From: shields@tembel.org (Michael Shields)
Date: Sun, 5 Nov 1995 19:17:23 +0800
To: cypherpunks@toad.com
Subject: Re: lp (134.222.35.2)?
In-Reply-To: <199511050620.HAA14046@utopia.hacktic.nl>
Message-ID: <47i5na$24d@yage.tembel.org>
MIME-Version: 1.0
Content-Type: text/plain


In article <199511050620.HAA14046@utopia.hacktic.nl>,
Anonymous <nobody@REPLAY.COM> wrote:
> I'm sure some of you will have seen this, so sorry to toss logs on the
> listburn fire; still, it seemed worth reposting to CP--no, it's not
> entirely crypto-related, but nor is it a completely vague allegation.

It's specious.

> >  Notice that both messages went through an unnamed site -- 134.222.9.1 and
> >  then a strangely-named site, "lp (134.222.35.2)"

Belonging to the EUnet backbone, apparently run by people who don't care
much about DNS.

Actually, I resolve 134.222.9.1 as `Amsterdam4.NL.EU.net'.  I can ping
it, but not 134.222.35.2.  134.222.35/24 also does not appear in the
RIPE registry.  I'm going to conclude that it was a temporary thing EUnet
set up for some reason.  It seems to have been replaced by amsterdam6,
134.222.228.13.

> > -- then through the same
> >  Vienna, Virginia (USA) site ...

...a major router at a major interconnect run by UUNET, a major provider.
datasrv appaently contracted with UUNET for traffic.  Naturally it would
go through their network, which is centered in the US.

Why isn't the NSA tapping biu.ac.il, a central Israeli news site?
Routing from Net99 to them is through IBM.

> >  The whois servers at the InterNIC and at nic.ddn.mil for MILNET Information
> >  report, ``No match for "134.222.9.1". '' and `` No match for
> >  "134.222.35.2".''

They are not comprehensive.  You need to look up the network.

This is silly.  If the NSA were monitoring traffic with the consent of
EUnet and UUNET (and note that EUnet is owned by UUNET rival PSI), they
wouldn't need to play these routing games; they'd just eavesdrop at an
interconnect or on the leased lines leading into it, run a rough filter
over it to cut down volume, and tunnel the traffic home through other
channels (probably satellite).  And if they were monitoring without the
consent of UUNET and EUnet, they still wouldn't play these games because
the providers would be upset about the unexpected load on the expensive
and overloaded transatlantic pipes.

Finally, we all know how easy sniffing is at the local (LAN, ISP LAN,
and especially telco) level.  And we know that end-to-end encryption
is the way to go.  So what would we have learned if we knew the NSA
was eavesdropping?

Just *assume* the NSA is out to get you, design systems that resist
attack, and then you can stop caring about whether you're the target.

And tell your vendor you want Kerberos or IPSEC.
-- 
Shields.