)(C) .
How long will it take to unblock us from your network, and what
steps can we take to make sure doesnt happen again.
Thank you for your help,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 9 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 10 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 11 of 25
Owners
Only:
Jonathan,
I was hoping to speak with someone at the EIA who could assist us
long term in understanding why we are being blocked and we have
to do to correct the situation. Any help you could offer or pointing
me in the correct direction would be greatly appreciated.
Best regards,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
(
From: (b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 10:44 AM
To: Jonathan.Norris@eia.gov
Cc: (b)(6),(b)(7)(C)
Subject: Unblock us
Johnathan,
We are unable to reach www.ir.eia.gov from our companys
primary networks in (b) (7)(A) CT and (b) (7)(A) , TX.
I spoke to someone on your main number yesterday, and our
company has sent requests via email last week to unblock us on
your network.
We are coming from the IP addresses of : (b)(6),(b)(7)(C) &
(b)(6),(b)(7)(C) .
How long will it take to unblock us from your network, and what
steps can we take to make sure doesnt happen again.
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 12 of 25
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
Owners
Only:
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 13 of 25
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C)
[mailto:(b)(6),(b)(7)(C)(b)(6),(b)(7)(C)
Sent: Thursday, March 10, 2011 10:44 AM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: Unblock us
Johnathan,
We are unable to reach www.ir.eia.gov
from our companys
(b) (7)(A)
(b)(6),(b)(7)(C)
C)
primary networks in
CT and
, TX.
I spoke to someone on your main number yesterday, and our
company has sent requests via email last week to unblock us on
your network.
We are coming from the IP addresses of : (b)(6),(b)(7)(C) &
(b)(6),(b)(7)(C) 1.
How long will it take to unblock us from your network, and what
steps can we take to make sure doesnt happen again.
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 14 of 25
Owners
Only:
Ticket Created
(b)(6),(b)(7)(C)
Over
(b) (7)(A)
(b) (7)(E)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 15 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 16 of 25
Chrome/9.0.597.107 Safari/534.13
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 17 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 18 of 25
CLR 3.5.30729)
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 19 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 20 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 21 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 22 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 23 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 24 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 25 of 25
https://kbox/adminui/ticket.php?ID=53586
2/16/2012
Page 1 of 4
Ticket TICK:53592
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/03/08 16:45:06
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
done
- 2011/10/07 03:45:44
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)(A)
(b) (7)(A)
over
hits a second
https://kbox/adminui/ticket.php?ID=53592
2/16/2012
Page 2 of 4
.NET4.0C; .NET4.0E)
https://kbox/adminui/ticket.php?ID=53592
2/16/2012
Page 3 of 4
LM 8; .NET4.0C; .NET4.0E)
https://kbox/adminui/ticket.php?ID=53592
2/16/2012
Page 4 of 4
https://kbox/adminui/ticket.php?ID=53592
2/16/2012
Page 1 of 2
Ticket TICK:54091
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
unblock (b)(6),(b)(7)(C)
Single IP
Unblock
Requested
Medium
Norris, Jonathan (CONTR)
None
IRblocks@eia.gov
2011/03/22 09:44:27
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
None
- 2011/10/07 03:45:44
Owners
Only:
Owners
Only:
Ticket Created
(b)(6),(b)(7)(C)
Network Engineer
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=54091
2/16/2012
Page 2 of 2
(b) (7)(A)
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
________________________________________
*********************************************************************
This e-mail may contain information that is confidential, privileged or otherwise
protected from disclosure. If you are not an intended recipient of this e-mail, do not
duplicate or redistribute it by any means. Please delete it and any attachments and
notify the sender that you have received it in error. Unless specifically indicated, this email is not an offer to buy or sell or a solicitation to buy or sell any commodities,
financial risk management products, or other physical or financial product or service,
an official confirmation of any transaction, or an official statement of EDF Trading
Limited, EDF Trading Markets Limited, EDF Trading North America, LLC, or any of
the EDF Group family of companies. Any views or opinions presented are solely those
of the author and do not necessarily represent those of the foregoing entities. EDF
Trading Markets Limited is authorised and regulated by the Financial Services
Authority. VAT number: GB 735 5479 07. EDF Trading Markets Limited and EDF
Trading North America, LLC are members of the EDF Group of companies. EDF
Trading Markets Limited maintains its registered office at 80 Victoria Street, 3rd
Floor, Cardinal Place, London, SW1E 5JL. A Company registered in England No.
4255974. EDF Trading North America, LLC is headquartered in the United States at
4700 W. Sam Houston Pkwy., Suite 250, Houston, TX 77041
*********************************************************************
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
https://kbox/adminui/ticket.php?ID=54091
2/16/2012
Page 1 of 13
Ticket TICK:54517
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
unBlock (b)(6),(b)(7)(C)
Single IP
Unblock
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/04/05 15:52:28
2011/05/18 07:57:25
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
I will be out of the office until Tuesday May 11, 2011. Please
contact User Services at 586-8959 for any assistance.
Owners
Only:
From: (b)(6),(b)(7)(C)
Sent: Monday, May 16, 2011 3:41 PM
To: Dean Zarras; Norris, Jonathan (CONTR)
Subject: Re: Web site Access
Jonathan,
Im just following up on web site access. Can you please tell me
what I need to do to expedite getting my users access to the site?
Thank You,
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 2 of 13
- (b)(6),(b)(7)(C)
(b) (7)(A)
On 5/12/11 8:18 AM, "(b)(6),(b)(7)(C) <mmills@sescollc.com>
wrote:
Jonathan,
My users are still reporting no access to the web site. Can you
provide an ETA on getting them unblocked or let me know if we
need to undertake additional steps?
Thank You,
(b)(6),(b)(7)(C)
(b) (7)(A)
On 4/27/11 5:16 PM, "(b)(6),(b)(7)(C)
wrote:
Hi Jonathan,
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 3 of 13
Sincerely,
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b)(6),(b)(7)(C)
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 4 of 13
From: (b)(6),(b)(7)(C)
Sent: Wednesday, April 27, 2011 4:00 PM
To: Norris, Jonathan (CONTR)
Subject: Web site Access
Were (b)(6),(b)(7)(C)
having problems reaching your
web site from the IP address range (b) (7)(A)
Is there
something that can be done to enable access for these IP
addresses?
Thank You,
(b)(6),(b)(7)(C)
(b) (7)(A)
Owners
Only:
Ticket Created
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 5 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 6 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 7 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 8 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 9 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 10 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 11 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 12 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 13 of 13
https://kbox/adminui/ticket.php?ID=54517
2/16/2012
Page 1 of 6
Ticket TICK:54885
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/04/18 12:53:21
2011/04/20 08:50:15
Norris, Jonathan (CONTR)
None
None
done
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Bily, Glenn (CONTR)".
Owners
Only:
(b)(6),(b)(7)(C)
(b) (7)(A)
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 2 of 6
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 3 of 6
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 4 of 6
Owners
Only:
Ticket Created
(b)(6),(b)(7)(C)
(b) (7)(A)
hits a second
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 5 of 6
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 6 of 6
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54885
2/16/2012
Page 1 of 16
Ticket TICK:54893
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 2 of 16
(b)(6),(b)(7)(C)
Information Security
OGE Energy Corp.
Phone/Voice Mail (b)(6),(b)(7)(C)
Nothing great has been and nothing great can be accomplished
without passion. G.W.F. Hegel
This e-mail (including attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C., Sections 2510-2521. It is
intended for the individual or entity to which it is addressed. This
communication is confidential and may contain information that is
proprietary, privileged or otherwise legally exempt from
disclosure. If you are not the addressee, you are not authorized to
read, print, retain, copy or disseminate this message or any part
thereof. If you have received this message in error please notify the
sender immediately by e-mail and delete all copies of this message
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 3 of 16
your request.
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
- List of IPs your organization will initiate downloads from.
- How many times a second you plan to access the web site.
- What measures you put in place to prevent the attack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) (b)(6),(b)(7)(C)
Sent: Wednesday, May 18, 2011 11:11 AM
To: Norris, Jonathan (CONTR)
Subject: email address
(b)(6),(b)(7)(C)
Information Security
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 4 of 16
Owners
Only:
Owners
Only:
I will be out of the office for today (Wed. 5/18). Please contact
User Services at 6-8959 for any assistance.
4 calls from four different people this morning that claim to be the
latest point of contact for this case. I forwarded the history of them
to sellee evon the most recent security POC
From: Norris, Jonathan (CONTR)
Sent: Wednesday, May 18, 2011 11:12 AM
To: '(b)(6),(b)(7)(C)
Subject: FW: Reference to case 54472
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) [(b)(6),(b)(7)(C)
]
Sent: Thursday, May 05, 2011 4:50 PM
To: Norris, Jonathan (CONTR)
(b)(b),(b)(7)(C) (b)(6),(b)(7)(C)
Cc: (b)(6),(b)(7)(C)
Subject: RE: Reference to case 54472
Mr. Norris
Since Im now working with our network group, Im going to try
to work with them to place some governance around the use of
webcrawler utilities
As of right now, our mitigating strategy will be to educate this
particular user about the impact of running this kind of software on
our network, and be very clear that we expect him to NOT run the
software again. We intend to disable his network switch port if it
occurs again.
Additionally, we intend to research why our rate limiting did not
function properly, and see what we can do to correct it.
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 5 of 16
(b) (7)(A)
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Wednesday, May 04, 2011 12:27 PM
To: (b)(6),(b)(7)(C)
Subject: RE: Reference to case 54472
Thank you for contacting the U.S. Energy Information
Administration. We have created incident ticket #54427 to track
your request.
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock we will need to have an official
statement from your organization detailing how you will be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
- List of IPs your organization will initiate downloads from.
- How many times a second you plan to access the web site.
- What measures you put in place to prevent the attack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.doe.gov/privacyweb.html.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) [(b)(6),(b)(7)(C)
Sent: Wednesday, May 04, 2011 1:17 PM
To: Norris, Jonathan (CONTR)
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 6 of 16
Owners
Only:
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
-----Original Message----From: (b)(6),(b)(7)(C)
Sent: Wednesday, April 27, 2011 4:24 PM
To: Norris, Jonathan (CONTR)
Cc: (b)(6),(b)(7)(C)
Subject: RE: Blocked OG+E ip address
Jonathan,
I talked to the person within our company who is responsible for
running the program that caused the (malicious trafic). He had
talked to the firewall support people that he was able to contact
with the DOE, and they told him it was ok to run it again. He told
me he talked to them and I was under the impression you were
involved. Partly my fault. We have an understanding now that he
will not run it again and we have a meeting with him tomorrow to
look at his software and analyse how to configure it to not be
offensive. Until then it WILL not be run.
I appreciate your call to explain what you were seeing. We would
do the same thing to incoming traffic. OG+E would like to be
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 7 of 16
(b)(6),(b)(7)(C)
OG+E
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 8 of 16
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 9 of 16
> >>>
> >>> All our external internet traffic will be
> coming from
> >> our
> >>> NAT address of(b)(6),(b)(7)(C) We don't
> expect more
> >> than
> >>> one access per second to your web site,
> averaged over
> >> five
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 10 of 16
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 11 of 16
> >>>>
> >>>> We ask that you access the web site a
> reasonable
> >>> number of
> >>>> times per
> >>>> second when attempting to download the
> files to
> >> avoid
> >>> your
> >>>> traffic being
> >>>> categorized as a denial of service attack.
