On 1/19/12 1:01 PM, Dave Ellis wrote:
I've also received the emails, I assumed they were fake as our normal contacts haven't mentioned anything.
The body of the email indeed reads like a poorly-executed phish including elements such as "null" and "<personalized code here>" but headers seem legit. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On 1/19/2012 4:04 PM, Jay Hennigan wrote:
The body of the email indeed reads like a poorly-executed phish including elements such as "null" and "<personalized code here>" but headers seem legit.
I asked a local contact if it was legit and he confirmed that it is. Wait for the paper mail. I was amused to discover that to proceed on the web, I had to enter my last name as "Representative" -- as in "Dear Business Representative". Yep, really. AlanC -- alan@clegg.com | aclegg@infoblox.com 1.919.355.8851
Once upon a time, Alan Clegg <alan@clegg.com> said:
I was amused to discover that to proceed on the web, I had to enter my last name as "Representative" -- as in "Dear Business Representative". Yep, really.
<aol>me too</aol> After I got yet more such generic and useless info, I lost interest. I tried to go back and log in again, only to get this error from clicking "Login" on the main page: The page you have requested does not exist, or can not be accessed. Please log in to the application from the main login page. The link is back to the same login page. Hope it isn't anything actually important, as the emails and website have been a complete useless joke (that some contractor probably got millions for). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
+1 on these emails we have received 3 of them. Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com Once upon a time, Alan Clegg <alan@clegg.com> said:
I was amused to discover that to proceed on the web, I had to enter my last name as "Representative" -- as in "Dear Business Representative". Yep, really.
<aol>me too</aol> After I got yet more such generic and useless info, I lost interest. I tried to go back and log in again, only to get this error from clicking "Login" on the main page: The page you have requested does not exist, or can not be accessed. Please log in to the application from the main login page. The link is back to the same login page. Hope it isn't anything actually important, as the emails and website have been a complete useless joke (that some contractor probably got millions for). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
They are related to the DNSChanger and Ghostclick malware as ML said. The e-mails to us did come from the DOJ e-mail servers and were legitimate. The phone number is legit as well. On Thu, Jan 19, 2012 at 3:37 PM, Todd Lyons <tlyons@ivenue.com> wrote:
On Thu, Jan 19, 2012 at 1:39 PM, Carlos Alcantar <carlos@race.com> wrote:
+1 on these emails we have received 3 of them.
Three here as well. -- SOPA: Any attempt to [use legal means to] reverse technological advances is doomed. --Leo Leporte
On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco. -Hammer- "I was a normal American nerd" -Jack Herer On 1/19/2012 4:36 PM, Ryan Gelobter wrote:
They are related to the DNSChanger and Ghostclick malware as ML said. The e-mails to us did come from the DOJ e-mail servers and were legitimate. The phone number is legit as well.
On Thu, Jan 19, 2012 at 3:37 PM, Todd Lyons<tlyons@ivenue.com> wrote:
On Thu, Jan 19, 2012 at 1:39 PM, Carlos Alcantar<carlos@race.com> wrote:
+1 on these emails we have received 3 of them. Three here as well. -- SOPA: Any attempt to [use legal means to] reverse technological advances is doomed. --Leo Leporte
On Fri, Jan 20, 2012 at 08:07:10AM -0600, -Hammer- wrote:
On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco.
And write the scripts for various TV shows. "Able to reconstruct an HD image from a single pixel. It's _CSI_!" -- Mike Andrews, W5EGO mikea@mikea.ath.cx Tired old sysadmin
From nanog-bounces+bonomi=mail.r-bonomi.com@nanog.org Fri Jan 20 08:11:24 2012 Date: Fri, 20 Jan 2012 08:07:10 -0600 From: -Hammer- <bhmccie@gmail.com> To: nanog@nanog.org Subject: Re: US DOJ victim letter
On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco.
For illustration purposes, for a non-techincal audience, it seems (at least somewhat) reasonable to use 'nonets' instead of octets. After all, 'no nets' are clearly not what DNS -should- be returning. *GRIN* And, of course, systems using the traditional unix dotted-quad to binary conversion logic _will_ happily convert those strings to a 32-bit int.
