Check if NSA warrantless surveillance is looking at your IP traffic

You do realize that if you are posting the results from your traceroutes, you are posting your own IP, and routes to it?? That's like giving out your GPS coordinates on the internet!

Also, its not like the NSA/FBI sniffers are going to show up in a simple ICMP trace. A certain IP or domain name do not have to show up in the trace for you to be monitored. Matter of fact, its more likely that it will NOT show up.

If they are doing Layer-3 packet sniffing, they most likely have a switch somewhere that simply copies traffic they are interested in to another port. Just copies it over to their equipment.

In this scenario, your data stream flows IN one port on the switch, and it flows OUT of two ports on the switch: one port goes to your data's destination, the other port goes to monitoring equipment.

That way, your ping rolls through the switch and gets forwarded on to its destination as usual, but gets copied over at some point in the trip. This kind of thing would NOT show up in a traceroute, since the computer doing the sniffing would be undetected as it is getting the data stream forwarded to it by the switch.



Your traceroute is only going to show the hops along the RED LINE. Your trace route will NOT show anything on the BLUE LINE, since there is no way for your computer to know that the switch clones your data stream to another port for filtering.

Keep in mind also that this is only ONE WAY to rig this kind of thing up. There are many many ways to get the data you want from a data stream without ever being seen in the route - port cloning and forwarding is one way. Switches used in head-ends are very intelligent, and can be programmed to do just about anything with Layer-2 (MAC Address) and Layer-3 (IP Address) traffic. Believe me, if they want to monitor you, they can. It can be done effectively, quietly, and easily.

And as I'm sure you all know, May 14th was the deadline for all ISPs to comply with the FBI's monitoring program. As of now, every ISP in the country has monitoring equipment at the head-end.

Here is a relevant post I made a long time ago relating to IP Security...

Originally posted by damajikninja
Well, if you change your network card(MAC), and get a new IP address (either from the ISP or from a router), your traffic will still be flowing through one fiber gateway back to the ISP. There is still a leg of the network that you HAVE to pass traffic through in order to get out to the internet. Even if you change your MAC and IP (which you cant do every second), they can still filter all the traffic from your network node and find your data stream again. Granted, it is gonna take em a second to re-locate you, but its gonna take you a second to switch out MAC/IP every time you do it.

EDIT: Not to mention that your cable/dsl modem will still have the same MAC if its in bridge mode, and the same IP if it isn't in bridge mode. See what I mean? Even if they can't track your NIC's MAC or IP, they can just filter any traffic coming from your modem. And as said above, even if you change out your modem, they can still start looking for you in the local node's traffic back to the ISP.


The only effective way to keep running from them is to change physical routes as often as possible. Like changing ISP's you run through, or being wireless and hopping from one physical layer (ISP/node) to another. As long as you do that while changing your MAC everytime you hop, you can evade them fairly well.

But even if you do that, they can still locate your data stream by waiting for your traffic to show up in other predictable places. Lets say they they know you go to a certain website, like ATS, and they want to monitor you. All they have to do is filter data going in/out of ATS servers, and wait for your username to show up in some packet data. Then they'll know which data stream is yours, which means they know where your data is coming from, which means they know what ISP you are on, and which Node you are on. From that point on, they can filter all your internet traffic until you change physical routes and they lose you again. Not to mention they will have a pretty damn good geographic fix on you.


Its all about not being predictable, and to keep them guessing about where your traffic is going to come through. Cause once they know where to look, they can find you and monitor you relatively easy. And let's not forget that the FBI has monitoring equipment freshly installed at all ISP head-ends, so they certainly have the resources to look at any data stream on any network.

...is there a FSME badge for this kind of thing?? lol

[edit on 6/23/2007 by damajikninja]

Wow, look at me! The Thread Killer!

No really, I didn't mean to completely bring this thread to a halt, but the stuff I posted above was important IMO. Just wanted everybody to be more aware of how things work.

Sorry OP!