>
> >>>>
> >>>> In order to process your unblock request
> we will
> >> need
> >>> to
> >>>> have an
> >>>> official statement from your organization
> >> detailing
> >>> how you
> >>>> will be
> >>>> modifying your download traffic and how
> you will
> >>> prevent
> >>>> abusive
> >>>> download attempts. This plan should
> include:
> >>>> - List of IPs your organization will
> initiate
> >>> downloads
> >>>> from.
> >>>> - How many times a second you plan to
> access the
> >> web
> >>> site.
> >>>>
> >>>> - What measures you put in place to
> prevent the
> >> attack
> >>> from
> >>>> happening
> >>>> again.
> >>>> Once you have submitted your statement,
> EIA will
> >>> review
> >>>> your Unblock
> >>>> request.
> >>>>
> >>>> The EIA privacy statement and security
> policy can
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 12 of 16
> >> be
> >>> found
> >>>> here
> >>>> http://www.eia.gov/privacyweb.html .
> >>>>
> >>>> Jonathan Norris
> >>>> Chenega Government Consulting, LLC
> >>>> Contractor to U.S. Energy Information
> >> Administration
> >>>> 1000 Independence Avenue, SW
> >>>> Washington, DC 20585
> >>>>
> >>>>
> >>>> -----Original Message----> >>>> From: (b)(6),(b)(7)(C) [(b)(6),(b)(7)(C)
> >>>>
> >>>> Sent: Monday, April 04, 2011 3:05 PM
> >>>> To: Norris, Jonathan (CONTR)
> >>>> Subject: Blocked OG+E ip address
> >>>>
(b)(6),(b)(7)(C)
> >>>> From: Moore,
> >>>> Sent: Monday, April 04, 2011 1:51 PM
> >>>> To: 'Jonathan.Norris@eia.gov'
> >>>> Cc: (b)(6),(b)(7)(C)
> >>>> Subject: blocked site
> >>>>
> >>>>
> >>>>
> >>>> Jonathan,
> >>>>
> >>>> Can you give me more information as to
> what you
> >> are
> >>> seeing
> >>>> from our
> >>>> outside address? I have been receiving
> complaints
> >> from
> >>> our
> >>>> people that
> >>>> the site eia.gov is blocked. As I am
> writing
> >> this,
> >>> I
> >>>> think I just found
> >>>> the culprit in our company. He is in our
> >> corporate
> >>> planning
> >>>> dept and has
> >>>> a program called Polyanalyst that is a
> form of
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 13 of 16
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 14 of 16
> >>>>
(b)(6),(b)(7)(C)
> Doug
> >>>> Subject: FW: Abuse from (b)(6),(b)(7)(C)
> >>>> Importance: High
> >>>>
> >>>>
> >>>>
> >>>> Please trace this if you can. Resolve
> eia.gov and
> >> use
> >>> the
> >>>> Niksun to
> >>>> trace any conversations.
> >>>>
> >>>>
> >>>>
> >>>> From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
> >>>>
> >>>> Sent: Friday, April 01, 2011 1:21 PM
> >>>> To: (b)(6),(b)(7)(C)
> >>>> Subject: Abuse from (b)(6),(b)(7)(C)
> >>>>
> >>>>
> >>>>
> >>>> Hello
> >>>>
> >>>> We are receiving malicious traffic from a
> host
> >>> registered
> >>>> to your
> >>>> domain: (b)(6),(b)(7)(C) this traffic is
> >> targeting
> >>>> eia.gov.
> >>>>
> >>>> Please investigate and remediate.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> Jonathan Norris
> >>>>
> >>>> Chenega Government Consulting, LLC
> >>>> Contractor to U.S. Energy Information
> >> Administration
> >>>> 1000 Independence Avenue, SW
> >>>> Washington, DC 20585
> >>>>
> >>>>
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 15 of 16
> >>>>
> >>>
> >>
>
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 16 of 16
https://kbox/adminui/ticket.php?ID=54893
2/16/2012
Page 1 of 15
Ticket TICK:55002
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
unBlock (b)(6),(b)(7)(C)
Single IP
Unblock
Completed
Medium
Luu, Quan (CONTR)
None
IRblocks@eia.gov
2011/04/21 16:39:27
2011/10/07 03:45:44
Norris, Jonathan (CONTR)
None
None
.done
Owners
Only:
- 2011/10/07 03:45:44
Owners
Only:
From: (b)(6),(b)(7)(C)
Sent: Thursday, April 28, 2011 2:14 PM
To: Norris, Jonathan (CONTR)
Subject: RE: Blocked IP address
Concerning the use of the EIA website, we will be modifying our
download traffic to prevent abusive download attempts by doing
the following:
1) Assigned a single user to access the site, download files and
distribute them internally.
2) Assigned user will refresh the site no more than time per
second via web browser.
3) IP address range is (b)(6),(b)(7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 2 of 15
IT Developer
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
We plan on accessing the website no more than (b) (7)(A) times per
second. (Assuming two people at the same time.)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 3 of 15
The only thing I can think to prevent this is assigning only one
person to download files.
If you can provide any clarification on how our use could be
considered an attack that would be helpful. My direct line is
below so feel free to call.
Thank you,
(b)(6),(b)(7)(C)
IT Developer
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 4 of 15
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
Owners
Only:
(b)(6),(b)(7)(C)
We plan on accessing the website no more than (b) (7)(A) times per
second. (Assuming two people at the same time.)
The only thing I can think to prevent this is assigning only one
person to download files.
If you can provide any clarification on how our use could be
considered an attack that would be helpful. My direct line is
below so feel free to call.
Thank you,
(b)(6),(b)(7)(C)
IT Developer
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 5 of 15
Owners
Only:
Owners
Only:
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 6 of 15
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 7 of 15
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 8 of 15
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 9 of 15
http://www.eia.doe.gov/oil_gas/natural_gas/ngs_notice.html
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16)
Gecko/20110319 AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399
http://www.eia.doe.gov/oil_gas/natural_gas/ngs_notice.html
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16)
Gecko/20110319 AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319
AskTbTRL2/3.11.3.15590 Firefox/3.6.16
(b)(6),(b)(7)(C) - - [21/Apr/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 10 of 15
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 11 of 15
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 12 of 15
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 13 of 15
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 14 of 15
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 15 of 15
https://kbox/adminui/ticket.php?ID=55002
2/16/2012
Page 1 of 9
Ticket TICK:55304
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Bily, Glenn (CONTR)
None
(b)(6),(b)(7)(C)
2011/05/04 11:38:57
2011/05/19 16:40:59
Norris, Jonathan (CONTR)
None
None
.
Owners
Only:
(b)(6),(b)(7)(C)
Mrs.
,
This email will serve as a record with that stated we need you to specify the IP, Specify the technical
and managerial controls you will put in place (your organization will be held to the stated controls) and
specify the number of times per second you will access the site.
We ask that you access the web site a reasonable number of times per second when attempting to
download the files to avoid your traffic being categorized as a denial of service attack. We also ask that
you limit the number of IP's accessing the web site. Many large organizations download the data once
and redistribute the information internally. You may want to consider this option.
In order to process your unblock request we will need to have an official statement from your
organization detailing how you will be modifying your download traffic and how you will prevent
abusive download attempts. This plan should include:
-(b) (7)(A) your organization will initiate downloads from.
you plan to access the web site.
(b) (7)(A)
- What measures you put in place to prevent the attack from happening again.
Once you have submitted your statement, EIA will review your Unblock request.
The EIA privacy statement and security policy can be found here http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) [mailto:(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55304
afp.com]
2/16/2012
Page 2 of 9
______________
(b)(6),(b)(7)(C)
Financial Markets Correspondent
(b) (7)(A)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b) (7)(A)
________________________________________
From: Norris, Jonathan (CONTR) [mailto:Jonathan.Norris@eia.gov]
Sent: jeudi 19 mai 2011 15:11
To: (b)(6),(b)(7)(C)
Cc: DiMascio, Shannon (CONTR)
Subject: RE: Request: removal from blocking list
Thank you for contacting the U.S. Energy Information Administration. We have created incident ticket
#55304 to track your request.
We ask that you access the web site a reasonable number of times per second when attempting to
download the files to avoid your traffic being categorized as a denial of service attack. We also ask that
you limit the number of IP's accessing the web site. Many large organizations download the data once
and redistribute the information internally. You may want to consider this option.
In order to process your unblock request we will need to have an official statement from your
organization detailing how you will be modifying your download traffic and how you will prevent
abusive download attempts. This plan should include:
-(b) (7)(A) your organization will initiate downloads from.
-(b) (7)(A)
you plan to access the web site.
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 3 of 9
- What measures you put in place to prevent the attack from happening again.
Once you have submitted your statement, EIA will review your Unblock request.
The EIA privacy statement and security policy can be found here http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b)(6),(b)(7)(C) [mailto:(b)(6),(b)(7)(C)
Sent: Thursday, May 19, 2011 3:07 PM
To:
Cc: (b)(6),(b)(7)(C)
Subject: Request: removal from blocking list
(b)(6),(b)(7)(C)
Good afternoon,
As requested when we spoke on the phone, here is the NAT address for my organization:
(b)(6),(b)(7)(C)
Apparently we have been blocked from accessing the data releases on the EIA website. We would like
to be removed from the blocking list.
We are a news organization and have been covering the EIA data releases for a long time now.
The head of our IT department in the US is CCed in this email.
Thank you again for looking into this.
Best regards,
(b)(6),(b)(7)(C)
______________
(b)(6),(b)(7)(C)
Financial Markets Correspondent
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b) (7)(A)
This e-mail, and any file transmitted with it, is confidential and intended solely for the use of the
individual or entity to whom it is addressed. If you have received this email in error, please contact the
sender and delete the email from your system. If you are not the named addressee you should not
disseminate, distribute or copy this email.
For more information on (b) (7)(A)
, please visit our web site at (b) (7)(A)
This e-mail, and any file transmitted with it, is confidential and intended solely for the use of the
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 4 of 9
individual or entity to whom it is addressed. If you have received this email in error, please contact the
sender and delete the email from your system. If you are not the named addressee you should not
disseminate, distribute or copy this email.
For more information on (b)
(7)(A)
(7)(A)
Owners
Only:
(b)(6),(b)(7)(C)
Apparently we have been blocked from accessing the data releases on the EIA website. We would like
to be removed from the blocking list.
We are a news organization and have been covering the EIA data releases for a long time now.
The head of our IT department in the US is CCed in this email.
Thank you again for looking into this.
Best regards,
(b)(6),(b)(7)(C)
______________
(b)(6),(b)(7)(C)
Financial Markets Correspondent
(b) (7)(A)
(b)(6),(b)(7)(C)
(b)(6),(b)(7)(C)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
This e-mail, and any file transmitted with it, is confidential and intended solely for the use of the
individual or entity to whom it is addressed. If you have received this email in error, please contact the
sender and delete the email from your system. If you are not the named addressee you should not
disseminate, distribute or copy this email.
For more information on (b)
(7)(A)
(7)(A)
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Bily, Glenn (CONTR)".
