Yeah...WTF? Those taps were optical, and at the OC-N level. Layer 3 wasn't involved and IP traffic not re-routed through the NSA panopticon. In other words, NSA got an OPTICAL copy of the the optical signal and then sent that COPY into their own Intelligence Black Hole. Your packets never even knew that was going on. -TD

From: Eugen Leitl <eugen@leitl.org> To: cypherpunks@jfet.org Subject: [dave@farber.net: [IP] The Newbie's Guide to Detecting the NSA] Date: Fri, 30 Jun 2006 14:48:09 +0200

Which idiot would assume his specific location is excluded? Especially, if it's a long-distance (transcontinental) link?

----- Forwarded message from David Farber <dave@farber.net> -----

From: David Farber <dave@farber.net> Date: Fri, 30 Jun 2006 08:40:08 -0400 To: ip@v2.listbox.com Subject: [IP] The Newbie's Guide to Detecting the NSA X-Mailer: Apple Mail (2.752.2) Reply-To: dave@farber.net

Begin forwarded message:

From: John Bartas <jbartas@speakeasy.net> Date: June 30, 2006 3:38:22 AM EDT To: dave@farber.net Subject: The Newbie's Guide to Detecting the NSA

Dave,

This entry from the blog at wired.com might be good for the IP list. The best part is at the end. Good old traceroute! -------------------------------------------------------- The Newbie's Guide to Detecting the NSA http://blog.wired.com/27BStroke6/#1510938 ... "With that in mind, here's the 27B Stroke 6 guide to detecting if your traffic is being funneled into the secret room on San Francisco's Folsom street. If you're a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in. Watch as the program spits out your route, line by line. C:\> tracert nsa.gov 1 2 ms 2 ms 2 ms 12.110.110.204 [...] 7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218] 8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net [4.68.123.173] 9 18 ms 16 ms 16 ms 192.205.33.17 10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net [12.123.13.186] 11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41] 12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29] 13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65] 14 102 ms 93 ms 112 ms 12.127.209.214 15 94 ms 94 ms 93 ms 12.110.110.13 16 * * * 17 * * * 18 * * In the above example, my traffic is jumping from Level 3 Communications to AT&T's network in San Francisco, presumably over the OC-48 circuit that AT&T tapped on February 20th, 2003, according to the Klein docs. The magic string you're looking for is sffca.ip.att.net. If it's present immediately above or below a non-att.net entry, then -- by Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA. Of course, if Marcus is correct and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign.

------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]