DoD / MoD IP addresses on your mobile devices
Yeah, because Snowden and NSA and all that, some peeps in the hackish community are saying, "hey, dude, check you're phone's IP with whois and you'll see if you're being spied on by NSA."
So, at first, I thought plausible, but then I decided to look into this a bit. My conclusion is that this is bullshit. My phone currently shows 22.199.x.x, which clearly passes the @alexheid test:
Oooh, big scary DoD all over that output.
Originally Posted by terminal
A little google-fu shows this trend going back at least a few years. Though there are plenty of pointy heads with tin foil wrapping, the truly plausible explanation is found in these threads, if you read hard enough, and can be verified via other means.
The explanation I'm going with is that large telco/ISPs (TMobile, Rogers, etc.) have actually run out of 10.0.0.0/8 address space (that would be roughly 17 million addresses), and have co-opted some of the otherwise not-routed DoD address space for their own internal use.
The key here is that it's "not routed," not "unroutable." That basically means that DoD isn't advertising routes for those addresses on any publicly available Internet. In layspeak, "advertising a route," is akin to putting up a roadsign saying "NSA, exit 10, 10 miles." There's no way for you to get to those DoD addresses unless you're inside DoD (or, unless they start advertising routes, not likely).
And, you can sort-of verify this using two means. First, install a third-party traceroute application or two. Trace route to 220.127.116.11 (Google public DNS). If you see a bunch of 10.x.x.x addresses at the beginning, you know you're "inside" your ISP, and not out on the routable Internet. I guess you could argue that you're "inside," DoD network, but that would imply that DoD owns much or all of your ISP's infrastructure (yeah, that's a different thread).
The other way you can soft-verify this is to use a public "what's my IP," type application, such as WhatIsMyIP.com. Whois that result to get your "public" IP address, you should see something much safer looking:
So, there you have it. Does your phone have a DoD IP address? Well, yes, but remember billions of computers and devices around the world also have your exact same IP address: 127.0.0.1, and none of them can spy on you, either.
Originally Posted by terminal
Conclusion: This is FUD at best, but can be a fun way to troll your non-techy friends and family.
You are not going through DoD routers thats for sure. Any traceroute will tell you that. Though it doesn't mean that they are not sniffing your packets. Or that duplicates of your traffic are not passing through a proxy server that is sending copies off to the DoD. Traceroute only shows you each hop. It doesn't show you everything that is on that routers interface. Its really easy to packet sniff Voip traffic. Hell any internet traffic really.
If you are really concerned its easy enough to get applications that use a private and public key encryption.
If you are really paranoid look up 1024 SIP encryption clients.
One other thing to consider, tracerout is not going to show you any frame relay routers you may transit across as well. So in theory the NSA could be routing you through its own frame relay routers and you would never know it.
Point being is that the NSA doesn't have to be your SIP provider in order to get your info. I always wonder how these 1/2 baked technology conspiracy theories get started?
All good points, but very different from the hyperbole of "zomg, I have an DoD interwebs address!"
Originally Posted by goodlun
Yeah, SIP/RTP traffic is easy to grab right off the wire. I use wireshark (for legitimate business purposes, no, really), and you can literally select the phone call and click "play." It's that easy. IAX traffic is a bit harder to do, because you need the proprietary codec, but still possible.
I've also been known to stuff HTTPS server private keys in there to fully decode "encrypted," conversations. It also works on STARTTLS-based protocols, and other SSL-encrypted communications. I believe the key mitigation to this is using one of the "forward secrecy," key exchange algos, but I haven't tested that myself. Anyways, this is basically what happened with Lavabit - Govt said "give us the private keys," and the world was theirs.
Have you been watching the DarkMail stuff? I'm interested to see what they come up with, there.
I meant to include in OP that, imho, you should be less worried about gov't spying on you, and more worried about your carrier doing silent proxy of your HTTPS (that story broke earlier in the year, iirc). Not that I'm for gov't spying on private citizens, just that gov't interest in what you do is not likely to be as high as someone who can directly profit off your information.
I liked the bit about NSA throwing up fake TOR nodes, that was pretty crafty and I think would require collusion from tier-1 carriers (which is scary).
I have not really gotten into the Dark Mail stuff yet.
I have a simple rule in life. If you write it down consider it not secure.
We have a similar saying, "don't write it if you can say it, don't say it if you can just nod."