From: jwarren@well.com (Jim Warren)
To: Stephen Whitaker <cypherpunks@toad.com
Message Hash: 3322ec5d67f33a2d4b2596e09ea0477fdf3b144bc7e489e1a78254fd25752b98
Message ID: <v02120d1bacc2e9d5eaf4@[206.15.66.109]>
Reply To: N/A
UTC Datetime: 1995-11-05 22:44:42 UTC
Raw Date: Mon, 6 Nov 1995 06:44:42 +0800
From: jwarren@well.com (Jim Warren)
Date: Mon, 6 Nov 1995 06:44:42 +0800
To: Stephen Whitaker <cypherpunks@toad.com
Subject: Re: whose watchin the watchers -- I GOT THE EXPLANATIONS OKAY
Message-ID: <v02120d1bacc2e9d5eaf4@[206.15.66.109]>
MIME-Version: 1.0
Content-Type: text/plain
At 04:19 PM 11/05/95, Stephen Whitaker wrote:
>The following is an exerpt is from Jim Warren's listserv, GovAccess 183.
>
>Are there folks on this list who have insights or definitive information on
>this topic?
>
>Are there ways for someone with access to modify router tables to constantly
>create alternate paths at other routers which would serve to end-around any
>such snoops?
>
>***********begin_included_text*************************
>
>&&&&&&&&&&&&&&&&&&&&
>
>
>Is Someone Already Watching All International Net Traffic?
>
>The following is the transcript of an actual communications trace that a
>friend ran, while I was sitting next to him, watching -- reprinted here
>with his permission.
>
>He did a "traceroute" of two messages that he sent from his machine in
>Switzerland ...
Folks,
I've received ample explanations/corrections to my naive paranoia.
The following will be posted in GovAccess.184, within an hour or two.
Many thanks.
--blushing-jim
Jim Warren, GovAccess list-owner/editor (jwarren@well.com)
Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc.
345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request>
[puffery: John Dvorak Lifetime Achievement Award (1995); James Madison
Freedom-of-Information Award, Soc. of Professional Journalists - Nor.Cal.
(1994); Hugh Hefner First-Amendment Award, Playboy Foundation (1994);
Pioneer Award, Electronic Frontier Foundation (its first year, 1992);
founded the Computers, Freedom & Privacy confs, InfoWorld; blah blah blah :-).]
=== EXPLANATION OF WHAT GOVACCESS IS & WHERE TO FIND ITS ARCHIVES ===
GovAccess is a list distributing irregular info & advocacy regarding
technology and civil liberties, citizen access to government - and
government access to citizens, covert and overt.
To add or drop GovAccess, email to Majordomo@well.com ('Subject' ignored)
with message: [un]subscribe GovAccess YourEmailAddress (insert your eaddr)
For brief description of GovAccess, send the message: info GovAccess
===this will be posted in GovAccess.184===
Enlightenment Regarding European Net Traffic Flowing Through Numbered Sites
If I'm gonna let my net-surveillance paranoias burn brightly, I better
learn more about the technology. Which is to say, I goofed:
In #183, yesterday eve, I flamed forth about how a friend traced his
messages from Switzerland to San Jose CA and to Israel -- and discovered
that they "went through an unnamed site -- 134.222.9.1 and then a
strangely-named site, "lp (134.222.35.2)" -- then through the same Vienna,
Virginia (USA) site ... and thereafter, on to their destination."
With beady eye and suspicious mind, I then entoned, "Now let me see ...
which spy agencies are located in or near Virginia?"
Well, half a dozen net-*literate* technoids quickly corrected the errors of
my ways:
>Date: Sun, 5 Nov 1995 08:25:17 +0100
>Subject: GA183 booboo
>To: jwarren@well.com
>From: nobody@REPLAY.COM (Anonymous) [apparently an anonymous remailer --jim]
>Organization: RePLaY aND CoMPaNY UnLimited
>XComm: Replay may or may not approve of the content of this posting
>XComm: Report misuse of this automated service to <postmaster@REPLAY.COM>
>
>Jim--
> Great work, but you've got to be more careful. ...
>
>I ran it by Cypherpunks and, within a half-hour, got ... [among others] ...
>
>From: Richard Huddleston <reh@wam.umd.edu>
>Date: Sun, 5 Nov 1995 01:55:09 -0500
>To: cypherpunks@toad.com, nobody@REPLAY.COM
>Subject: Re: lp (134.222.35.2)?
>Sender: owner-cypherpunks@toad.com
>
>134.222.0.0 is a Class B network, so if you do 'whois' on 134.222.0.0
>(instead of the individual IP addresses) you find:
>
>European Unix Users Group (NET-EUNET-X25)
> Kruislaan 413
> NL-1098 SJ Amsterdam
> NETHERLANDS
>...
and
>X-Pgp-Fingerprint: 01107BAB1C85F1B49358D98FEAD4339E
>Date: Sat, 4 Nov 1995 23:01:42 -0800
>To: cypherpunks@toad.com
>From: Stephan Somogyi <somogyi@digmedia.com>
>...
>>> Now let me see ... which spy agencies are located in or near Virginia?
