« Pot: I’d like you to meet kettle.
Back to Sacking Rome
Finally »

How to Tell if the NSA is Tracking Your Net Usage

From Wired.

Here’s mine:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:>tracert nsa.gov

Tracing route to nsa.gov [12.110.110.204]
over a maximum of 30 hops:

1 * * * Request timed out.
2 10 ms 7 ms 6 ms ***********
3 6 ms 6 ms 7 ms daggc01.sd.sd.cox.net [68.6.11.38]
4 59 ms 234 ms 152 ms 68.6.8.40
5 21 ms 27 ms 6 ms 68.6.8.6
6 7 ms 7 ms 7 ms 12.118.229.13
7 65 ms 65 ms 63 ms 12.123.145.178
8 69 ms 67 ms 67 ms 12.122.2.5
9 65 ms 64 ms 63 ms 12.122.1.106
10 65 ms 65 ms 65 ms tbr2-p013603.phmaz.ip.att.net [12.122.1.74]
11 67 ms 67 ms 69 ms tbr2-cl1592.dlstx.ip.att.net [12.122.10.81]
12 67 ms 65 ms 65 ms tbr1-cl6.sl9mo.ip.att.net [12.122.10.89]
13 66 ms 66 ms 66 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
14 64 ms 65 ms 65 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
15 85 ms 85 ms 70 ms 12.127.209.214
16 75 ms 69 ms 76 ms 12.110.110.131
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.

Looks like I’m clean unless this is based on old information. I don’t know much everyday traffic goes through AT&T’s backbone.

This entry was posted on Wednesday, June 28th, 2006 at 6:00 pmand is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “How to Tell if the NSA is Tracking Your Net Usage”

  1. Adam Heine Says:
    June 28th, 2006 at 8:46 pm

    I couldn’t follow your link, but I found it using this one.

    Incidentally, what category of geek does it put me in that (1) I did not know about the “tracert” function and (2) now that I know about it I’ve run it 5 times in a row already and am trying to think of more interesting URL’s I can trace?

  2. Terrence Says:
    June 29th, 2006 at 8:30 am

    Ray, I ran the tracert function and got this:

    10 74 ms 78 ms 78 ms tbr2-cl21.sl9mo.ip.att.net [12.122.10.13]
    11 78 ms 78 ms 78 ms tbr1-cl24.sl9mo.ip.att.net [12.122.9.141]
    12 79 ms 78 ms 78 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
    13 74 ms 74 ms 75 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]

    Is that bad? I understand, according to the wired article, that anything with att.net is suspect, but what does the tracert function reveal, in plain english?

  3. Ray Grieselhuber Says:
    June 29th, 2006 at 1:42 pm

    From wikipedia:

    traceroute (tracepath on modern Linux systems, tracert on Windows operating system) is a computer network tool used to determine the route taken by packets across an IP network.

    Implementation

    traceroute works by increasing the “time-to-live” value of each successive batch of packets sent. The first three packets have a time-to-live (TTL) value of one (implying that they make a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. traceroute may not list the real hosts, it indicates that the first host is at one hop, the second host at two hops. IP does not guarantee that all the packets take the same route.

    On modern Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with a destination port number starting at 33434. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead, as used by the Windows tracert utility. There are also traceroute implementations that use TCP packets, such as tcptraceroute or Layer Four Trace. A new utility, pathping, was introduced with Windows NT, combining ping and traceroute functionality. Matt’s Trace Route (MTR) is an enhanced version of icmp traceroute available for Unix and Windows systems under a GNU GPL license. All implementations of traceroute rely on ICMP (type 11) packets being sent to the originator.

    Anyway, it looks like you’re safe (I wouldn’t rank you very high on the Bush administration’s list of suspects anyway :-) ) The specific address to look for is: tbr2-p012201.sffca.ip.att.net.

    (Unless they’ve changed the location since.)

  4. Terrence Says:
    June 29th, 2006 at 2:18 pm

    should have looked at wikipedia…thanks for looking it up. Yeah, I suppose I’ve got nothing to worry about ;)

  5. ziz Says:
    June 29th, 2006 at 6:16 pm

    To automate the process go to www.dnsstuff.com easier more functions and plenty of explanation.,

    More at www.postmanpatel.blogspot.com

    It appears any att.net is evidence as there are 35 - 40 “rooms” in US, plus of course maybe other carriers help along.

  6. Payshun Says:
    June 30th, 2006 at 9:18 am

    I was surprised I was clean too.

    p

  7. Penis Enlargement Says:
    November 19th, 2007 at 10:20 pm

    How penis enlargement pills work, check penis enlargement techniques, penis enlargement reviews, penis enlargement expert advice and much more. Visit: www.sinepenis.com

Leave a Reply