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 5 of 9
(b) (7)(A)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 6 of 9
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 7 of 9
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 8 of 9
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
http://www.eia.doe.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 ( .NET
CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)
Gecko/20100625 Firefox/3.6.6 ( .NET CLR 3.5.30729; .NET4.0C)
(b)(6),(b)(7)(C) - - [04/May/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2072
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 9 of 9
https://kbox/adminui/ticket.php?ID=55304
2/16/2012
Page 1 of 6
Ticket TICK:55424
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
block (b)(6),(b)(7)(C)
Single IP
Block
Completed
Medium
Bily, Glenn (CONTR)
None
IRblocks@eia.gov
2011/05/09 13:01:41
2011/05/11 08:24:19
Norris, Jonathan (CONTR)
None
None
.
Owners
Only:
Ticket Created
(b) (7)(A)
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 2 of 6
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 3 of 6
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 4 of 6
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 5 of 6
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 6 of 6
(b)(6),(b)(7)(C)
https://kbox/adminui/ticket.php?ID=55424
2/16/2012
Page 1 of 17
Ticket TICK:55810
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 2 of 17
(7)
Subject: (b)
Official Response to Incident Ticket #54472
(A)
Hi Jonathan,
is requesting to remove the current block on the EIA site. As
(7)
a response to the incident related to ticket #54472, (b)
has taken
(A)
the analysis tool offline to avoid our network traffic from being
categorized as a denial of service attack. Taking the tool offline
should bring back our hit rate back to normal prior to the incident
(7)
related to ticket #54472. Considering that (b)
requires access to
(A)
the EIA site to download/upload required filings, we are estimating
(b)
that the peak hit rate will be at approximately (7)
hits per second.
(A)
(b) (6),
Additionally, although (b) (7)(C) have many users who requires to
(b) (6),
access the EIA site, all of (b) (7)(C) outbound traffic will be coming
(b) (6), (b) (7)(C)
from
I appreciate your assistance in resolving this matter. If you have
any questions, please feel free to contact me at (b) (6), (b) (7)(C) or
reply by email.
Thank you,
(b) (7)
(A)
Information Security
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 3 of 17
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
(b) (7)(A)
your organization will initiate downloads from.
(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent the attack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b) (6), (b) (7)(C)
Sent: Wednesday, May 18, 2011 11:11 AM
To: Norris, Jonathan (CONTR)
Subject: email address
Information Security
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 4 of 17
thereof. If you have received this message in error please notify the
sender immediately by e-mail and delete all copies of this message
Owners
Only:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 5 of 17
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 6 of 17
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:36
:event-type Attack
(b) (7)
:opened (A)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
(6), (b) (7)
Source IP Address (b)
(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:36
:event-type Attack
(b)
:opened (7)
(b)
(b) (7)(A)
(7)
:pam.
(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 7 of 17
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:17
:event-type Attack
(b) (7)
:opened (A)
(b) (7)(E)
:pam.
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
:(b) (7)(E)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 8 of 17
Severity Low
Observance Type Intrusion Detection
Combined Event Count(b)
(7)(E)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
(6), (b) (7)
Source IP Address (b)
(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:12
:event-type Attack
(b) (7)
:opened (A)
b)
:pam.(b) (7)(A)
7)(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
b)
:(b) (7)(A)
7)(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 62824
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 9 of 17
:blocked-count 1
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 50121
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:opened (7)
(E)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 10 of 17
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 65130
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(b) (7)(A)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b)
Combined Event Count(7)
(E)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 55514
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 11 of 17
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 12 of 17
:event-type Attack
:opened(b)
b)
:pam.(b) (7)(A)
7)(A)
:Protocol Name TCP
:repeat-count(b)
(7)(A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
b)
:(b) (7)(A)
7)(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
(6), (b) (7)
Source IP Address (b)
(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:36
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 13 of 17
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-05-30 18:35:17
:event-type Attack
(b) (7)
:opened (A)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-05-30 18:35:08
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-05-30 18:35:08 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count (b)
(7)(A)
Cleared Flag false
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 14 of 17
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 15 of 17
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 16 of 17
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 17 of 17
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
https://kbox/adminui/ticket.php?ID=55810
2/16/2012
Page 1 of 6
Ticket TICK:55941
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
added on both netscalers..
Owners
Only:
Changed ticket Title from "block (b) (6), (b) (7)(C) " to "block
(b) (6), (b) (7)(C)
on netscaler".
Changed ticket CC list from "" to
"Prashanth.Narayanan@eia.gov".
IP
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 2 of 6
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 3 of 6
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-06 02:19:26 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b)
Combined Event Count(7)
(A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 56594
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:(b) (7)(A) (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 4 of 6
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 5 of 6
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 6 of 6
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
https://kbox/adminui/ticket.php?ID=55941
2/16/2012
Page 1 of 9
Ticket TICK:55948
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
(b) (6), (b) (7)(C)
Owners
Only:
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 2 of 9
(b) (7)
(A)
:(b) (7)(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 3 of 9
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 4 of 9
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 5 of 9
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 6 of 9
(b)
:repeat-count (7)
(A)
:start-time 2011-06-06 11:29:02
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-06 10:00:22 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b)
Combined Event Count(7)
(A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 41497
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b)
:repeat-count(7)
(A)
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-06 10:00:22 EDT
Tag Name (b) (7)(E)
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 7 of 9
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 8 of 9
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b)
:repeat-count(7)
(A)
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
:(b) (7)(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 9 of 9
https://kbox/adminui/ticket.php?ID=55948
2/16/2012
Page 1 of 38
Ticket TICK:55997
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 2 of 38
Thank you Jonathan for your quick response and apologies for
creating excess traffic. Attached is an official letter along with our
future plan to reduce the traffic generated from (b) (7)(A)
Thank you and have a good holiday weekend.
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 3 of 38
Owners
Only:
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 4 of 38
hits to the site by an application that was accessing the main page.
We have disabled the application to comply with the instructions
found here: http://www.eia.gov/neic/press/press335.html.
Can you unblock (b) (7)(A)
at the following IP address
Thank you for your time.
Owners
Only:
over (7)
hits a second
(A)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 5 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 6 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 7 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 8 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 9 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 10 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 11 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 12 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 13 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 14 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 15 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 16 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 17 of 38
.NET4.0E)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 18 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 19 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 20 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 21 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 22 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 23 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 24 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 25 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 26 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 27 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 28 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 29 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 30 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 31 of 38
Safari/534.24
(b) (6), (b) (7)(C)
Owners
Only:
Ticket Created
over (7)
hits a second
(A)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 32 of 38
.NET4.0E)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 33 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 34 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 35 of 38
.NET4.0E)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 36 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 37 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 38 of 38
https://kbox/adminui/ticket.php?ID=55997
2/16/2012
Page 1 of 5
Ticket TICK:56105
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Changed ticket Owner from "Bily, Glenn (CONTR)" to "Luu, Quan (CONTR)".
Changed ticket Status from "Requested" to "Completed".
Owners
Only:
Houston, TX
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56105
2/16/2012
Page 2 of 5
Houston, TX
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
(C)
The following EIA websites are accessed once a week, every Wednesday at 09:30 AM to download
the CSV file data:
http://ir.eia.gov/wpsr/table9.csv
http://ir.eia.gov/wpsr/table5a.csv
https://kbox/adminui/ticket.php?ID=56105
2/16/2012
Page 3 of 5
The downloads for this data could be initiated from either of these IP addresses from our Houston
office:
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
Once the data is downloaded it is being posted internally for access by other (b) (7) employees. The
(A)
process for obtaining this data has been in place for several years and was working well until very
recently. No changes have been made to the process for obtaining this data or how it is then posted
for internal use by others.
Please advise if this is sufficient information to unblock our access to the .csv file portion of the site.
If you have any concerns or if there is additional information you require or that you can provide
please let us know.
Thank you.
(b) (6), (b) (7)(C)
Houston, TX
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56105
2/16/2012
Page 4 of 5
Owners
Only:
was contacted by
(b) (6), (b) (7)(C)
Houston, TX
(b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Luu, Quan (CONTR)".
Owners
Only:
Ticket Created
- - [09/Jun/2011:(b) (7)(A) -0400] GET /favicon.ico HTTP/1.1 200 4150 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /favicon.ico HTTP/1.1 200 4150 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /favicon.ico HTTP/1.1 200 4150 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
https://kbox/adminui/ticket.php?ID=56105
2/16/2012
Page 5 of 5
Gecko/20110420 Firefox/3.6.17
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17)
Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/ngs.html HTTP/1.1 503 1398 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/ngs.html HTTP/1.1 503 1398 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/ngs.html HTTP/1.1 503 1398 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
- - [09/Jun/2011:(b) (7)(A) -0400] GET /ngs/ngs.html HTTP/1.1 503 1398 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56105
2/16/2012
Page 1 of 6
Ticket TICK:56118
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
Owners
Only:
amsterdam no POC
Date/Time 2011-06-13 11:33:07 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 312
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 2 of 6
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 312
:coalescer-info Forwarded due to age
:end-time 2011-06-13 11:33:08
:event-type Attack
:(b) (7)(A)
:pam.(b) (7)(A)
:Protocol Name TCP
:repeat-count 312
:start-time 2011-06-13 11:33:07
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
:(b) (7)(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-13 11:52:17 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-06-13 11:52:17
:event-type Attack
(b) (7)
:(b) (7)(A) (A)
:pam.(b) (7)(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-06-13 11:52:17
:target-ip-addr-end 205.254.135.24
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 3 of 6
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-13 11:52:17 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 61541
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:(b) (7)(A) (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-13 11:52:17 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 4 of 6
Owners
Only:
Ticket Created
amsterdam no POC
Date/Time 2011-06-13 11:33:07 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 312
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 5 of 6
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-06-13 (b) (7)(A)
:event-type Attack
(b) (7)
:(b) (7)(A) (A)
:pam.(b) (7)(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-06-13 11:33:07
:target-ip-addr-end 205.254.135.24
:target-ip-addr-start 205.254.135.24
(b)
(7)
:(b) (7)(A)
(A)
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-06-13 (b) (7)(A) EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
(b) (7)
Combined Event Count (A)
Cleared Flag false
Target IP Address 205.254.135.24
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 0
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
(b) (7)
:blocked-count (A)
:coalescer-info Forwarded due to age
:end-time 2011-06-13 (b) (7)(A)
:event-type Attack
(b) (7)
:(b) (7)(A) (A)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
(b) (7)
:repeat-count (A)
:start-time 2011-06-13 (b) (7)(A)
:target-ip-addr-end 205.254.135.24
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 6 of 6
:target-ip-addr-start 205.254.135.24
:(b) (7)(A)
61
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
https://kbox/adminui/ticket.php?ID=56118
2/16/2012
Page 1 of 11
Ticket TICK:56548
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Bily, Glenn (CONTR)".
Owners
Only:
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 2 of 11
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 3 of 11
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 4 of 11
3.5.30729)
(b) (6), (b) (7)
(C)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 5 of 11
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 6 of 11
Owners
Only:
Ticket Created
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 7 of 11
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 8 of 11
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 9 of 11
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 10 of 11
3.5.30729)
(b) (6), (b) (7)
(C)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 11 of 11
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/app/js_timer.jsp HTTP/1.1 200 2073
(C)
http://ir.eia.gov/wpsr/wpsrsummary.pdf Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
GTB7.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
(b) (6), (b) (7)
- - [07/Jul/2011:(b) (7)(A) -0400] GET /wpsr/wpsrsummary.pdf HTTP/1.1 503 1698
(C)
http://www.eia.gov/oil_gas/petroleum/data_publications/weekly_petroleum_status_report/wpsr.html
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB7.1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
https://kbox/adminui/ticket.php?ID=56548
2/16/2012
Page 1 of 11
Ticket TICK:56892
unBlock (b) (6), (b) (7)(C)
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Range of IPs
Unblock
Requested
Medium
Norris, Jonathan (CONTR)
IR Server
None
IRblocks@eia.gov
2011/07/26 14:52:33
2011/09/16 03:45:28
Norris, Jonathan (CONTR)
None
None
done
and
- 2011/09/16 03:45:28
Owners
Only:
Owners
Only:
My apologies,
You have (b) (7)(A)
and we cant allow any entity to have
that many can you cut them down. See below
Thank you for contacting the U.S. Energy Information
Administration. We have created incident ticket #56892 to track
your request.
