reid [06.30.06 10:49 AM]

My connection jumps out and funnels through tbr1-p011701.wswdc.ip.att.net [12.123.8.106]
Looks suspicious to me >_>

  bender [06.30.06 12:20 PM]

this is too easy:



Tracing route to aljazeera.net [12.120.13.56]

over a maximum of 30 hops:



1
2 1 ms 1 ms 1 ms 69-7-200-222.cimcoisp.net [69.7.200.222]

3 8 ms 3 ms 4 ms 216-130-112-21.cimcoisp.net [216.130.112.21]

4 64 ms 4 ms 45 ms 216-130-104-145.cimcoisp.net [216.130.104.145]

5 53 ms 33 ms 4 ms so-2-2-1.ar2.chi1.gblx.net [208.51.117.17]

6 25 ms 231 ms 8 ms pos2-1-2488m.ar2.chi2.gblx.net [67.17.75.26]

7 5 ms 6 ms 5 ms ggr2-p363.cgcil.ip.att.net [192.205.33.149]

8 53 ms 65 ms 51 ms tbr1-p010401.cgcil.ip.att.net [12.123.6.66]

9 54 ms 52 ms 52 ms tbr1-cl1.sffca.ip.att.net [12.122.10.6]

10 50 ms 50 ms 50 ms gbr5-p100.sffca.ip.att.net [12.122.11.74]

11 51 ms 50 ms 210 ms snfca001il4.equip.icdsatt.net [12.120.13.5]

12 269 ms 58 ms 56 ms 12.120.13.56

  Calvin [06.30.06 05:34 PM]

The song "Watching the Detectives" just started playing in my head... brilliant!

  cmouse [07.03.06 12:29 PM]

Perhaps they are not as stupid as to actually route the traffic thru? But sure is funny...

  Inky [09.08.06 02:03 PM]

Most of the line-tap devices are NOT inline, traffic is not routed through them it is instead done by splicing the fiber so the traffic goes to two places.

So this is probably not a relevant way to see any evidence of tapping.

  RacerX [09.08.06 04:39 PM]

What a load...

A trace route is not sufficient to detect that your traffic is being captured, and post processed.

While a trace route can help you to determine routed paths between networks, it does absolutely nothing for carnivore type configurations.

In a carnivore configuration, all traffic or specific traffic may be captured and stored or processed with out changing the path of the packets.

Regardless,of WHO (Government OR SKIDDIES) may be scrapping the networks for your traffic, and regardless of their reasons for doing it, you the consumer should be aware of methods for protecting yourself.

http://www.markw.net/ is my website... there you will find more information about securing your privacy, as well as peace of mind..

-RacerX

  BuckS [09.08.06 05:47 PM]

Get your tin foil hat's on there are black choppers coming to sniff your internet traffic. Give me a break, I can't belive nonsense like this was even published.

  kicktd [09.08.06 06:30 PM]

What a load of BS. People should learn about internet routing before even trying to say they found t3h s3cr3t AT&T r0ut3!

AT&T is one of the "backbones" of the internet and your traffic is bound to go across their lines one way or another. Especially if the end user is using AT&T as their provider for fiber etc.

AT&T also covers the overseas lines that go under the sea so if you see your tracert going through AT&T when tracing something overseas it's not surprising.

Please learn about TCP/IP and the Internet before posting stuff like this.

  Me [09.08.06 09:42 PM]

This is still legit. If the snooping equipment is in the same building as sffca.ip.att.net then it makes sense that this traffic would be snooped. Its not proof positive but it does show how if you tap AT&T you have every byte in the US.

AND anyone who thinks that every byte of your data has not gone thru some sort of Bush paranoia for the last 4 years should indeed seriously look into how the Internet works. Its child's play to gather this data if your the government.

Just assume every byte is recorded, long term, and correlated in some huge database underground on prob every human in the US by now along with credit card data and god knows what else.

I have nothing at all to hide and am very legal. So this stuff does not really bother me much. However it is illegal, Un-American not to mention immoral.