Today it looks like we have received the letter from the DOJ which gives us login information, for listing of ip's within our network that where affected with date and time stamps. Anyone else get these yet? Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com -----Original Message----- From: Robert Bonomi <bonomi@mail.r-bonomi.com> Date: Fri, 20 Jan 2012 13:08:56 -0600 To: "nanog@nanog.org" <nanog@nanog.org> Subject: Re: US DOJ victim letter
From nanog-bounces+bonomi=mail.r-bonomi.com@nanog.org Fri Jan 20 08:11:24 2012 Date: Fri, 20 Jan 2012 08:07:10 -0600 From: -Hammer- <bhmccie@gmail.com> To: nanog@nanog.org Subject: Re: US DOJ victim letter
On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco.
For illustration purposes, for a non-techincal audience, it seems (at least somewhat) reasonable to use 'nonets' instead of octets. After all, 'no nets' are clearly not what DNS -should- be returning. *GRIN* And, of course, systems using the traditional unix dotted-quad to binary conversion logic _will_ happily convert those strings to a 32-bit int.
+------------------------------------------------------------------------------ | On 2012-01-27 18:12:16, Carlos Alcantar wrote: | | Today it looks like we have received the letter from the DOJ which gives | us login information, for listing of ip's within our network that where | affected with date and time stamps. Anyone else get these yet? I have. The login doesn't work (for me). htauth pops up on fbi.gov, creds don't auth. Bit odd, if it's a phish. Even more odd if it's actually from the Fed. Cheers. -- bdha cyberpunk is dead. long live cyberpunk.
On 01/27/2012 10:16 AM, Bryan Horstmann-Allen wrote:
+------------------------------------------------------------------------------ | On 2012-01-27 18:12:16, Carlos Alcantar wrote: | | Today it looks like we have received the letter from the DOJ which gives | us login information, for listing of ip's within our network that where | affected with date and time stamps. Anyone else get these yet?
Yeah we got ours and after all this it's just a list of customer IP's that have been detected as having altered dns settings. Honestly, I could care less about customer virus infections. I am not going to do anything with the information and am likely to ignore future occurrences from the fbi if this is all they got. Mike-
On Fri, 27 Jan 2012, Mike wrote:
Honestly, I could care less about customer virus infections. I am not going to do anything with the information and am likely to ignore future occurrences from the fbi if this is all they got.
Each ISP will makes its own business decision what they want to do. I'm not involved with it, and this is just my personal opinion., The idea is DNS resolution will stop working for those customers after the court order expires and the temporary DNS server stops. Those customers will likely start calling your customer service lines saying "The Internet is broken." Instead of ISP call centers being overloaded with customer calls all at once when the temporary DNS servers answering on the DNSchanger IP addresses are shutdown, the FBI is trying to give those ISPs a heads up their customers' DNS will break in the near future. The FBI hasn't done this before, so its a bit of a learning experience for everyone. Like many first time things, it hasn't gone as smoothly as anyone wanted. It is up to individual ISPs to decide if they want to inform their customers proactively, or wait until DNS stops working for the customer and the customer calls the ISP help desk complaining the Internet is down. Yes, I know, the Internet isn't down; but ask your customer service manager what they want to do.
On 1/27/12 1:23 PM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 27 Jan 2012 13:16:27 EST, Bryan Horstmann-Allen said:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
What if it's a phish from a compromised Fed box? :)
We've spoken to folks at various FBI field offices and at 26 Plaza in New York which is handling this case. Further, John Curran (ARIN CEO) has confirmed it's real via their own liaison and Paul Vixie is actually working with them on this. Randy
On Fri, Jan 27, 2012 at 1:32 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 1/27/12 1:23 PM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 27 Jan 2012 13:16:27 EST, Bryan Horstmann-Allen said:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
What if it's a phish from a compromised Fed box? :)
We've spoken to folks at various FBI field offices and at 26 Plaza in New York which is handling this case. Further, John Curran (ARIN CEO) has confirmed it's real via their own liaison and Paul Vixie is actually working with them on this.
