222245 Bullies, 3698 online  
  • Register
Our Sponsors:

Results 1 to 9 of 9
Sponsored Links Spacer Image
  1. submessenger is offline
    submessenger's Avatar

    Transmaniacon MC

    Join Date
    Apr 2010
    Location
    Delray Beach
    Posts
    1,601

    Posted On:
    12/17/2013 4:24pm

    supporting member
     Style: BJJ

    1
    Hell yeah! Hell no!

    DoD / MoD IP addresses on your mobile devices

    Yeah, because Snowden and NSA and all that, some peeps in the hackish community are saying, "hey, dude, check you're phone's IP with whois and you'll see if you're being spied on by NSA."

    So, at first, I thought plausible, but then I decided to look into this a bit. My conclusion is that this is bullshit. My phone currently shows 22.199.x.x, which clearly passes the @alexheid test:

    Quote Originally Posted by terminal

    NetRange: 22.0.0.0 - 22.255.255.255
    CIDR: 22.0.0.0/8
    OriginAS:
    NetName: DNIC-SNET-022
    NetHandle: NET-22-0-0-0-1
    Parent:
    NetType: Direct Allocation
    RegDate: 1989-06-26
    Updated: 2009-04-15
    Ref: http://whois.arin.net/rest/net/NET-22-0-0-0-1




    OrgName: DoD Network Information Center
    OrgId: DNIC
    Address: 3990 E. Broad Street
    City: Columbus
    StateProv: OH
    PostalCode: 43218
    Country: US
    RegDate:
    Updated: 2011-08-17
    Ref: http://whois.arin.net/rest/org/DNIC


    OrgTechHandle: REGIS10-ARIN
    OrgTechName: Registration
    OrgTechPhone: +1-800-365-3642
    OrgTechEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil
    OrgTechRef: http://whois.arin.net/rest/poc/REGIS10-ARIN


    OrgTechHandle: MIL-HSTMST-ARIN
    OrgTechName: Network DoD
    OrgTechPhone: +1-614-692-2708
    OrgTechEmail: disa.columbus.ns.mbx.hostmaster-dod-nic@mail.mil
    OrgTechRef: http://whois.arin.net/rest/poc/MIL-HSTMST-ARIN


    OrgAbuseHandle: REGIS10-ARIN
    OrgAbuseName: Registration
    OrgAbusePhone: +1-800-365-3642
    OrgAbuseEmail: disa.columbus.ns.mbx.arin-registrations@mail.mil
    OrgAbuseRef: http://whois.arin.net/rest/poc/REGIS10-ARIN
    Oooh, big scary DoD all over that output.

    A little google-fu shows this trend going back at least a few years. Though there are plenty of pointy heads with tin foil wrapping, the truly plausible explanation is found in these threads, if you read hard enough, and can be verified via other means.

    The explanation I'm going with is that large telco/ISPs (TMobile, Rogers, etc.) have actually run out of 10.0.0.0/8 address space (that would be roughly 17 million addresses), and have co-opted some of the otherwise not-routed DoD address space for their own internal use.

    The key here is that it's "not routed," not "unroutable." That basically means that DoD isn't advertising routes for those addresses on any publicly available Internet. In layspeak, "advertising a route," is akin to putting up a roadsign saying "NSA, exit 10, 10 miles." There's no way for you to get to those DoD addresses unless you're inside DoD (or, unless they start advertising routes, not likely).

    And, you can sort-of verify this using two means. First, install a third-party traceroute application or two. Trace route to 8.8.8.8 (Google public DNS). If you see a bunch of 10.x.x.x addresses at the beginning, you know you're "inside" your ISP, and not out on the routable Internet. I guess you could argue that you're "inside," DoD network, but that would imply that DoD owns much or all of your ISP's infrastructure (yeah, that's a different thread).

    The other way you can soft-verify this is to use a public "what's my IP," type application, such as WhatIsMyIP.com. Whois that result to get your "public" IP address, you should see something much safer looking:

    Quote Originally Posted by terminal
    NetRange: 172.32.0.0 - 172.63.255.255CIDR: 172.32.0.0/11
    OriginAS: AS21928
    NetName: TMO9
    NetHandle: NET-172-32-0-0-1
    Parent: NET-172-0-0-0-0
    NetType: Direct Allocation
    RegDate: 2012-09-18
    Updated: 2012-09-18
    Ref: http://whois.arin.net/rest/net/NET-172-32-0-0-1


    OrgName: T-Mobile USA, Inc.
    OrgId: TMOBI
    Address: 12920 SE 38th Street
    City: Bellevue
    StateProv: WA
    PostalCode: 98006
    Country: US
    RegDate: 2003-01-02
    Updated: 2012-07-13
    Ref: http://whois.arin.net/rest/org/TMOBI


    OrgAbuseHandle: DNSAD11-ARIN
    OrgAbuseName: DNS Administrators
    OrgAbusePhone: +1-888-662-4662
    OrgAbuseEmail: ARINtechcontact@t-mobile.com
    OrgAbuseRef: http://whois.arin.net/rest/poc/DNSAD11-ARIN


    OrgTechHandle: DNSAD11-ARIN
    OrgTechName: DNS Administrators
    OrgTechPhone: +1-888-662-4662
    OrgTechEmail: ARINtechcontact@t-mobile.com
    OrgTechRef: http://whois.arin.net/rest/poc/DNSAD11-ARIN
    So, there you have it. Does your phone have a DoD IP address? Well, yes, but remember billions of computers and devices around the world also have your exact same IP address: 127.0.0.1, and none of them can spy on you, either.