  Anonymous [09.09.06 04:26 AM]

I hope they didn't pay too much for the expert analysis. YES, your traffic might be monitored, either by mirroring a port, or a fiber tap, where the light is split (I use these for my intursion detection system) . Neither of these methods will yield any clue via ICMP that your traffic is being sniffed.
The aljazeera ip address of 12.120.13.56 is an AT&T's address space, so OF COURSE it is going to pass through AT&T. DUH.

  kicktd [09.09.06 09:42 AM]

Let's do some looking into this shall we?

IN the orignal post The user is tracing a route from San Jose, CA to Fort Meade, MD. Common sense would say that since nsa.gov is ON the AT&T network

Resolving nsa.gov...
12.110.110.204
Trying ARIN lookup...
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255

that it would hop the closest route to the AT&T network it could, which is sffca.ip.att.net

I see NOTHING at all pointing to show nor SUPPORT the idea that the user is being monitored by going through AT&T's network to reach a site hosted on the AT&T network at the CLOSEST hop to the user.

Like I said, before jumping on the band wagon of sffca.ip.att.net is monitoring all internet activity and that you can find out by using tracert, you should really learn about internet routing and TCP/IP.

Think about it. Would the top leading phone company and the NSA make such a stupid mistake as to make it where using tracert would show an unusal hop in the route? No. Besides there are tons of ways to monitor activity without even re-routing traffic.

  kicktd [09.09.06 09:49 AM]

Just to support my theory the closest hop from me to the AT&T network is Dallas, TX as shown here:



Tracing route to nsa.gov [12.110.110.204]
over a maximum of 30 hops:





1 120 ms 119 ms 115 ms 209.215.5.4

2 147 ms 119 ms 115 ms 209.215.5.29

3 176 ms 115 ms 114 ms 205.152.131.161

4 203 ms 129 ms 130 ms axr00msy-7-3-0.bellsouth.net [65.83.237.16]

5 180 ms 117 ms 114 ms pxr00msy-0-0-0.bellsouth.net [65.83.236.32]

6 155 ms 128 ms 129 ms 67.72.4.41

7 132 ms 127 ms 130 ms ae-13-53.car3.Dallas1.Level3.net [4.68.122.79]

8 215 ms 128 ms 129 ms l3-gw.dlstx.ip.att.net [192.205.32.113]

9 181 ms 168 ms 164 ms tbr2-p010501.dlstx.ip.att.net [12.123.16.14]

10 216 ms 164 ms 164 ms tbr1-cl6.sl9mo.ip.att.net [12.122.10.89]

11 198 ms 164 ms 163 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]

12 169 ms 158 ms 154 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]

13 225 ms 158 ms 159 ms 12.127.209.214

14 244 ms 157 ms 162 ms 12.110.110.131

15 * * * Request timed out.

16 * * * Request timed out.

17 * * * Request timed out.

  SniffThis [09.09.06 04:41 PM]

So what. Encrypt if you're worried. You should anyway for anything worth protecting including legitimate stuff. Even so, traffic analysis would still be likely used first to determine what encrypted traffic should be analyzed first. So the guy tracerouting the terrorist news network should now have greater reason to be concerned.

  NetworkEngineer [10.20.06 08:16 PM]

All you people who say that you cannot determine if your packets are being traced from a traceroute are exactly right, but that isn't the point. The whole point of the author is that "any traffic passing through sffca.att.net is being monitored". You cannot find this out for yourself--thats the whole point of it, if everyone knew they were being monitored, it would be useless. The only reason they told people to do traceroutes was to see if your packets were going through a *suspected* packet logging router. If you people are trying to debunk this theory solely on the basis of "my traceroute skillz don't show a packet logger" than YOU should learn about the internet, and read this article more critically.

(Also, don't try to detect the NSA -- its impossible. The whole point of this article is that *someone found the NSA monitoring traffic on this router, and they're trying to tell you*. I have legally monitored all traffic for my company for years, and there is no way to tell... at all (even less so if they use a Level 2 router, which won't even show up on your happy little traceroute)).