From: Stephen Whitaker <whitaker@sover.net>
Date: Mon, 6 Nov 1995 05:28:19 +0800
To: cypherpunks@toad.com
Subject: whose watchin the watchers
Message-ID: <199511052119.QAA28698@maple.sover.net>
MIME-Version: 1.0
Content-Type: text/plain


The following is an exerpt is from Jim Warren's listserv, GovAccess 183.

Are there folks on this list who have insights or definitive information on
this topic?

Are there ways for someone with access to modify router tables to constantly
create alternate paths at other routers which would serve to end-around any
such snoops?

***********begin_included_text*************************

&&&&&&&&&&&&&&&&&&&&


Is Someone Already Watching All International Net Traffic?

The following is the transcript of an actual communications trace that a
friend ran, while I was sitting next to him, watching -- reprinted here
with his permission.

He did a "traceroute" of two messages that he sent from his machine in
Switzerland (he'd telneted into it while we were at a computer conference
in California).

Traceroute automatically reports each Internet node through which a message
passes, as it proceeds from origin to destination.

He did two traceroutes.  The first was from Switzerland to an addressee at
Netcom in San Jose, California.  The second was from Switzerland to an
addressee in Israel.


Date: Fri, 21 Apr 95 02:54:58 +0200
From: kelvin@fourmilab.ch (John Walker)
To: jwarren@well.com
Subject: Traceroute

> /usr2/kelvin> traceroute netcom11.netcom.com
traceroute to netcom11.netcom.com (192.100.81.121), 30 hops max, 40 byte packets
 1  eunet-router (193.8.230.64)  2 ms  2 ms  2 ms
 2  146.228.231.1 (146.228.231.1)  326 ms  345 ms  307 ms
 3  Bern5.CH.EU.NET (146.228.14.5)  447 ms  408 ms  364 ms
 4  146.228.107.1 (146.228.107.1)  127 ms  37 ms  36 ms
 5  Zuerich1.CH.EU.NET (146.228.10.80)  37 ms  38 ms  175 ms
 6   (134.222.9.1)  65 ms  109 ms  252 ms
 7  lp (134.222.35.2)  196 ms  179 ms  405 ms
 8  Vienna1.VA.ALTER.NET (137.39.11.1)  191 ms  179 ms  313 ms
 9  fddi.mae-east.netcom.net (192.41.177.210)  336 ms  204 ms  303 ms
10  t3-2.dc-gw4-2.netcom.net (163.179.220.181)  182 ms  251 ms  187 ms
11  t3-2.chw-il-gw1.netcom.net (163.179.220.186)  305 ms  586 ms  518 ms
12  t3-2.scl-gw1.netcom.net (163.179.220.190)  537 ms  693 ms  797 ms
13  t3-1.netcomgw.netcom.net (163.179.220.193)  698 ms  549 ms  754 ms
14  netcom11.netcom.com (192.100.81.121)  890 ms  1922 ms  1696 ms

> /usr2/kelvin> traceroute jerusalem1.datasrv.co.il
traceroute to jerusalem1.datasrv.co.il (192.114.21.101), 30 hops max, 40
byte packets
 1  eunet-router (193.8.230.64)  2 ms  3 ms  2 ms
 2  146.228.231.1 (146.228.231.1)  933 ms  853 ms  874 ms
 3  Bern5.CH.EU.NET (146.228.14.5)  1040 ms  450 ms  525 ms
 4  146.228.107.1 (146.228.107.1)  453 ms  424 ms  188 ms
 5  Zuerich1.CH.EU.NET (146.228.10.80)  64 ms  61 ms  47 ms
 6   (134.222.9.1)  80 ms  312 ms  84 ms
 7  lp (134.222.35.2)  270 ms  400 ms  216 ms
 8  Vienna2.VA.ALTER.NET (137.39.11.2)  660 ms  1509 ms  886 ms
 9  dataserv-gw.ALTER.NET (137.39.155.38)  1829 ms  1094 ms  1306 ms
10  orion.datasrv.co.il (192.114.20.22)  1756 ms  1280 ms  1309 ms
11  ...


Notice that both messages went through an unnamed site -- 134.222.9.1 and
then a strangely-named site, "lp (134.222.35.2)" -- then through the same
Vienna, Virginia (USA) site ... and thereafter, on to their destination.
I.e., the second message went through Virginia to get from Switzerland to
Israel.

The whois servers at the InterNIC and at nic.ddn.mil for MILNET Information
report, ``No match for "134.222.9.1". '' and `` No match for
"134.222.35.2".''

Now let me see ... which spy agencies are located in or near Virginia?

--jim


&&&&&&&&&&&&&&&&&&&&

***********end_included_text*************************