We ask that you access the web site a reasonable number of times
per second when attempting to download the files to avoid your
traffic being categorized as a denial of service attack. We also ask
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 2 of 11
that you limit the number of IP's accessing the web site. Many
large organizations download the data once and redistribute the
information internally. You may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will
be modifying your download traffic and how you will prevent
abusive download attempts. This plan should include:
(b) (7)(A)
your organization will initiate downloads from.
(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from
happening again.
Once you have submitted your statement, EIA will review your
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
From: (b) (6), (b) (7)(C)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 3 of 11
Would it be possible to add these IPs to the list that you maintain
for (b) (7)(A)
and unblock the ones that are blocked, so that
we can transition fully to these new IP addresses? We will only use
the IPs mentioned below ((b) (6), (b) (7)(C) or (b) (6), (b) (7)(C) ) for
backup purposes.
Thank you,
(b) (6), (b) (7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 4 of 11
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 5 of 11
per
second when attempting to download the files to avoid your traffic
being
categorized as a denial of service attack. We also ask that you limit
the number of IP's accessing the web site. Many large
organizations
download the data once and redistribute the information internally.
You
may want to consider this option.
In order to process your unblock request we will need to have an
official statement from your organization detailing how you will
be
modifying your download traffic and how you will prevent abusive
download attempts. This plan should include:
your organization will initiate downloads from.
(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent theattack from
happening
again.
Once you have submitted your statement, EIA will review your
Unblock
request.
(b) (7)(A)
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
-----Original Message----From: (b) (6), (b) (7)(C)
(ATTSI) [mailto:(b) (6), (b) (7)(C)
Sent: Friday, March 11, 2011 10:31 AM
To: Norris, Jonathan (CONTR)
Subject: Website blocked
Jonathan:
My users in Houston with (b) (7)(A)
are being blocked getting
to
ir.eia.gov/ngs/ngs.html. We should be coming from (b) (6), (b) (7)(C)
(b) (6),
(b) (7)(C)
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 6 of 11
the future?
Thanks,
(b) (6), (b) (7)(C)
(b) (7)
(A)
(b) (7)(A)
Owners
Only:
Owners
Only:
Ticket Created
over(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 7 of 11
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 8 of 11
(b) (7)
over(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 9 of 11
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 10 of 11
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 11 of 11
https://kbox/adminui/ticket.php?ID=56892
2/16/2012
Page 1 of 8
Ticket TICK:56911
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Ticket Created
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 2 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 3 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 4 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 5 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 6 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 7 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 8 of 8
https://kbox/adminui/ticket.php?ID=56911
2/16/2012
Page 1 of 26
Ticket TICK:56912
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Ticket Created
over (7)
(A)
(b) (7)(A)
POC is
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 2 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 3 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 4 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 5 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 6 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 7 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 8 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 9 of 26
.NET4.0C; .NET4.0E)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 10 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 11 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 12 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 13 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 14 of 26
.NET4.0C; .NET4.0E)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 http://ir.eia.gov/ngs/ngs.html Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;
InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
.NET CLR 1.1.4322; .NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400] GET /ngs/ngs.html
HTTP/1.1 503 1399 - Mozilla/4.0 (compatible; MSIE 8.0;
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 15 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 16 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 17 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 18 of 26
.NET4.0C; .NET4.0E)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2152
http://ir.eia.gov/ngs/ngs.html Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR
3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 1.1.4322;
.NET4.0C; .NET4.0E)
(b) (6), (b) (7)(C)
- - [21/Jul/2011:(b) (7)(A) -0400]
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 19 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 20 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 21 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 22 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 23 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 24 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 25 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 26 of 26
https://kbox/adminui/ticket.php?ID=56912
2/16/2012
Page 1 of 22
Ticket TICK:57002
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 2 of 22
We can work with (A) can you put that in your previous proposal,
and send it. If so you will be unblocked before the next release.
From: (b) (6), (b) (7)(C)
Sent: Friday, August 12, 2011 11:55 AM
To: Norris, Jonathan (CONTR)
Subject: RE: NG Storage Report
Ok, we were thinking that might be too high Greg mentioned he
(b) (7)
could keep it to (A) if we absolutely had to with understanding
that well begin working on a proxy solution From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, August 12, 2011 11:54 AM
To: (b) (6), (b) (7)(C)
Subject: RE: NG Storage Report
(b) (6), (b)
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 3 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 4 of 22
Ive talked through this with (b) (7)(C) It sounds like this is a document
that is published at a specific time every week and is important for
us to understand a fairly critical part of our business. It also sounds
like there is a peak interest in the resource at a specific time for
everyone that needs the information. Were a fairly small
(b)
organization with around (7)
people that need access to this
(A)
information, but everyone is translated to a single IP address
((b) (6), (b) (7)(C) so it may appear to your systems like a SYN attack
or the like. Ideally, we shouldnt see more than (b) (7)(A)
(b) (7)(A)
during the critical 10:30 publishing window, assuming
the site is responsive. Ive discussed this with Greg, and it sounds
like the site is set up to keep people from refreshing the site too
aggressively and verified that we dont have any automated
systems retrieving this data, so Im not sure what steps we can take
internally to alleviate this situation, as an organization our size
should have a difficult time generating the traffic necessary to fire
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 5 of 22
(6), (b)
From: (b)
(7)(C)
Sent: Thursday, August 11, 2011 2:23 PM
To: (b) (6), (b) (7)(C)
Subject: FW: NG Storage Report
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 6 of 22
Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
(b) (6),
(b) (7)
(C)
Thanks,
(b) (6), (b) (7)
(C)
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 7 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 8 of 22
Paul,
Thanks,
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 9 of 22
Having trouble getting into your storage report page after the report
release today at 10:30. Other folks here say they havent been able
to get in to that page for ie storage history etc for several days.
Thanks,
| Supply Analyst
Direct (b) (6), (b) (7)(C) | Fax (b) (6), (b) (7)(C)
(b) (7)(A)
(b) (7)(A)
________________________________
________________________________
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 10 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 11 of 22
Owners
Only:
Owners
Only:
to "unBlock
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 12 of 22
Jonathan,
(b) (6), (b)
Ive talked through this with (7)(C) It sounds like this is a document
that is published at a specific time every week and is important for
us to understand a fairly critical part of our business. It also sounds
like there is a peak interest in the resource at a specific time for
everyone that needs the information. Were a fairly small
(b)
organization with around (7)
people that need access to this
(A)
information, but everyone is translated to a single IP address
((b) (6), (b) (7)(C) so it may appear to your systems like a SYN attack
or the like. Ideally, we shouldnt see more than 50 access attempts
per second during the critical 10:30 publishing window, assuming
the site is responsive. Ive discussed this with Greg, and it sounds
like the site is set up to keep people from refreshing the site too
aggressively and verified that we dont have any automated
systems retrieving this data, so Im not sure what steps we can take
internally to alleviate this situation, as an organization our size
should have a difficult time generating the traffic necessary to fire
off a well tuned firewall/IPS infrastructure, unless something else
is awry.
Could you help us understand when we were blacklisted and
whether or not it is an internal or external blacklist? Its difficult to
truly root cause the issue without the exact reasoning behind the
blacklist and the time period that it occurred.
If you could give me a call at (b) (6), (b) (7)(C) or send over your
contact information, it would be helpful. Your assistance much
appreciated.
Warm Regards,
(b) (6), (b)
(7)(C)
(6), (b)
From: (b)
(7)(C)
Sent: Thursday, August 11, 2011 2:23 PM
To: (b) (6), (b) (7)(C)
Subject: FW: NG Storage Report
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 13 of 22
(b) (6),
(b) (7)
(C)
Thanks,
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 14 of 22
Dear Mr.(7)(C)
Hello again, you are welcome for the previously sent information,
and thank you for your additional email to the U.S. Energy
Information Administration (EIA)
Perhaps it has something to do with our automated data retrieval
policy:
http://www.eia.gov/about/privacy_security_policy.cfm
Contact the following person to see if you have been blocked from
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 15 of 22
Paul,
Thanks,
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 16 of 22
Having trouble getting into your storage report page after the report
release today at 10:30. Other folks here say they havent been able
to get in to that page for ie storage history etc for several days.
Thanks,
| Supply Analyst
Direct (b) (6), (b) (7)(C) | Fax (b) (6), (b) (7)(C)
(b) (7)(A)
(b) (7)(A)
________________________________
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 17 of 22
________________________________
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 18 of 22
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 19 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 20 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 21 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 22 of 22
https://kbox/adminui/ticket.php?ID=57002
2/16/2012
Page 1 of 3
Ticket TICK:57003
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/09/16 03:45:28
Owners
Only:
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57003
2/16/2012
Page 2 of 3
Please see if you can either find some contact info for this
organization, or if you can get approval to temporarily block them.
https://kbox/adminui/ticket.php?ID=57003
2/16/2012
Page 3 of 3
Greg Rollins
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
gregory.rollins@eia.gov
202-586-4299
https://kbox/adminui/ticket.php?ID=57003
2/16/2012
Page 1 of 3
Ticket TICK:57026
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
- 2011/09/16 03:45:28
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57026
2/16/2012
Page 2 of 3
Greg Rollins
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
gregory.rollins@eia.gov
202-586-4299
From: Norris, Jonathan (CONTR)
Sent: Tuesday, August 02, 2011 8:30 AM
To: Rollins, Gregory (CONTR)
Cc: Narayanan, Prashanth (CONTR); Saladin, Sayeed (CONTR);
Singh, Jarnail (CONTR)
Subject: RE: (b) (6), (b) (7)(C)
Ill put the ticket in for the netscaler
From: Rollins, Gregory (CONTR)
Sent: Monday, August 01, 2011 10:17 PM
To: Norris, Jonathan (CONTR)
Cc: Narayanan, Prashanth (CONTR); Saladin, Sayeed (CONTR);
Singh, Jarnail (CONTR)
Subject: Sogou+web+spider
(6),
Hi (b)
(b) (7)
(C)
(7)
The (b) (6), (b) (7)(C) IP address was hitting us(b)
times per second
(A)
on Saturday. It was GETing the same page over and over again,
which is poor practice. It calls itself the: (b) (6), (b) (7)(C)
((b) (6), (b) (7)(C)
)
(6), (b)
I did not try browsing that (b)
website, but the WHOIS
(7)(C)
information does not provide much info so that may be
worthwhile.
https://kbox/adminui/ticket.php?ID=57026
2/16/2012
Page 3 of 3
showDetails=true&showARIN=true
#
Server Central Network SCN-7 (NET-(b) (7)(A)
7(b) (7)(A)
HostForWeb Inc (b) (7)(A)
(b) (7)(A)
Please see if you can either find some contact info for this
organization, or if you can get approval to temporarily block them.