It's definitely real. Best, -M<
On Fri, Jan 27, 2012 at 10:20:08PM -0500, Martin Hannigan wrote:
On Fri, Jan 27, 2012 at 1:32 PM, Randy Epstein <nanog@hostleasing.net> wrote:
On 1/27/12 1:23 PM, "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 27 Jan 2012 13:16:27 EST, Bryan Horstmann-Allen said:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
What if it's a phish from a compromised Fed box? :)
We've spoken to folks at various FBI field offices and at 26 Plaza in New York which is handling this case. Further, John Curran (ARIN CEO) has confirmed it's real via their own liaison and Paul Vixie is actually working with them on this.
It's definitely real.
Best,
-M<
I missed the part where ARIN turned over its address database w/ associatedd registration information to the Fed ... I mean I've always advocated for LEO access, but ther has been significant pushback fromm the community on unfettered access to that data. As I recall, there are even policies and processes to limit/restrict external queries to prevent a DDos of the whois servers. And some fairly strict policies on who gets dumps of the address space. As far as I know (not very far) bundling the address database -and- the registration data are not available to mere mortals. So - just how DID the Fed get the data w/o violating ARIN policy? /bill
bmanning@vacation.karoshi.com writes:
I missed the part where ARIN turned over its address database w/ associatedd registration information to the Fed ... I mean I've always advocated for LEO access, but ther has been significant pushback fromm the community on unfettered access to that data. As I recall, there are even policies and processes to limit/restrict external queries to prevent a DDos of the whois servers. And some fairly strict policies on who gets dumps of the address space. As far as I know (not very far) bundling the address database -and- the registration data are not available to mere mortals.
So - just how DID the Fed get the data w/o violating ARIN policy?
Hi Bill, In case you're not trolling here (occam's razor says I'm giving you too much credit), a few points: 1) There has been substantial involvement by Federal LE at ARIN PPMs in terms of pushing for policy that makes WHOIS data more accurate... including one person who served on the ARIN AC after he went to work in the private sector. 2) LE can type "show ip bgp" too and only needs to hit a whois server once per ASN. 3) There is a bulk whois policy. Whether "hi, we now have the reins of a compromised botnet or whatever and want to reach out to let people know that they're pwn3d" falls under the rubric of "Internet operational or technical research purposes pertaining to Internet operations" is left as an exercise to the reader. Section 3.1 of the NRPM says that Bulk Whois "... point of contact information will not include data marked as private." As I outlined in #2 above, a full or partial dump is not really something that's necessary. https://www.arin.net/resources/agreements/bulkwhois.pdf I'm pretty confident there were no policy violations here. -r
On Thu, Feb 02, 2012 at 05:57:23AM -0500, Robert E. Seastrom wrote:
bmanning@vacation.karoshi.com writes:
I missed the part where ARIN turned over its address database w/ associatedd registration information to the Fed ... I mean I've always advocated for LEO access, but ther has been significant pushback fromm the community on unfettered access to that data. As I recall, there are even policies and processes to limit/restrict external queries to prevent a DDos of the whois servers. And some fairly strict policies on who gets dumps of the address space. As far as I know (not very far) bundling the address database -and- the registration data are not available to mere mortals.
So - just how DID the Fed get the data w/o violating ARIN policy?
Hi Bill,
In case you're not trolling here (occam's razor says I'm giving you too much credit), a few points:
1) There has been substantial involvement by Federal LE at ARIN PPMs in terms of pushing for policy that makes WHOIS data more accurate... including one person who served on the ARIN AC after he went to work in the private sector.
2) LE can type "show ip bgp" too and only needs to hit a whois server once per ASN.
3) There is a bulk whois policy. Whether "hi, we now have the reins of a compromised botnet or whatever and want to reach out to let people know that they're pwn3d" falls under the rubric of "Internet operational or technical research purposes pertaining to Internet operations" is left as an exercise to the reader.
Section 3.1 of the NRPM says that Bulk Whois "... point of contact information will not include data marked as private."
As I outlined in #2 above, a full or partial dump is not really something that's necessary.
https://www.arin.net/resources/agreements/bulkwhois.pdf
I'm pretty confident there were no policy violations here.