    Conclusion: This is FUD at best, but can be a fun way to troll your non-techy friends and family.
  2. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    4,898

    Posted On:
    12/17/2013 4:41pm

    Join us... or die
     Style: BJJ

    1
    Hell yeah! Hell no!
    You are not going through DoD routers thats for sure. Any traceroute will tell you that. Though it doesn't mean that they are not sniffing your packets. Or that duplicates of your traffic are not passing through a proxy server that is sending copies off to the DoD. Traceroute only shows you each hop. It doesn't show you everything that is on that routers interface. Its really easy to packet sniff Voip traffic. Hell any internet traffic really.
    If you are really concerned its easy enough to get applications that use a private and public key encryption.
    If you are really paranoid look up 1024 SIP encryption clients.
  3. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    4,898

    Posted On:
    12/17/2013 5:04pm

    Join us... or die
     Style: BJJ

    --
    Hell yeah! Hell no!
    One other thing to consider, tracerout is not going to show you any frame relay routers you may transit across as well. So in theory the NSA could be routing you through its own frame relay routers and you would never know it.
  4. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    4,898

    Posted On:
    12/17/2013 5:17pm

    Join us... or die
     Style: BJJ

    --
    Hell yeah! Hell no!
    Point being is that the NSA doesn't have to be your SIP provider in order to get your info. I always wonder how these 1/2 baked technology conspiracy theories get started?
  5. submessenger is offline
    submessenger's Avatar

    Transmaniacon MC

    Join Date
    Apr 2010
    Location
    Delray Beach
    Posts
    1,601

    Posted On:
    12/17/2013 5:20pm

    supporting member
     Style: BJJ

    --
    Hell yeah! Hell no!
    Quote Originally Posted by goodlun View Post
    You are not going through DoD routers thats for sure. Any traceroute will tell you that. Though it doesn't mean that they are not sniffing your packets. Or that duplicates of your traffic are not passing through a proxy server that is sending copies off to the DoD. Traceroute only shows you each hop. It doesn't show you everything that is on that routers interface. Its really easy to packet sniff Voip traffic. Hell any internet traffic really.
    If you are really concerned its easy enough to get applications that use a private and public key encryption.
    If you are really paranoid look up 1024 SIP encryption clients.
    All good points, but very different from the hyperbole of "zomg, I have an DoD interwebs address!"

    Yeah, SIP/RTP traffic is easy to grab right off the wire. I use wireshark (for legitimate business purposes, no, really), and you can literally select the phone call and click "play." It's that easy. IAX traffic is a bit harder to do, because you need the proprietary codec, but still possible.

    I've also been known to stuff HTTPS server private keys in there to fully decode "encrypted," conversations. It also works on STARTTLS-based protocols, and other SSL-encrypted communications. I believe the key mitigation to this is using one of the "forward secrecy," key exchange algos, but I haven't tested that myself. Anyways, this is basically what happened with Lavabit - Govt said "give us the private keys," and the world was theirs.

    Have you been watching the DarkMail stuff? I'm interested to see what they come up with, there.

    I meant to include in OP that, imho, you should be less worried about gov't spying on you, and more worried about your carrier doing silent proxy of your HTTPS (that story broke earlier in the year, iirc). Not that I'm for gov't spying on private citizens, just that gov't interest in what you do is not likely to be as high as someone who can directly profit off your information.
  6. submessenger is offline
    submessenger's Avatar

    Transmaniacon MC

    Join Date
    Apr 2010
    Location
    Delray Beach
    Posts
    1,601

    Posted On:
    12/17/2013 5:24pm

    supporting member
     Style: BJJ

    2
    Hell yeah! Hell no!
    I liked the bit about NSA throwing up fake TOR nodes, that was pretty crafty and I think would require collusion from tier-1 carriers (which is scary).
  7. goodlun is online now
    goodlun's Avatar

    Senior Member

    Join Date
    Jun 2008
    Location
    Ramona
    Posts
    4,898

    Posted On:
    12/17/2013 5:28pm

    Join us... or die
     Style: BJJ

    1
    Hell yeah! Hell no!
    I have not really gotten into the Dark Mail stuff yet.
    I have a simple rule in life. If you write it down consider it not secure.

    SETEC ASTRONOMY
  8. W. Rabbit is offline
    W. Rabbit's Avatar

    insight combined with intel, fuse, and dynamite

    Join Date
    May 2010
    Location
    Work
    Posts
    7,893

    Posted On:
    12/17/2013 6:31pm

    supporting member
     Style: (Hung Ga+BJJ+MT+JKD) ^ Qi

    --
    Hell yeah! Hell no!
  9. submessenger is offline
    submessenger's Avatar

    Transmaniacon MC

    Join Date
    Apr 2010
    Location
    Delray Beach
    Posts
    1,601

    Posted On:
    12/17/2013 7:09pm

    supporting member
     Style: BJJ

    1
    Hell yeah! Hell no!
    We have a similar saying, "don't write it if you can say it, don't say it if you can just nod."

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Powered by vBulletin™© contact@vbulletin.com vBulletin Solutions, Inc. 2011 All rights reserved.