Greg Rollins
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
gregory.rollins@eia.gov
202-586-4299
https://kbox/adminui/ticket.php?ID=57026
2/16/2012
Page 1 of 19
Ticket TICK:57075
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Ticket Created
over(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 2 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 3 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 4 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 5 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 6 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 7 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 8 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 9 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 10 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 11 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 12 of 19
- - [04/Aug/2011:(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57075
-0400]
2/16/2012
Page 13 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 14 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 15 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 16 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 17 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 18 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 19 of 19
https://kbox/adminui/ticket.php?ID=57075
2/16/2012
Page 1 of 9
Ticket TICK:57085
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 2 of 9
this happened and did so. We have recently had some of our
network users who did not monitor the release of this information
in the past begin to monitor the release. They were unaware of our
new policy and proceeded to press F5(refresh) repeatedly in
anticipation of the release of the weekly EIA NG storage number.
Since yesterday, these people been educated on our policy for
minimizing our requests per second to the EIA resources.
Our official statement from our organization detailing how we will
be modifying our download traffic and how we will try to prevent
being categorized as having abusive download attempts is as
follows:
--Requests will come from ip: (b) (6), (b) (7)(C) --We will attempt to
(b) (7)
(A)
limit our (b) (7)(A)
--This was not an attack
and an attack will Never be initiated from within our small
network, but we have taken steps to educat our new users to limit
their requests per second so that they will not be categorized as an
attack by the automated EIA processes that monitor requests per
second.
I understand that these limits are in place not just to protect from
true DOS attacks but also to limit the cost of resources it would
take to service an unlimited simultaneous load on the resources.
The EIA is probably already be implementing the following:
-- IP mulitcast traffic: http://en.wikipedia.org/wiki/Multicast
-- HTTP compression:
http://en.wikipedia.org/wiki/HTTP_compression
.. if they are not, then there may be an opportunity to better service
the ever growing load on the EIA resources through the
implementation of the above technologies.
Thanks for your consideration and for everything you are doing to
protect these resources. Please let us know when we will be
unblocked.
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 3 of 9
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 4 of 9
Please investigate the issue and reply back with your findings
including actions taken on your end to mitigate the issue. Failure to
reply and or cure will result in additional AUP actions.
Best regards,
AR-02
Cogent Abuse
abuse@cogentco.com
==
Hello,
Thanks for the reply. A generic report of the activity will be
reported to our customer for their review. Please note in the
absence of logging or log file makes your report an alleged
instance of abuse. A general description of the events regarding the
associated ports, protocol etc.
or edited log file would yield the best results in identifying,
isolating and negating the source.
Best regards,
Cogent Abuse
abuse@cogentco.com
-----Original Message----From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, August 05, 2011 12:31 PM
To: Abuse
Subject: RE: Abuse from (b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 5 of 9
I cannot send you logs from this Government Agency. I will tell
you that this activity occurred on August 4 between 10am and
11am
-----Original Message----From: Abuse [mailto:nocabuse@cogentco.com]
Sent: Friday, August 05, 2011 12:30 PM
To: Norris, Jonathan (CONTR)
Cc: Abuse
Subject: RE: Abuse from (b) (6), (b) (7)(C)
Hello,
Thanks for contacting Cogent Abuse. Please provide a log sample
or detailed summary depicting the traffic in question which will aid
in our investigation. Please be sure any logging provided includes
the destination IP, source and destination ports, protocol, time, date
and time zone associated with the logged event[s].
Best regards,
Cogent Abuse
abuse@cogentco.com
==
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, August 05, 2011 12:24 PM
To: ipalloc; Abuse
Subject: Abuse from (b) (6), (b) (7)(C)
Hello
We are receiving malicious traffic from a host registered to your
domain: (b) (6), (b) (7)(C) this traffic is targeting ir.eia.gov. Please
investigate and remediate.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration 1000
Independence Avenue, SW Washington, DC 20585
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 6 of 9
Only:
Ticket Created
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 7 of 9
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 8 of 9
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 9 of 9
https://kbox/adminui/ticket.php?ID=57085
2/16/2012
Page 1 of 11
Ticket TICK:57091
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 2 of 11
in Dev, Test, and QA are only run when they need to be tested. The
production job is the only job that will run daily.
We plan to access this website about (b) (7)(E)
at the
most, our application team has made changes to reduce traffic.
Here are the two IPs that are linked to (b) (7)(A) :
(b) (6), (b) (7)(C)
(b) (6), (b) (7)
(C)
Please let me know if you need anything else to get us off the
blocked list.
Thank you for your assistance.
(b) (6), (b) (7)(C)
************************************************** This
e-mail and any of its attachments may contain (b) (7)(A) Corporation
proprietary information, which is privileged, confidential, or
subject to copyright belonging to the (b) (7)(A) Corporation family of
Companies. This e-mail is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to
the contents of and attachments to this e-mail is strictly prohibited
and may be unlawful. If you have received this e-mail in error,
please notify the sender immediately and permanently delete the
original and any copy of this e-mail and any printout. Thank You.
**************************************************
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 3 of 11
Jonathan,
This is still an issue, can you please let me know what else do you
need to get us off the blocked list?
Im adding more information below.
Thanks,
(b) (6), (b) (7)(C)
(b) (6), (b) (b) (6), (b) (b) (6), (b) (7)(C) (b) (6), (b)
(7)(C)
(7)(C)
(7)(C)(b) (6),
(b) (7)(C)
Cc:
BSC)
Subject: RE: <update> Can no longer access Natural Gas Storage
report from EIA site.
Here is the ip information you need
Source: ksqmswe_(b) (6), (b) (7)(C)
Destination: tibcoqa (b) (6), (b) (7)(C)
which is translated to
(6), (b) (7)
(b) (6), (b) (7)(C)
ksqweb_(b)
_nat
(C)
Hide NAT is (b) (6), (b) (7)(C) This should be what they see coming to
them.
The other information I dont know
(b) (6), (b)
From: (b) (6), (b) (7)(C)
(7)(C)
Sent: Thursday, August 25, 2011 3:19 PM
(6),
(b) (6), (b)
(b) (6), (b) (7)(C)
To: IT Netwrk Ops(b)
(b) (7)(C)
(7)(C)
(b) (6),
(b) (7)(C)
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 4 of 11
Please see the information below and provide details for the
information requested in red.
Thank you!
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 5 of 11
(b) (6),
(b) (7)
(C)
,
Can you or the woman I just spoke with go to this site
http://whatismyipaddress.com/ and send me that IP
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 6 of 11
(b) (6),
(b) (7)
(C)
Fuels Trader
(b) (7)(A)
(b) (7)(A)
************************************************** This
e-mail and any of its attachments may contain (b) (7)(A) Corporation
proprietary information, which is privileged, confidential, or
subject to copyright belonging to the (b) (7)(A) Corporation family of
Companies. This e-mail is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to
the contents of and attachments to this e-mail is strictly prohibited
and may be unlawful. If you have received this e-mail in error,
please notify the sender immediately and permanently delete the
original and any copy of this e-mail and any printout. Thank You.
**************************************************
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
************************************************** This
e-mail and any of its attachments may contain (b) (7)(A) Corporation
proprietary information, which is privileged, confidential, or
subject to copyright belonging to the (b) (7)(A) Corporation family of
Companies. This e-mail is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to
the contents of and attachments to this e-mail is strictly prohibited
and may be unlawful. If you have received this e-mail in error,
please notify the sender immediately and permanently delete the
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 7 of 11
original and any copy of this e-mail and any printout. Thank You.
**************************************************
************************************************** This
e-mail and any of its attachments may contain (b) (7)(A) Corporation
proprietary information, which is privileged, confidential, or
subject to copyright belonging to the (b) (7)(A) Corporation family of
Companies. This e-mail is intended solely for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to
the contents of and attachments to this e-mail is strictly prohibited
and may be unlawful. If you have received this e-mail in error,
please notify the sender immediately and permanently delete the
original and any copy of this e-mail and any printout. Thank You.
**************************************************
Changed ticket Title from "Block (b) (6), (b) (7)(C) to "unBlock
(b) (6), (b) (7)(C)
Owners
Only:
Owners
Only:
Ticket Created
(6), (b)
POC is abuse@(b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 8 of 11
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 9 of 11
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 10 of 11
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 11 of 11
https://kbox/adminui/ticket.php?ID=57091
2/16/2012
Page 1 of 25
Ticket TICK:57130
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
- 2011/09/16 03:45:28
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 2 of 25
2) During the first and last weeks of each month we run a process daily that synchs the EIA Monthly
Petroleum data. This process looks across the (about 2000) files that EIA releases and makes sure
(b)
that we have the latest copy. This process does not open more than (7) simultaneous connection,
(A)
(b)
(7)(A)
however, it may end up connecting
per second in succession as it scans for all of the
files one by one.
**We believe that #2 above is the process that is causing you concern.
We will disable the #2 job above and will change the process so it doesn't not open as many rapid
(b
connections in succession within the same second. We will limit the job to open a max of )
(7
)
connection per second. Also, prior to running the job the next time, we will contact you first
so that
(A
)
you can monitor the traffic and make sure that it is not causing any problems.
I hope this is enough information for you to process our unblock request. We would really appreciate
it if you can unblock our IP address as soon as possible.
Thank you for your consideration,
(b) (6), (b)
(7)(C)
SECTION: Summary
NAME: Supply & Disposition
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 3 of 25
Owners
Only:
Owners
Only:
Had a 10 min phone conversation with user to explain that we show that he did infact hit the site
eccessively and needs to remediate the issue on his end and submit a plan
Owners
Only:
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 4 of 25
We ask that you access the web site a reasonable number of times per second when attempting to
download the files to avoid your traffic being categorized as a denial of service attack. We also ask
that you limit the number of IP's accessing the web site simultaneously. Many large organizations
download the data once and redistribute the information internally. You may want to consider this
option.
In order to process your unblock request we will need to have an official statement from your
organization detailing how you will be modifying your download traffic and how you will prevent
abusive download attempts. This plan should include:
(b) (7)(A)
your organization will use to access the website.
(b) (7)(A)
you plan to access the web site.
- What measures you put in place to prevent the attack from happening again.
Once you have submitted your statement, EIA will review your Unblock request.