-r
sigh... will have to look elsewhere for the tri-lateral commission. /bill
I'll admit there tokens are a bit crazy I had to enter it in about 5 times to figure out if the characters where 1's l's I's ect. Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com -----Original Message----- From: Bryan Horstmann-Allen <bdha@mirrorshades.net> Reply-To: <bdha@mirrorshades.net> Date: Fri, 27 Jan 2012 13:16:27 -0500 To: Carlos Alcantar <carlos@race.com> Cc: "nanog@nanog.org" <nanog@nanog.org> Subject: Re: US DOJ victim letter +-------------------------------------------------------------------------- ---- | On 2012-01-27 18:12:16, Carlos Alcantar wrote: | | Today it looks like we have received the letter from the DOJ which gives | us login information, for listing of ip's within our network that where | affected with date and time stamps. Anyone else get these yet? I have. The login doesn't work (for me). htauth pops up on fbi.gov, creds don't auth. Bit odd, if it's a phish. Even more odd if it's actually from the Fed. Cheers. -- bdha cyberpunk is dead. long live cyberpunk.
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
+------------------------------------------------------------------------------ | On 2012-01-27 18:12:16, Carlos Alcantar wrote: | | Today it looks like we have received the letter from the DOJ which gives | us login information, for listing of ip's within our network that where | affected with date and time stamps. Anyone else get these yet?
I have. The login doesn't work (for me). htauth pops up on fbi.gov, creds don't auth.
Ours didn't work initially either. Eventually it did.
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible. We got numerous copies to the same email address, the logins didn't work initially. The phone numbers given are of questionable utility. Virtually no useful information was provided. My attitude at this point is, ignore it until they provide some useful information. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 1/27/2012 2:23 PM, Jon Lewis wrote:
It's definitely real, but seems like they're handling it as incompetently as possible. We got numerous copies to the same email address, the logins didn't work initially. The phone numbers given are of questionable utility. Virtually no useful information was provided. My attitude at this point is, ignore it until they provide some useful information.
We finally got the hard copy. No customer IP listed, just our recursive resolvers, both for the customers as well as the ones that handle the MX servers. All that waiting and work for apparently nothing. I'm going to guess that my bind servers aren't malware infected (outside of being bind j/king). Jack
----- Original Message -----
From: "Jack Bates" <jbates@brightok.net> To: "Jon Lewis" <jlewis@lewis.org> Cc: nanog@nanog.org Sent: Monday, January 30, 2012 10:54:02 AM Subject: Re: US DOJ victim letter
On 1/27/2012 2:23 PM, Jon Lewis wrote:
It's definitely real, but seems like they're handling it as incompetently as possible. We got numerous copies to the same email address, the logins didn't work initially. The phone numbers given are of questionable utility. Virtually no useful information was provided. My attitude at this point is, ignore it until they provide some useful information.
We finally got the hard copy. No customer IP listed, just our recursive resolvers, both for the customers as well as the ones that handle the MX servers.
All that waiting and work for apparently nothing. I'm going to guess that my bind servers aren't malware infected (outside of being bind j/king).
Same here, The hard copy came the other day with the access codes to download the IP list. Every IP on the list was for a resolving DNS server on our IP space. Total waste of time.
+1 on only IP's on the list where our resolver dns servers for customers. Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com -----Original Message----- From: Matthew Crocker <matthew@corp.crocker.com> Date: Mon, 30 Jan 2012 10:56:10 -0500 To: Jack Bates <jbates@brightok.net> Cc: "nanog@nanog.org" <nanog@nanog.org> Subject: Re: US DOJ victim letter ----- Original Message -----
From: "Jack Bates" <jbates@brightok.net> To: "Jon Lewis" <jlewis@lewis.org> Cc: nanog@nanog.org Sent: Monday, January 30, 2012 10:54:02 AM Subject: Re: US DOJ victim letter
On 1/27/2012 2:23 PM, Jon Lewis wrote:
It's definitely real, but seems like they're handling it as incompetently as possible. We got numerous copies to the same email address, the logins didn't work initially. The phone numbers given are of questionable utility. Virtually no useful information was provided. My attitude at this point is, ignore it until they provide some useful information.
