Yeah...WTF?
Those taps were optical, and at the OC-N level. Layer 3 wasn't involved and
IP traffic not re-routed through the NSA panopticon. In other words, NSA got
an OPTICAL copy of the the optical signal and then sent that COPY into their
own Intelligence Black Hole. Your packets never even knew that was going on.
-TD
From: Eugen Leitl <eugen@leitl.org>
To: cypherpunks@jfet.org
Subject: [dave@farber.net: [IP] The Newbie's Guide to Detecting the NSA]
Date: Fri, 30 Jun 2006 14:48:09 +0200
Which idiot would assume his specific location is excluded? Especially,
if it's a long-distance (transcontinental) link?
----- Forwarded message from David Farber <dave@farber.net> -----
From: David Farber <dave@farber.net>
Date: Fri, 30 Jun 2006 08:40:08 -0400
To: ip@v2.listbox.com
Subject: [IP] The Newbie's Guide to Detecting the NSA
X-Mailer: Apple Mail (2.752.2)
Reply-To: dave@farber.net
Begin forwarded message:
From: John Bartas <jbartas@speakeasy.net>
Date: June 30, 2006 3:38:22 AM EDT
To: dave@farber.net
Subject: The Newbie's Guide to Detecting the NSA
Dave,
This entry from the blog at wired.com might be good for the IP
list. The best part is at the end. Good old traceroute!
--------------------------------------------------------
The Newbie's Guide to Detecting the NSA
http://blog.wired.com/27BStroke6/#1510938 ... "With that in mind,
here's the 27B Stroke 6 guide to detecting if your traffic is being
funneled into the secret room on San Francisco's Folsom street. If
you're a Windows user, fire up an MS-DOS command prompt. Now type
tracert followed by the domain name of the website, e-mail host, VoIP
switch, or whatever destination you're interested in. Watch as the
program spits out your route, line by line. C:\> tracert nsa.gov 1 2
ms 2 ms 2 ms 12.110.110.204 [...] 7 11 ms 14 ms 10 ms
as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218] 8 13 12 19 ms
ae-23-56.car3.SanJose1.Level3.net [4.68.123.173] 9 18 ms 16 ms 16 ms
192.205.33.17 10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net
[12.123.13.186] 11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net
[12.122.10.41] 12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net
[12.122.10.29] 13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net
[12.123.8.65] 14 102 ms 93 ms 112 ms 12.127.209.214 15 94 ms 94 ms 93
ms 12.110.110.13 16 * * * 17 * * * 18 * * In the above example, my
traffic is jumping from Level 3 Communications to AT&T's network in
San Francisco, presumably over the OC-48 circuit that AT&T tapped on
February 20th, 2003, according to the Klein docs. The magic string
you're looking for is sffca.ip.att.net. If it's present immediately
above or below a non-att.net entry, then -- by Klein's allegations --
your packets are being copied into room 641A, and from there,
illegally, to the NSA. Of course, if Marcus is correct and AT&T has
installed these secret rooms all around the country, then any att.net
entry in your route is a bad sign.
-------------------------------------
You are subscribed as eugen@leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]