>
>Oh please.
>
>The probable reason that the InterNIC doesn't know about the
>132.222.0.0 networks is because they're in Europe. If you search for
>either of the network numbers of the IP addresses mentioned above in
>the RIPE database <http://www.ripe.net/>, you will find that they
>belong to the EUnet backbone.
>
>After pinging 134.222.9.1 successfully, I telnetted to it and it
>claimed, quite plausibly, that it's a device (presumably a router) in
>Amsterdam. I am currently unable to ping 134.222.35.2; this, however,
>fills me with no dread whatsoever.
>
>Stephan Somogyi Senior Editor Digital Media
and
>Date: Sun, 05 Nov 1995 13:42:55 -0800
>From: John Fricker <jfricker@vertexgrp.com>
>Subject: Return of Paranoia and Vienna
>
>Using nslookup to reverse resolve 134.222.15.2 reveals it to be
>"Oslo1.NO.EU.net" and 134.222.9.1 to be "Amsterdam4.NL.EU.net".
>
>Now this doesn't mean they are not nefarious, packet sniffing spy-boxes
>since I doubt the spooks would name their routers
>"cloak-and-dagger1.cia.gov".
>
>It still is strange that it is cheaper for UUnet/EUnet to route traffic
>across the Atlantic to get to Isreal instead of developping a continental
>backbone. In many ways the architecture of the Internet is still rather
>primitive.
>
>john fricker
>dir research and development
>The Vertex Group, Inc.
followed by
>Date: Sun, 05 Nov 1995 13:23:06 -0800
>From: John Fricker <jfricker@vertexgrp.com>
>Subject: Paranoia and Vienna
>
>Now, Jim I think you're a touch paranoid here. And after reading the
>latest about the FBI wire tap bill I don't blame you ;)
>
>134.222.0.0 is in the EU domain so most likely both of those routers are
>European. The packets then went into UU Net Technologies Vienna hub. I did
>a traceroute from me to 193.8.230.64 and went through two EU.net routers
>in Vienna, VA. Vienna must be one fiberous town! Sure would make for a
>nice little listening post for nosy ears. I don't know off hand the
>relationship between EUnet and UUnet but I would guess that they are more
>than just friendly. Microsoft bought a minority interest in UUnet which
>inspired UUnet to grow rapidly. (Now there's another tidbit for paranoia!)
===
Oh ... sez I <blusing>.
So the remaining question was -- why would a msg from Switzerland go
through Alternet in Virginia on its way to Israel? I asked several of the
[many] folks who enlightened me re the numbered sites, and within minutes,
got back:
>From: Tim Pozar <pozar@kumr.lns.com>
>Date: Sun, 5 Nov 1995 11:28:44 -0800 (PST)
>
>...
>> So the only remaining question is ... why should a Swizz msg go thru
>> Alternet in Virginia in order to get to Israel?
>
>A number of links go through there. Most of this is tied up with
>politics and policies with the links that go over to Europe and
>little to do with the NSA. ...
Which leaves me without any inflamatory paranoia at all ... except to
wonder about those "politics and policies" that cause traffic from and to
European sites to flow through a site near the NSA and CIA.
===
To which, I just received this additional response -- email traffic's hot
'n' heavy (sender prefers to be anon :-):
Almost certainly just a matter of available capacity or administrative
issues. There may be higher bandwidth routes available from both of those
points to the U.S., rather than directly to each other, so the traffic is
routed that way. There are often administrative issues too--that is,
sometimes the direct routes are controlled by some company or group to which
a different net doesn't subscribe, and they have to route differently,
through entities that they both subscribe to or have agreements with (e.g.
Alternet). This happens a bunch in Europe (and here for that matter--it's
part of the reason that some traffic from L.A. to S.F. used to route through
Atlanta or NY or similar places--and still can (depending on the service
providers). The topology of the net is "logically" sensible, but not
necessarily geographically so...
--spooky jim, who can't tell a carburator from a crankshaft, net-wise
&&&&&&&&&&&&&&&&&&&&
Net Police, Take Note: Net is the Fastest Self-Correcting Human System I Know
On the upside of the above notes is that they [again] illustrate how
quickly the net corrects erroneous postings -- which is my answer to all
those who howl for censorship or content-control of the net, "because it
distributes incorrect information."
It does -- but it also distributes, uh, "vigorous" corrections to any iota
of intended or naive imperfection in a posting, at least to the extent that
such postings receive significant circulation on the net. (And if they
don't, then they are little different than the erroneous information that
people exchange by voice and phone, every day.)
And woe be unto the reputation of anyone who appears to have posted
*intentionally* incorrect or biased-incomplete information -- who get
vigorously torched in the process of getting corrected. :-)
I think it was John Perry Barlow who observed that, the best way to get a
question answered on the net, was to post it in the form of an erroneous
statement.
--jim
Return to November 1995
Return to “jwarren@well.com (Jim Warren)”
1995-11-05 (Mon, 6 Nov 1995 06:44:42 +0800) - Re: whose watchin the watchers – I GOT THE EXPLANATIONS OKAY - jwarren@well.com (Jim Warren)