June 29, 2006

wiretapping for fun and national security

according to 23B stroke 6, you can tell whether the nsa is monitoring your internet activity:
Perhaps the most interesting — and, in retrospect, obvious — point Marcus makes is that AT&T customers aren’t the only ones apparently being tapped. “Transit” traffic originating with one ISP and destined for another is also being sniffed if it crosses AT&T’s network. Ironically, because the taps are installed at the point at which that network connects to the rest of the world, the safest web surfers are AT&T subscribers visiting websites hosted on AT&T’s network. Their traffic doesn’t pass through the splitters.

If you’re a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you’re interested in. Watch as the program spits out your route, line by line.

The magic string you’re looking for is sffca.ip.att.net. If it’s present immediately above or below a non-att.net entry, then — by Klein’s allegations — your packets are being copied into room 641A, and from there, illegally, to the NSA.

Of course, if Marcus is correct and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign.

ok, so looking at my traceroute, i find: 
C:\WINDOWS\system32>tracert boingboing.net

Tracing route to boingboing.net [204.11.50.136]
over a maximum of 30 hops:

  5    43 ms     *       13 ms  10g-8-1-ur01.sfsutro.ca.sfba.comcast.net [68.87.226.45]
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8    16 ms    11 ms    14 ms  12.116.188.5
  9    78 ms    77 ms    78 ms  tbr1011401.sffca.ip.att.net [12.123.12.122]
 10    76 ms    83 ms    76 ms  tbr1-cl1.cgcil.ip.att.net [12.122.10.5]
 11    75 ms    74 ms    74 ms  tbr1-cl14.n54ny.ip.att.net [12.122.10.1]
 12    72 ms    72 ms    73 ms  sar1-a300s3.n54ny.ip.att.net [12.123.0.153]
 13     *        *        *     Request timed out.
 14   176 ms    88 ms    86 ms  3.ge-3-0-0.gbr2.nwr.nac.net [209.123.11.189]
 15   103 ms   107 ms   123 ms  0.so-0-3-0.gbr1.tto.nac.net [209.123.11.226]
 16    99 ms    98 ms   104 ms  gi-1-1.msfc01.tor1.prioritycolo.com [204.11.48.249]
 17   100 ms   102 ms    98 ms  boingboing.net [204.11.50.136]

Trace complete.
well, that’s not a good sign, is it? on the other hand, if i use the vpn and trace a route starting from the corporate network, the results are a little different: 

C:\WINDOWS\system32>tracert boingboing.net

Tracing route to boingboing.net [204.11.50.136]
over a maximum of 30 hops:

  5    30 ms    32 ms    24 ms  sl-gw3-sj-1-0-0.sprintlink.net [144.228.111.113]
  6    21 ms    23 ms    21 ms  sl-bb21-sj-1-3.sprintlink.net [144.232.3.49]
  7    21 ms    21 ms    23 ms  sl-bb24-sj-12-0.sprintlink.net [144.232.3.202]
  8    56 ms    36 ms    33 ms  sl-bb20-ana-6-0.sprintlink.net [144.232.20.100]
  9    49 ms    31 ms    31 ms  144.232.1.170
 10    33 ms    30 ms    36 ms  sl-st20-la-13-0.sprintlink.net [144.232.20.67]
 11    28 ms    30 ms    32 ms  144.232.9.54
 12   109 ms   162 ms   110 ms  217.239.40.78
 13   108 ms   109 ms   109 ms  62.153.203.226
 14   149 ms   106 ms   107 ms  boingboing.net [204.11.50.136]

Trace complete.
no side trips to the alleged wiretap site. i suppose i could try my speakeasy dsl as well, but then i’d have to go and rewire stuff.

moral of the story: do your terrorist surfing from work.

Posted at June 29, 2006 10:54 AM
Comments

is there a way to do the same trace on a mac? i couldn’t find one…

Posted by: roo at June 30, 2006 11:12 AM

open up the terminal in your apps/utilities and use “traceroute fifaworldcup.com” or whatever

Posted by: e at June 30, 2006 11:14 AM

Comments are now closed for this entry. Thank you for playing.