We finally got the hard copy. No customer IP listed, just our recursive resolvers, both for the customers as well as the ones that handle the MX servers.
All that waiting and work for apparently nothing. I'm going to guess that my bind servers aren't malware infected (outside of being bind j/king).
Same here, The hard copy came the other day with the access codes to download the IP list. Every IP on the list was for a resolving DNS server on our IP space. Total waste of time.
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right. Man, I'm feeling left out. I kinda want one now. phil
I really enjoyed the fact that I called the number, on what I learned later was a "Sample", and when I picked the option to speak with an agent I got "The mailbox is full" message. I feel safe... Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 01/31/2012 7:38 PM, Phil Dyer wrote:
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis<jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right.
Man, I'm feeling left out. I kinda want one now.
phil
Folks, I received a DoJ Victim Notification letter yesterday, which was pretty amazing considering the fact that I don't run a network. My letter referenced "United States v. Menachem Youlus". I suspect that the letters that you guys received referenced a different case. Do I have that right? Ron
-----Original Message----- From: Phil Dyer [mailto:phil@cluestick.net] Sent: Tuesday, January 31, 2012 7:39 PM To: nanog@nanog.org Subject: Re: US DOJ victim letter
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right.
Man, I'm feeling left out. I kinda want one now.
phil
Mine is showing "United States v. Vladimir Tsastsin" Carlos Alcantar Race Communications / Race Team Member 101 Haskins Way, So. San Francisco, CA. 94080 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com -----Original Message----- From: Ronald Bonica <rbonica@juniper.net> Date: Tue, 31 Jan 2012 20:29:52 -0500 To: Phil Dyer <phil@cluestick.net>, "nanog@nanog.org" <nanog@nanog.org> Subject: RE: US DOJ victim letter Folks, I received a DoJ Victim Notification letter yesterday, which was pretty amazing considering the fact that I don't run a network. My letter referenced "United States v. Menachem Youlus". I suspect that the letters that you guys received referenced a different case. Do I have that right? Ron
-----Original Message----- From: Phil Dyer [mailto:phil@cluestick.net] Sent: Tuesday, January 31, 2012 7:39 PM To: nanog@nanog.org Subject: Re: US DOJ victim letter
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right.
Man, I'm feeling left out. I kinda want one now.
phil
If the IP list is pointing to DNS servers, they maybe referring to the following: http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf On Jan 31, 2012, at 7:38 PM, Phil Dyer wrote:
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right.
Man, I'm feeling left out. I kinda want one now.
phil
I received one on an IP block that were SWIPed to me. Has anyone written a regular expression which matches the rogue dns server IP ranges in question? - 85.255.112.0 through 85.255.127.255; - 67.210.0.0 through 67.210.15.255; - 93.188.160.0 through 93.188.167.255; - 77.67.83.0 through 77.67.83.255; - 213.109.64.0 through 213.109.79.255; - 64.28.176.0 through 64.28.191.255; On Wed, Feb 1, 2012 at 8:32 AM, TFML <mailinglist@theflux.net> wrote:
If the IP list is pointing to DNS servers, they maybe referring to the following:
http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
On Jan 31, 2012, at 7:38 PM, Phil Dyer wrote:
On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
It's definitely real, but seems like they're handling it as incompetently as possible.
Yep. That sounds about right.
Man, I'm feeling left out. I kinda want one now.
phil
participants (25)
-
-Hammer- -
Alan Clegg -
bmanning@vacation.karoshi.com -
Bryan Horstmann-Allen -
Carlos Alcantar -
Chris Adams -
Jack Bates -
Jay Hennigan -
Jon Lewis -
Martin Hannigan -
Matthew S. Crocker -
Mike -
Mike Andrews -
PC -
Phil Dyer -
Randy Epstein -
Robert Bonomi -
Robert E. Seastrom -
Ronald Bonica -
Ryan Gelobter -
Ryan Pavely -
Sean Donelan -
TFML -
Todd Lyons -
Valdis.Kletnieks@vt.edu