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
Thanks,
(b) (6), (b)
(7)(C)
Changed ticket Title from "FW: Can't access EIA website" to "FW: Can't access EIA website
(b) (6), (b) (7)(C)
Owners
Only:
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 5 of 25
(C)
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 6 of 25
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701682 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 498
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701706 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701706 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 396
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701722 for outside:(b) (6), (b) (7)
((b) (6), (b) (7) 8
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701722 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 498
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701742 for outside:(b) (6), (b) (7) 8690 ((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701759 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701742 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 396
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701855 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 497
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701878 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701898 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701878 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 396
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701898 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 498
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701940 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701959 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701940 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 396
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434701959 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 498
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434701983 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 7 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 8 of 25
(C)
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 9 of 25
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702516 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702500 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 410
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702516 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702538 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702561 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702538 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 410
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702561 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 512
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702577 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702598 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702577 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 410
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702598 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702621 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702632 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702650 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702660 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702650 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 410
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434702660 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434702674 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 10 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 11 of 25
(C)
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 12 of 25
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703127 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703109 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 412
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703127 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 514
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703146 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703160 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703146 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 412
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703160 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 514
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703176 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703199 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703176 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 412
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703199 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703215 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703225 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703215 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 412
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703225 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 513
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703245 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703263 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703245 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 412
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 13 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 14 of 25
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 15 of 25
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703783 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703799 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703783 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 408
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703799 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 510
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703818 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703839 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703818 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 408
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703839 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 510
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703868 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703868 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 408
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703882 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703909 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703896 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 408
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703909 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 510
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703921 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434703945 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703921 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 408
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434703945 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 510
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 16 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 17 of 25
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 18 of 25
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704509 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704521 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704509 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 414
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704521 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 516
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704543 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704565 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 517
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704579 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704595 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704579 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 414
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704595 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 516
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704636 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704655 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704636 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 414
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704655 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 517
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704668 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434704685 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704668 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 414
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434704685 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 516
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 19 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 20 of 25
(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 21 of 25
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705032 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705048 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705032 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 422
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705078 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 524
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705096 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705110 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705096 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 422
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705110 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 523
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705127 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705136 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705127 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 422
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705136 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 525
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705158 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705169 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705158 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 420
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
434705169 for outside:(b) (6), (b) (7)
to inside:205.254.135.24/80 duration 0:00:00 bytes 523
(C)
TCP FINs
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705195 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302013: Built inbound TCP connection
434705224 for outside:(b) (6), (b) (7)
((b) (6), (b) (7)
to inside:205.254.135.24/80
(C)
(C)
(205.254.135.24/80)
Aug 7 (b) (7)(A) esc-isp-fw1-isp.nmic.doe.gov %ASA-6-302014: Teardown TCP connection
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 22 of 25
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 23 of 25
(C)
(C)
Owners
Only:
Ticket Created
From: User-Services-Center
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 24 of 25
Jonathan,
Regards,
Sujith Krishnan
Chenega Government Consulting, LLC,
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
User Services Center
Sujith.Krishnan@eia.gov
PH: 202-586-2994
Hello, my name is (b) (6), (b) I work for (b) (7) in Chicago. We can't
(7)(C)
(A)
seem to access the EIA website and was wondering if our company has been
blocked. Can you please see if this is the case and if possible, why we
were blocked?
Thanks,
(b) (6), (b)
(7)(C)
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 25 of 25
________________________________
CONFIDENTIALITY AND SECURITY NOTICE
The contents of this message and any attachments may be confidential and
proprietary and also may be covered by the Electronic Communications
Privacy Act. This message is not intended to be used by, and should not
be relied upon in any way, by any third party. If you are not an
intended recipient, please inform the sender of the transmission error
and delete this message immediately without reading, disseminating,
distributing or copying the contents. (b) (7) l makes no assurances that
(A)
this e-mail and any attachments are free of viruses and other harmful
code.
https://kbox/adminui/ticket.php?ID=57130
2/16/2012
Page 1 of 14
Ticket TICK:57186
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/09/16 03:45:28
Owners
Only:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 2 of 14
Hi Jonathan,
(b) (6),
(b) (7)(C)
________________________________________
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Friday, August 19, 2011 11:18 AM
To: (b) (6), (b) (7)(C)
Cc: (b) (6), (b) (7)(C)
Subject: RE: Unblock Request - Re: Incident Ticket 57186
(6),
Mrs. (b)
(b) (7)
(C)
(b)
(b)
(b)
The (7)
IPs coming in a (7)
hits a Second will give you a total of (7)
(A)
(A)
(A)
per second that is extremely too high.
From: (b) (6), (b) (7)(C)
Sent: Thursday, August 18, 2011 6:19 PM
To: Norris, Jonathan (CONTR)
Cc: (b) (6), (b) (7)(C)
Subject: FW: Unblock Request - Re: Incident Ticket 57186
Hi Jonathan,
Thank you for the conversation today. We have corrected our
submission. Please find the updated information below in your
initial email.
Thank you!
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 3 of 14
______________________________________________
From: (b) (6), (b) (7)(C)
Sent: Wednesday, August 17, 2011 6:32 PM
To: 'Jonathan.Norris@eia.gov'
Cc: (b) (6), (b) (7)(C)
Subject: Unblock Request - Re: Incident Ticket 57186
Hello Jonathan,
Thank you again for your return phone call yesterday in response
to your incident ticket #57186 and your concern referencing
potential malicious traffic. The traffic is legitimate and therefore
remediation measures are not necessary as the below listed IP
address is one of several web proxy devices in our environment.
We ask that you process our unblock request as quickly as feasible,
and please inform when this is completed. Please expedite this
request, as this information is critical to our customer's business
processes. In fact, tomorrow morning's Weekly Natural Gas
Storage Report Schedule information release scheduled at
Thursday, August 17 at 10:30AM requires access by our business
unit. Please see the information (answers added into your email
below) to serve as the statement from our organization.
Thank you.
(b) (6), (b) (7)(C)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 4 of 14
(b) (7)(A)
(b) (7)(A)
(b) (7)(A)
(b) (6), (b) (7)(C)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 5 of 14
The EIA privacy statement and security policy can be found here
http://www.eia.gov/privacyweb.html .
_____________________________________________
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Thursday, August 11, 2011 12:35 PM
To: (b) (6), (b) (7)(C)
Subject: Abuse from (b) (6), (b) (7)(C)
Hello
We are receiving malicious traffic from a host registered to your
domain: (b) (6), (b) (7)(C) this traffic is targeting ir.eia.gov.
Please investigate and remediate.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration
1000 Independence Avenue, SW
Washington, DC 20585
The information contained in this message is intended only for the
personal and
confidential use of the recipient(s) named above. If the reader of
this message is
not the intended recipient or an agent responsible for delivering it
to the intended
recipient, you are hereby notified that you have received this
document in error
and that any review, dissemination, distribution, or copying of this
message is
strictly prohibited. If you have received this communication in
error, please notify
us immediately, and delete the original message.
The information contained in this message is intended only for the
personal and
confidential use of the recipient(s) named above. If the reader of
this message is
not the intended recipient or an agent responsible for delivering it
to the intended
recipient, you are hereby notified that you have received this
document in error
and that any review, dissemination, distribution, or copying of this
message is
strictly prohibited. If you have received this communication in
error, please notify
us immediately, and delete the original message.
https://kbox/adminui/ticket.php?ID=57186
Owners
2/16/2012
Page 6 of 14
Only:
Spoke with POC twice and Explained the procedure and why I
cannot direct them on there own configuration.
Owners
Only:
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 7 of 14
Owners
Only:
Ticket Created
times a second
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 8 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 9 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 10 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 11 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 12 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 13 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 14 of 14
https://kbox/adminui/ticket.php?ID=57186
2/16/2012
Page 1 of 30
Ticket TICK:57201
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/09/16 03:45:28
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
(b)
(7)
(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 2 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 3 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 4 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 5 of 30
- - [11/Aug/2011:(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57201
-0400]
2/16/2012
Page 6 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 7 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 8 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 9 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 10 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 11 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 12 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 13 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 14 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 15 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 16 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 17 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 18 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 19 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 20 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 21 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 22 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 23 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 24 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 25 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 26 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 27 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 28 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 29 of 30
- - [11/Aug/2011:(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57201
-0400]
2/16/2012
Page 30 of 30
https://kbox/adminui/ticket.php?ID=57201
2/16/2012
Page 1 of 3
Ticket TICK:57227
(b)(6),(b)(7)(C)
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
IR Server
None
IRblocks@eia.gov
2011/08/15 10:05:44
2011/12/08 03:45:04
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
- 2011/12/08 03:45:04
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Luu, Quan (CONTR)".
Owners
Only:
Ticket Created
Please block
(b)
(7)
(A)
POC is abuse@yellowfiber.net
(b) b) (7)(A)(b) (7)(A)
(7)(A)
(b)(6),
(b)(7)
(C)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 200 215 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MS-
https://kbox/adminui/ticket.php?ID=57227
2/16/2012
Page 2 of 3
(b)
(6),
(b)(7)
(C)
RTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
https://kbox/adminui/ticket.php?ID=57227
(b) (7)
(A)
2/16/2012
Page 3 of 3
(b)(6),
(7)(C)
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
https://kbox/adminui/ticket.php?ID=57227
(b)(7)
(A)
2/16/2012
Page 1 of 3
Ticket TICK:57227
(b)(6),(b)(7)(C)
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Block
Single IP
Block
Completed
Medium
Luu, Quan (CONTR)
IR Server
None
IRblocks@eia.gov
2011/08/15 10:05:44
2011/12/08 03:45:04
Norris, Jonathan (CONTR)
None
None
done
Owners
Only:
- 2011/12/08 03:45:04
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Luu, Quan (CONTR)".
Owners
Only:
Ticket Created
Please block
(b)
(7)
(A)
POC is abuse@yellowfiber.net
(b) (7)(A)
over
(b)(6),
(b)(7)
(C)
hits a second
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 200 215 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MS-
https://kbox/adminui/ticket.php?ID=57227
2/16/2012
Page 2 of 3
(b)
(6),
(b)(7)
(C)
RTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
https://kbox/adminui/ticket.php?ID=57227
(b) (7)
(A)
2/16/2012
Page 3 of 3
(b)(6),
(7)(C)
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
- - [11/Aug/2011:
-0400] GET /ngs/blackberry.txt HTTP/1.1 503 1404 - Mozilla/4.0+
(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+MSRTC+LM+8;+.NET4.0C;+.NET4.0E)
https://kbox/adminui/ticket.php?ID=57227
(b)(7)
(A)
2/16/2012
Page 1 of 2
Ticket TICK:57443
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/12/08 03:45:04
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57443
2/16/2012
Page 2 of 2
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2151 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2151 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2150 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2150 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - -
https://kbox/adminui/ticket.php?ID=57443
-0400]
-0400]
-0400]
(
b
)
(
6
)
,
(
b
)
(
7
)
(
C
)
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
2/16/2012
Page 1 of 6
Ticket TICK:57444
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/10/07 03:45:45
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57444
2/16/2012
Page 2 of 6
www.twitter.com/(b) (7)(A)
www.Linkedin.com/companies/(b) (7)(A)
---------- Forwarded message ---------From: (b) (6), (b) (7)(C) <(b) (6), (b) (7)(C)
>
Date: Wed, Aug 24, 2011 at 14:07
Subject: Re: #HD0000002409257-Abuse; Cust; (b) (7)(A)
Complaint received from eia.gov regarding traffic from (b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57444
2/16/2012
Page 3 of 6
www.twitter.com/(b) (7)(A)
www.Linkedin.com/companies/(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57444
2/16/2012
Page 4 of 6
AR-02
Cogent Abuse
abuse@cogentco.com
==
I cannot give you any logs from this government agency.
-----Original Message----From: Abuse [mailto:nocabuse@cogentco.com]
Sent: Wednesday, August 24, 2011 12:45 PM
To: Norris, Jonathan (CONTR); Abuse
Cc: Atchley, Marvin; Abuse
Subject: RE: abuse from (b) (6), (b) (7)(C)
Hello,
Thanks for contacting Cogent Abuse. Please provide detailed
logging and or a description of the malicious traffic you are
receiving from IP address (b) (6), (b) (7)(C)
Please be sure to include the source and destination ports, protocol,
date, time and time zone the event[s] were logged in.
