I Can Has Action Team?

Wednesday, June 28, 2006

Everyone get your tin foil hats on, I am taking you for a ride.

We all know AT&T and the NSA have been caught red handed on tapping American communications, however it is not know what servers are tapping. Rumor 'round the net is that someone has found suspect AT&T servers that may be tapping american IP communications. Now appearently, if your traceroute to a certain site and it contains a route to sffca.ip.att.net then this info is being routed through an NSA monitoring station. I decided hey, lets check it out on my box.

I figured maybe the NSA flags certain 'suspect' sites too. Example of the two trace routes from my box:

More Likely to Red Flag: Tracing route to www-lm.aljazeera.net.att-idns.net [12.120.9.55]

1 1 ms 1 ms 1 ms adsl-68-127-151-109.dsl.pltn13.pacbell.net [68.127.151.109]
2 18 ms 12 ms 11 ms bras4-l0.pltnca.sbcglobal.net [151.164.184.80]
3 11 ms 10 ms 11 ms dist1-vlan60.pltn13.pbi.net [64.164.97.130]
4 9 ms 10 ms 10 ms bb1-g3-0.pltnca.sbcglobal.net [151.164.43.54]
5 10 ms 10 ms 10 ms bb1-p3-0.crsfca.sbcglobal.net [151.164.190.85]
6 12 ms 12 ms 12 ms ex1-p14-0.eqsjca.sbcglobal.net [151.164.41.10]
7 14 ms 14 ms 14 ms 12.122.79.101
8 76 ms 76 ms 76 ms tbr2033101.sffca.ip.att.net [12.122.85.142]
9 76 ms 76 ms 77 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
10 77 ms 77 ms 77 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
11 75 ms 75 ms 75 ms gbr5-p10.wswdc.ip.att.net [12.122.11.170]
12 76 ms 75 ms 75 ms wasdc001il4.equip.icdsatt.net [12.120.9.5]
13 262 ms 79 ms 82 ms 12.120.9.55

Less likey to Red Flag: Tracing route to www.bbc.net.uk [212.58.224.87]

1 2 ms 1 ms 1 ms adsl-68-127-151-109.dsl.pltn13.pacbell.net [68.127.151.109]
2 25 ms 16 ms 11 ms bras4-l0.pltnca.sbcglobal.net [151.164.184.80]
3 11 ms 10 ms 10 ms dist1-vlan60.pltn13.pbi.net [64.164.97.130]
4 10 ms 10 ms 10 ms bb1-10g2-0.pltnca.sbcglobal.net [151.164.42.100]
5 11 ms 11 ms 11 ms bb1-p4-0.crsfca.sbcglobal.net [151.164.41.5]
6 11 ms 11 ms 11 ms core1-p5-0.crsfca.sbcglobal.net [151.164.243.1]
7 24 ms 24 ms 24 ms core1-p5-0.crskut.sbcglobal.net [151.164.42.11]
8 34 ms 34 ms 34 ms core1-p11-0.crdnco.sbcglobal.net [151.164.243.246]
9 44 ms 44 ms 44 ms core1-p5-0.crkcmo.sbcglobal.net [151.164.42.23]
10 56 ms 55 ms 55 ms core2-p11-0.crchil.sbcglobal.net [151.164.240.118]
11 55 ms 55 ms 55 ms core1-p8-0.crchil.sbcglobal.net [151.164.188.42]
12 63 ms 62 ms 62 ms core1-p10-0.crcloh.sbcglobal.net [151.164.42.9]
13 63 ms 62 ms 63 ms core2-p1-0.crcloh.sbcglobal.net [151.164.188.190]
14 78 ms 78 ms 78 ms core1-p2-0.crnyny.sbcglobal.net [151.164.188.36]
15 80 ms 79 ms 80 ms bb1-p11-0.nycmny.sbcglobal.net [151.164.189.164]
16 80 ms 80 ms 80 ms bb2-p6-0.nycmny.sbcglobal.net [151.164.42.161]
17 148 ms 148 ms 147 ms bb1-p2-1.linxuk.sbcglobal.net [151.164.188.147]
18 149 ms 149 ms 149 ms ex1-p6-0.linxuk.sbcglobal.net [151.164.41.244]
19 148 ms 148 ms 148 ms bbc-gw0-linx.prt0.rbsov.bbc.co.uk [195.66.224.194]
20 148 ms 147 ms 148 ms 212.58.238.133
21 149 ms 149 ms 149 ms www50.thdo.bbc.co.uk [212.58.224.87]

In fact a number of people on AT&T's own network have reported not having any 'ATT' routers on their traces except when going to 'suspect' sites. Creepy, or maybe coincidence. I am on SBC and seem to stay off of ATT routes except in the travels to certain sites.

Paranoia, or on?

D>M>