[Air-l] Fwd: [IP] The Newbie's Guide to Detecting the NSA

Deanya Lattimore mdlattim at syr.edu
Fri Jun 30 14:54:14 PDT 2006 

On a Mac, you have a utility in your Applications/Utilities folder 
called "Network Utility."  Fire that bad baby up and click the 
Traceroute tab.

:-)
Deanya
ps.  My traceroute to the nsa.gov website yielded a Washington att addy:
Traceroute has started ...

traceroute to www.nsa.gov (12.110.110.204), 30 hops max, 40 byte packets
  1  * * *
  2  10.64.192.1 (10.64.192.1)  16.864 ms  8.668 ms  8.852 ms
  3  24.93.66.217 (24.93.66.217)  36.065 ms  15.131 ms  8.322 ms
  4  srp8-0.chrlncsa-rtr3.carolina.rr.com (24.93.70.193)  9.485 ms  
10.738 ms  9.548 ms
  5  pos3-0.chrlncsa-rtr2.southeast.rr.com (24.93.66.229)  10.072 ms  
19.009 ms  11.896 ms
  6  son0-0-3.chrlncsa-rtr6.carolina.rr.com (24.93.64.61)  10.997 ms  
9.441 ms  15.82 ms
  7  so-4-2-0.gar1.atlanta1.level3.net (4.78.212.81)  23.722 ms 
so-4-1-0-0.gar1.atlanta1.level3.net (4.78.212.85)  20.034 ms 
so-4-2-0.gar1.atlanta1.level3.net (4.78.212.81)  15.704 ms
  8  ae-1-51.bbr1.atlanta1.level3.net (4.68.103.1)  25.306 ms  18.506 ms 
  22.067 ms
  9  ae-0-0.bbr2.washington1.level3.net (4.68.128.210)  38.877 ms  
34.123 ms ae-2-0.bbr1.washington1.level3.net (4.68.128.201)  29.133 ms
10  ae-23-56.car3.washington1.level3.net (4.68.121.176)  29.952 ms 
ae-13-53.car3.washington1.level3.net (4.68.121.80)  39.555 ms 
ae-13-51.car3.washington1.level3.net (4.68.121.16)  39.004 ms
11  att-level3-oc192.washington1.level3.net (4.68.127.154)  36.172 ms 
att-level3-oc192.washington1.level3.net (209.244.219.142)  35.978 ms 
att-level3-oc192.washington1.level3.net (4.68.127.154)  35.521 ms
12  tbr1-p014001.wswdc.ip.att.net (12.123.8.98)  39.912 ms  33.636 ms  
30.397 ms
13  ar2-a3120s6.wswdc.ip.att.net (12.123.8.65)  27.49 ms  32.825 ms  
34.182 ms
14  12.127.209.214 (12.127.209.214)  31.543 ms 12.127.209.218 
(12.127.209.218)  32.556 ms  43.559 ms
15  12.110.110.131 (12.110.110.131)  39.161 ms  43.021 ms  48.213 ms

On Friday, June 30, 2006, at 08:50 AM, Jeremy Hunsinger wrote:

> a little sousveillance of the surveillance...
>
> from interesting people:
>
>>
>>
>>     This entry from the blog at wired.com might be good for the IP
>> list. The best part is at the end. Good old traceroute!
>> --------------------------------------------------------
>> The Newbie's Guide to Detecting the NSA
>> http://blog.wired.com/27BStroke6/#1510938 ... "With that in mind,
>> here's the 27B Stroke 6 guide to detecting if your traffic is being
>> funneled into the secret room on San Francisco's Folsom street. If
>> you're a Windows user, fire up an MS-DOS command prompt. Now type
>> tracert followed by the domain name of the website, e-mail host,
>> VoIP switch, or whatever destination you're interested in. Watch as
>> the program spits out your route, line by line. C:\> tracert
>> nsa.gov 1 2 ms 2 ms 2 ms 12.110.110.204 [...] 7 11 ms 14 ms 10 ms
>> as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218] 8 13 12 19 ms
>> ae-23-56.car3.SanJose1.Level3.net [4.68.123.173] 9 18 ms 16 ms 16
>> ms 192.205.33.17 10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
>> [12.123.13.186] 11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
>> [12.122.10.41] 12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
>> [12.122.10.29] 13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net
>> [12.123.8.65] 14 102 ms 93 ms 112 ms 12.127.209.214 15 94 ms 94 ms
>> 93 ms 12.110.110.13 16 * * * 17 * * * 18 * * In the above example,
>> my traffic is jumping from Level 3 Communications to AT&T's network
>> in San Francisco, presumably over the OC-48 circuit that AT&T
>> tapped on February 20th, 2003, according to the Klein docs. The
>> magic string you're looking for is sffca.ip.att.net. If it's
>> present immediately above or below a non-att.net entry, then -- by
>> Klein's allegations -- your packets are being copied into room
>> 641A, and from there, illegally, to the NSA. Of course, if Marcus
>> is correct and AT&T has installed these secret rooms all around the
>> country, then any att.net entry in your route is a bad sign.
>>
>> -------------------------------------
>> You are subscribed as jhuns at vt.edu
>> To manage your subscription, go to
>>  http://v2.listbox.com/member/?listname=ip
>>
>> Archives at: http://www.interesting-people.org/archives/interesting-
>> people/
>
> Jeremy Hunsinger
> Center for Digital Discourse and Culture
> () ascii ribbon campaign - against html mail
> /\ - against microsoft attachments
>
> http://www.aoir.org The Association of Internet Researchers
> http://www.stswiki.org/ stswiki
> http://cfp.learning-inquiry.info/  LI-the journal
> http://transdisciplinarystudies.tmttlt.com/  Transdisciplinary
> Studies:the book series
>
>
> _______________________________________________
> The air-l at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: 
> http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
>
> Join the Association of Internet Researchers:
> http://www.aoir.org/
>

More information about the Air-L mailing list