Best regards,
Cogent Abuse
abuse@cogentco.com
From: Norris, Jonathan (CONTR)
[mailto:Jonathan.Norris@eia.gov]
Sent: Wednesday, August 24, 2011 12:13 PM
To: Abuse
Cc: Atchley, Marvin
Subject: abuse from (b) (6), (b) (7)(C)
Hello
We are receiving malicious traffic from a host registered to your
domain: (b) (6), (b) (7)(C) this traffic is targeting ir.eia.gov.
Please investigate and remediate.
Jonathan Norris
Chenega Government Consulting, LLC
Contractor to U.S. Energy Information Administration 1000
Independence Avenue, SW Washington, DC 20585
https://kbox/adminui/ticket.php?ID=57444
2/16/2012
Page 5 of 6
Owners
Only:
Block is in place.
Owners
Only:
Ticket Created
(b) (7)(A)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2151 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2151 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2150 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/app/js_timer.jsp 200 2150 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - -
https://kbox/adminui/ticket.php?ID=57444
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
2/16/2012
Page 6 of 6
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 1400 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - (b) (6), (b) (7)(C)
- - [18/Aug/2011:(b) (7)(A)
GET /ngs/weekly.csv 200 982 - -
https://kbox/adminui/ticket.php?ID=57444
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
-0400]
2/16/2012
Page 1 of 44
Ticket TICK:57506
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 2 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 3 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 4 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 5 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 6 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 7 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 8 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 9 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 10 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 11 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 12 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 13 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 14 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 15 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 16 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 17 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 18 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 19 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 20 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 21 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 22 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 23 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 24 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 25 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 26 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 27 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 28 of 44
Owners
Only:
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 29 of 44
(b)
over (7)
hit a second
(A)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 30 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 31 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 32 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 33 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 34 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 35 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 36 of 44
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 37 of 44
(b)
over (7)
hit a second
(A)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 38 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 39 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 40 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 41 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 42 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 43 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 44 of 44
https://kbox/adminui/ticket.php?ID=57506
2/16/2012
Page 1 of 9
Ticket TICK:57785
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/12/08 03:45:04
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 2 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 3 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 4 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 5 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 6 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 7 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 8 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 9 of 9
https://kbox/adminui/ticket.php?ID=57785
2/16/2012
Page 1 of 21
Ticket TICK:57965
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/12/08 03:45:04
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)
(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 2 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 3 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 4 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 5 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 6 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 7 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 8 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 9 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 10 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 11 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 12 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 13 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 14 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 15 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 16 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 17 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 18 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 19 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 20 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 21 of 21
https://kbox/adminui/ticket.php?ID=57965
2/16/2012
Page 1 of 5
Ticket TICK:57966
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/12/08 03:45:04
Owners
Only:
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=57966
2/16/2012
Page 2 of 5
https://kbox/adminui/ticket.php?ID=57966
2/16/2012
Page 3 of 5
https://kbox/adminui/ticket.php?ID=57966
2/16/2012
Page 4 of 5
https://kbox/adminui/ticket.php?ID=57966
2/16/2012
Page 5 of 5
https://kbox/adminui/ticket.php?ID=57966
2/16/2012
Page 1 of 6
Ticket TICK:58209
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 2 of 6
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-10-05 13:16:00 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.25
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 1306
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:opened (7)
(b)
(7)
:pam.(b) (7)(A)
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.25
:target-ip-addr-start 205.254.135.25
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Date/Time 2011-10-05 13:16:00 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.25
Target Object Name 80
Target Object Type Target Port
Target Service http
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 3 of 6
Owners
Only:
Ticket Created
poc is ipadmin@
(b)
(7)
(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 4 of 6
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 5 of 6
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 6 of 6
https://kbox/adminui/ticket.php?ID=58209
2/16/2012
Page 1 of 6
Ticket TICK:58215
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
- 2011/11/25 03:45:02
Owners
Only:
Owners
Only:
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 2 of 6
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 3 of 6
SensorName IPSdot7
Date/Time 2011-10-05 13:16:00 EDT
Tag Name (b) (7)(E)
Alert Name (b) (7)(E)
Severity Low
Observance Type Intrusion Detection
Combined Event Count 1
Cleared Flag false
Target IP Address 205.254.135.25
Target Object Name 80
Target Object Type Target Port
Target Service http
Source IP Address (b) (6), (b) (7)(C)
SourcePort Name 1168
Sensor IP Address (b) (7)(A)
Sensor Name IPSdot7
:adapter A
:blocked-count 1
:event-type Attack
(b)
:(b) (7)(A) (7)
(b)
(b) (7)(A)
(7)
:pam.
(A)
:Protocol Name TCP
:repeat-count 1
:target-ip-addr-end 205.254.135.25
:target-ip-addr-start 205.254.135.25
AdapterID A
AdapterMode Inline Protection
algorithm-id 2119027
BLOCK Default
IANAProtocolId 6
LOGEVIDENCE Default
ResponseFilterID 0
SensorName IPSdot7
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 4 of 6
(b) (7)
(A)
(b)
(7)
(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 5 of 6
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 6 of 6
https://kbox/adminui/ticket.php?ID=58215
2/16/2012
Page 1 of 3
Ticket TICK:58430
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Changed ticket Title from "IR Block (b) (6), (b) (7)(C)
to
"IR Block (b) (6), (b) (7)(C)
Changed ticket Owner from "Somaram, James
(CONTR)" to "Norris, Jonathan (CONTR)".
Survey Satisfaction changed from "0" to empty
Changed ticket Status from "Completed" to "Requested".
https://kbox/adminui/ticket.php?ID=58430
2/16/2012
Page 2 of 3
Owners
Only:
Ticket Created
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=58430
2/16/2012
Page 3 of 3
https://kbox/adminui/ticket.php?ID=58430
2/16/2012
Page 1 of 7
Ticket TICK:58543
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
- 2011/11/25 03:45:02
Owners
Only:
Owners
Only:
Ticket Created
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 2 of 7
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 3 of 7
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 4 of 7
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 5 of 7
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 6 of 7
slx:we.pu.na)
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 7 of 7
https://kbox/adminui/ticket.php?ID=58543
2/16/2012
Page 1 of 1
Ticket TICK:58726
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=58726
2/16/2012
Page 1 of 3
Ticket TICK:59026
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
updated.
Owners
Only:
https://kbox/adminui/ticket.php?ID=59026
2/16/2012
Page 2 of 3
https://kbox/adminui/ticket.php?ID=59026
2/16/2012
Page 3 of 3
:adapter A
:arg configdir=|echo;echo%20YYYAAZ;uname;id;echo%
20YYY;echo|
(b)
:blocked-count(7)
(A)
:event-type Attack
:Protocol Name TCP
:repeat-count 1
:server ir.eia.gov
:target-ip-addr-end 205.254.135.25
:target-ip-addr-start 205.254.135.25
:URL /awstats/awstats.pl
:verdict attack_failed
AdapterID A
AdapterMode Inline Protection
algorithm-id 2113200
BLOCK Default
IANAProtocolId 6
ResponseFilterID 0
SensorName IPSdot7
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=59026
2/16/2012
Page 1 of 30
Ticket TICK:59084
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Owners
Only:
Ticket Created
(b)
(7)
(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 2 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 3 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 4 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 5 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 6 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 7 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 8 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 9 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 10 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 11 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 12 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 13 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 14 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 15 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 16 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 17 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 18 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 19 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 20 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 21 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 22 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 23 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 24 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 25 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 26 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 27 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 28 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 29 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 30 of 30
https://kbox/adminui/ticket.php?ID=59084
2/16/2012
Page 1 of 5
Ticket TICK:59216
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
IR block
Single IP
Block
Completed
Medium
Somaram, James (CONTR)
Netscaler
None
IRblocks@eia.gov
2011/12/06 16:09:27
2011/12/07 08:44:05
Norris, Jonathan (CONTR)
None
None
Block has been applied on both netscalers.
Owners
Only:
Ticket Created
(b) (7)(A)
(b) (7)(A)
https://kbox/adminui/ticket.php?ID=59216
2/16/2012
Page 2 of 5
Firefox/3.6.14
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
- - [01/Dec/2011:(b) (7)(A) -0500]
GET /ngs/app/js_timer.jsp HTTP/1.1 200 2153
http://ir.eia.gov/ngs/ngs.html Mozilla/5.0 (X11; U; Linux x86_64;
en-US; rv:1.9.2.14) Gecko/20110221 Red Hat/3.6.14-4.el6_0
Firefox/3.6.14
(b) (6), (b) (7)(C)
https://kbox/adminui/ticket.php?ID=59216
2/16/2012
Page 3 of 5
https://kbox/adminui/ticket.php?ID=59216
2/16/2012
Page 4 of 5
https://kbox/adminui/ticket.php?ID=59216
2/16/2012
Page 5 of 5
https://kbox/adminui/ticket.php?ID=59216
2/16/2012
Page 1 of 2
Ticket TICK:59226
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
https://kbox/adminui/ticket.php?ID=59226
2/16/2012
Page 2 of 2
:target-ip-addr-end 205.254.135.25
:target-ip-addr-start 205.254.135.25
:URL /awstats/awstats.pl
:verdict attack_failed
AdapterID A
AdapterMode Inline Protection
algorithm-id 2113200
BLOCK Default
IANAProtocolId 6
ResponseFilterID 0
SensorName IPSdot7
Owners
Only:
Ticket Created
https://kbox/adminui/ticket.php?ID=59226
2/16/2012
Page 1 of 8
Ticket TICK:59320
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Changed ticket Owner from "Norris, Jonathan (CONTR)" to "Somaram, James (CONTR)".
Ticket Created
Added attachment "ex111205.www2.2011.12.05.16.[23].to[4][0-2].log.filtered.with.(b) (6), (b) (7)(C) zip"
log exerpt
2011-12-05 (b) (7)(A) GET /styles/eia_header.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 232600 937
2011-12-05 (b) (7)(A) GET /global/scripts/ga_head.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 825 62
2011-12-05 (b) (7)(A) GET /global/images/icons/teachers.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 2107 140
2011-12-05 (b) (7)(A) GET /global/images/bg/header_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3193 31
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/eiblogo-wtagline-final.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 14244 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/libby-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6179 31
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/major-sources-users-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3372 31
2011-12-05 (b) (7)(A) GET /global/images/bg/footer_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1471 234
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/shale-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6665 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/oil-tanker-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 7116 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/ghg-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4266 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/wind-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8261 46
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_address.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 5138 281
2011-12-05 (b) (7)(A) GET /global/images/btns/rs_submit.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1679 265
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 2 of 8
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/coal-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4714 46
2011-12-05 (b) (7)(A) GET /global/images/fancybox/blank.gif - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 362 203
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/nuclear-industry-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2697 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/renewables-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1831 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/RPS-EIB-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6007 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/email-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1345 218
2011-12-05 (b) (7)(A) GET /CFusionMX7/global/data/whatsnew.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 792 218
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancybox.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 15612 250
2011-12-05 (b) (7)(A) GET /global/images/btns/close.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 1694 250
2011-12-05 (b) (7)(A) GET /favicon.ico - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) - 200 1454 250
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/elec_generators-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8361 171
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/cap-trade-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2572 109
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/world-oil-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2106 93
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/comparing-energy-consumption-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3102 93
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/high-voltage-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2692 109
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/Share-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1050 46
2011-12-05 (b) (7)(A) GET /favicon.ico - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 1454 234
2011-12-05 (b) (7)(A) GET /global/images/nav/es_over.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1612899775.1323102329.1323102329.1323102329.1;+__utmb=165580587.1.10.1323102329;+__utmc=165580587;+__utmz=165580587.1323102329
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 3021 406
2011-12-05 (b) (7)(A) GET /global/images/icons/energy_kids.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/404r.cfm?v=http://www.eia.gov/energy_in_bref 200 14870 421
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/spacer.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 625 125
2011-12-05 (b) (7)(A) GET /images/rss_icon.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 824 140
2011-12-05 (b) (7)(A) GET /images-homepage/email-icon.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 943 171
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/HorizontalGrayFade.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 671 156
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 3 of 8
2011-12-05 (b) (7)(A) GET /global/includes/eia_header_flat.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 13662 453
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/sqgreybullet.gif - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 384 187
2011-12-05 (b) (7)(A) GET /favicon.ico - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) - 200 1454 125
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_n.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 435 203
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_ne.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 677 203
2011-12-05 (b) (7)(A) GET /global/includes/eia_footer_flat.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 4048 250
2011-12-05 (b) (7)(A) GET /global/images/fancybox/blank.gif - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 362 218
2011-12-05 (b) (7)(A) GET /energy_in_brief - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0 - - 301 380 203
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancybox.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 15612 218
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/email-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1345 203
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_logo_print.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 9580 140
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_e.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 436 218
2011-12-05 (b) (7)(A) GET /global/images/btns/arrow_go.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1771 140
2011-12-05 (b) (7)(A) GET /CFusionMX7/global/data/whatsnew.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 792 46
2011-12-05 (b) (7)(A) GET /global/images/btns/rs_submit.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1679 31
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_logo.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 13333 46
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_se.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 682 203
2011-12-05 (b) (7)(A) GET /global/images/nav/es_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2682 62
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_s.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 440 203
2011-12-05 (b) (7)(A) GET /global/images/nav/topics_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2118 93
2011-12-05 (b) (7)(A) GET /global/images/nav/geo_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 4 of 8
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2561 78
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_sw.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 670 203
2011-12-05 (b) (7)(A) GET /global/images/nav/tools_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 3170 46
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_w.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 432 203
2011-12-05 (b) (7)(A) GET /global/images/nav/learn_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 4443 46
2011-12-05 (b) (7)(A) GET /global/images/nav/topics_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 41634 156
2011-12-05 (b) (7)(A) GET /global/images/nav/news_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 7123 62
2011-12-05 (b) (7)(A) GET /global/images/nav/geo_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 48371 156
2011-12-05 (b) (7)(A) GET /global/images/nav/tools_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1702 46
2011-12-05 (b) (7)(A) GET /global/images/nav/es_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 54284 187
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancy_shadow_nw.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.2108855905.1323102330.1323102330.1323102330.1;+__utmb=165580587.1.10.1323102330;+__utmc=165580587;+__utmz=165580587.1323102330
(direct)|utmccn=(direct)|utmcmd=(none) - 200 654 218
2011-12-05 (b) (7)(A) GET /global/images/nav/news_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1750 62
2011-12-05 (b) (7)(A) GET /global/images/nav/learn_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2513 62
2011-12-05 (b) (7)(A) GET /global/images/bg/footer_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1471 46
2011-12-05 (b) (7)(A) GET /global/images/nav/az_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1956 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/email-this-page.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1633 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/ - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0 - - 200 22028 203
2011-12-05 (b) (7)(A) GET /styles/eia_footer.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4337 93
2011-12-05 (b) (7)(A) GET /energy_in_brief - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0 - - 301 380 203
2011-12-05 (b) (7)(A) GET /CFIDE/scripts/masks.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4222 109
2011-12-05 (b) (7)(A) GET /global/images/icons/arrow_gr_r.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1268 203
2011-12-05 (b) (7)(A) GET /CFIDE/scripts/cfform.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 10968 203
2011-12-05 (b) (7)(A) GET /global/images/icons/twitter.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 5 of 8
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1722 234
2011-12-05 (b) (7)(A) GET /global/images/icons/email.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1532 234
2011-12-05 (b) (7)(A) GET /global/images/icons/rss.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1792 234
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_address.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 5138 265
2011-12-05 (b) (7)(A) GET /global/images/nav/a-z_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.18341550.1323102331.1323102331.1323102331.1;+__utmb=165580587.1.10.1323102331;+__utmc=165580587;+__utmz=165580587.1323102331.1.
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2993 375
2011-12-05 (b) (7)(A) GET /energy_in_brief/EIB.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 7470 281
2011-12-05 (b) (7)(A) GET /energy_in_brief/EIB-print.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2967 343
2011-12-05 (b) (7)(A) GET /styles/eia_sitewideF.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 72678 546
2011-12-05 (b) (7)(A) GET /energy_in_brief/bookmarks.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 11451 390
2011-12-05 (b) (7)(A) GET /energy_in_brief/email-this-page.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1633 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/ - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0 - - 200 22028 187
2011-12-05 (b) (7)(A) GET /CFIDE/scripts/masks.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4222 93
2011-12-05 (b) (7)(A) GET /energy_in_brief/EIB.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 7470 140
2011-12-05 (b) (7)(A) GET /styles/eia_footer.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4337 250
2011-12-05 (b) (7)(A) GET /CFIDE/scripts/cfform.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 10968 328
2011-12-05 (b) (7)(A) GET /global/scripts/ga_head.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 825 62
2011-12-05 (b) (7)(A) GET /styles/eia_header.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 232600 890
2011-12-05 (b) (7)(A) GET /energy_in_brief/EIB-print.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2967 250
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/libby-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6179 93
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/eiblogo-wtagline-final.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 14244 125
2011-12-05 (b) (7)(A) GET /global/images/bg/header_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3193 125
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/major-sources-users-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3372 140
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/wind-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8261 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/oil-tanker-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 7116 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/shale-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6665 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/coal-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4714 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/ghg-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4266 46
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 6 of 8
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/nuclear-industry-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2697 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/renewables-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1831 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/cap-trade-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2572 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/elec_generators-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8361 156
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/comparing-energy-consumption-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3102 31
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/RPS-EIB-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6007 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/high-voltage-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2692 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/world-oil-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2106 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/Share-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1050 46
2011-12-05 (b) (7)(A) GET /styles/eia_sitewideF.css - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 72678 562
2011-12-05 (b) (7)(A) GET /images-homepage/email-icon.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 943 125
2011-12-05 (b) (7)(A) GET /images/rss_icon.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 824 125
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/spacer.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 625 140
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/HorizontalGrayFade.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 671 140
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/sqgreybullet.gif - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 384 156
2011-12-05 (b) (7)(A) GET /favicon.ico - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
+chromeframe/5.0.317.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) - 200 1454 109
2011-12-05 (b) (7)(A) GET /global/includes/eia_header_flat.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 13662 531
2011-12-05 (b) (7)(A) GET /styles/eia_header.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 232600 921
2011-12-05 (b) (7)(A) GET /global/includes/eia_footer_flat.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 4048 234
2011-12-05 (b) (7)(A) GET /global/scripts/ga_head.js - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 825 78
2011-12-05 (b) (7)(A) GET /global/images/fancybox/blank.gif - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 362 203
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/email-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1345 203
2011-12-05 (b) (7)(A) GET /global/images/fancybox/fancybox.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 15612 234
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/major-sources-users-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3372 93
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_logo_print.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 7 of 8
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 9580 218
2011-12-05 (b) (7)(A) GET /global/images/btns/arrow_go.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1771 187
2011-12-05 (b) (7)(A) GET /CFusionMX7/global/data/whatsnew.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 792 125
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/libby-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6179 125
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/eiblogo-wtagline-final.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 14244 140
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/wind-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8261 140
2011-12-05 (b) (7)(A) GET /global/images/btns/rs_submit.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1679 46
2011-12-05 (b) (7)(A) GET /global/images/logos/eia_logo.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 13333 93
2011-12-05 (b) (7)(A) GET /global/images/nav/es_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2682 93
2011-12-05 (b) (7)(A) GET /global/images/nav/topics_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2118 46
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/elec_generators-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 8361 140
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/coal-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4714 93
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/oil-tanker-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 7116 93
2011-12-05 (b) (7)(A) GET /global/includes/eia_header_flat.htm - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 13662 265
2011-12-05 (b) (7)(A) GET /global/images/bg/header_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3193 187
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/ghg-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 4266 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/comparing-energy-consumption-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 3102 62
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/renewables-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 1831 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/shale-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 6665 187
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/nuclear-industry-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2697 78
2011-12-05 (b) (7)(A) GET /global/images/nav/learn_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 4443 93
2011-12-05 (b) (7)(A) GET /global/images/nav/tools_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 3170 93
2011-12-05 (b) (7)(A) GET /global/images/nav/geo_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2561 93
2011-12-05 (b) (7)(A) GET /global/images/nav/topics_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 41634 203
2011-12-05 (b) (7)(A) GET /global/images/nav/news_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 7123 62
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 8 of 8
2011-12-05 (b) (7)(A) GET /global/images/nav/es_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 54284 250
2011-12-05 (b) (7)(A) GET /global/images/nav/tools_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1702 62
2011-12-05 (b) (7)(A) GET /global/images/nav/a-z_dropdown.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 2993 46
2011-12-05 (b) (7)(A) GET /global/images/nav/news_off.png - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333.1
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1750 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/world-oil-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2106 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/Share-this.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.1821015360.1323102333.1323102333.1323102333.1;+__utmb=165580587.1.10.1323102333;+__utmc=165580587;+__utmz=165580587.1323102333
(direct)|utmccn=(direct)|utmcmd=(none) http://www.eia.gov/energy_in_brief/ 200 1050 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/high-voltage-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2692 78
2011-12-05 (b) (7)(A) GET /energy_in_brief/images/thumbnails/cap-trade-thumb.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
- http://www.eia.gov/energy_in_brief/ 200 2572 109
2011-12-05 (b) (7)(A) GET /global/images/bg/footer_bg.jpg - - (b) (6), (b) (7)(C) Mozilla/4.0+
(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+.NET4.0
__utma=165580587.968129143.1323102333.1323102333.1323102333.1;+__utmb=165580
Attachment: ex111205.www2.2011.12.05.16.[23].to[4][0-2].log.filtered.with.(b) (6), (b) (7)(C) zip (182.47 KB)
https://kbox/adminui/ticket.php?ID=59320
2/16/2012
Page 1 of 1
Ticket TICK:59561
Title:
Type:
Action:
Status:
Priority:
Technician:
Asset:
Due Date:
CC List:
Created:
Modified:
Submitter:
See Also:
Referrers:
Resolution:
Owners
Only:
Ticket Created
(b)
The (b) (6), (b) (7)(C) IP address hit www2 (A) times in a (7)
second
(A) (b)
(b)
(7) am),
period this morning (12/21/11 - 4:13:(7)
am
through
4:13:
(A)
(A)
(b) (7)
(b) (7)
(A)
(A)
and
times in the second period starting then. Also, I noticed
that the Referer is (b) (6), (b) (7)(C)
which according
to my lookups is a non-existant domain. The traffic itself did not
appear to be malicious, but I would like to have this IP blocked if
possible.
https://kbox/adminui/ticket.php?ID=59561
2/16/2012