[edit on 6/27/2007 by damajikninja]

Even if you were, in theory, being monitored, you wouldn't be able to detect it with a simple traceroute DOS command. It has been explained above more thoroughly. Being that I work in the data field, I'm well adept to working with secure lines.

Just a tid bit of info, everyone is being monitored to a degree. Whether it be by the government, ISP or even your parents(if applicable).

hmmm---never completes the trip, but ends up in the same subnet, and no magic string---maybe got wind already and switched ip addies or to hidden routers. Would have been my choice.

For those really paranoid, scroogle "OperaTor" ( you can google "scroogle" also if you wish). I am sure unmentionables are running a few onion routers, but about the best available (legally) anon system.

OK this is about PGP and other ways to message securely.

And PG does block gov sited cause I checked about passports at
the USPO and got blocked even though the list looks empty.

Perhaps its text is in some white on white background.

But its more fun to say I got UFO pictures posted at blah blah and
think the internet starts abuzz due to all the key works they might
be monitoring.

Yeah ats would know about that if gov ips swoop down on a thread.
Or Google if someone calls out a search.

Secret PGP messages going back and forth only identifies the location
of the culprits. But you know where to move in and catch them.
It is identifying a secret message, coded or not, and
tell which one is not on our side.

Technology secrets might be monitored, like my message of the day:

Reconsider aether energy discovered
long ago: oxygen and nitrogen transmute to alpha and beta
currents to allow EM control of aether craft and
a few other normal items. Ask BMW when you get a chance.
Hush Hush ZecretZ, its a puZZle ain't it.

Atomic gases will
power more than oil. Ask NOT...but ask about the
Helium engine.

www.scribd.com...

www.scribd.com...

Top free net sellers in the NWO.

I'm thinking its hokum, purely because he says "if its above or below a NON AT&T" that's gonna account for 100% of the occurances, and then looking at the logs, you can clearly see it seems to always occurs with tbr1-cl2.sl9mo.ip.att.net, so its probably just some sort of switch for people in the Sanfran area as opposed to some untoward feindish plot.

I mean, lets face it, if you were thinking of monitoring people, this WOULD be the place to find IPs and we'd almost all likely be monitored.

Of course, ECHELON and its related systems are apparently so advanced these days they don't even need to be hardware level, they can monitor you regardless of where you live or what type of computer you use.

Originally posted by ejsaunders
Of course, ECHELON and its related systems are apparently so advanced these days they don't even need to be hardware level, they can monitor you regardless of where you live or what type of computer you use.

As opposed to magic level? I'm a level 38 wizard in network sorcery.

Do you have a +3 wand of port sniffing?

The CALEA is indeed a horrible thing. Although I'm curious as to what happens with people on ISPs such as AOL, but in the UK. At some point, the traffic will get routed through an AOL server in the US, meaning that it must be complicit with CALEA, but that also means that CALEA is working on the UK by proxy, does it not?

just so you all know the servers that you mentioned are not in the sanfran area, a simple reverse dns search at dns tools will tell you the location. Like it was mentioned before all servers/routers etc can log what IPs you visit. When I was still living with my parents we had set up a simple cable modem house network and every website we all visited was logged/timed including email hosts. So dont even think that a single router or even a string of routers with the same host name.

and to to think about it, wouldn't it be easier to change the router name if it was such a problem being public.

Interesting. But I guess it doesnt bother me.
I live on a military base......so that about says it all. LOL
I have nothing to hide and hope to get a Fed job someday anyways once I graduate

[edit on 1-10-2007 by greeneyedleo]

If you folks are trying to avoid "man in the middle" attacks like cain and able for instance your better off spoofing your ip through a proxy and spoof a diff hardware mac if you can setup those two things regardless of what your checking out they wont find "You" that fast.. And to see if the people are connected to you the netstat and its variable commands will give you open connections and sessions and locally nbtstat for intrinsit net bios commands.

A geez this is wonderful ... I found this string even works at the library
after reading LEVEL 3 no access when trying to access my own email. Seems
it only worked from home.

Thanks a million for making my day. I've always known I had a computer problem since 1996 based upon my circle of friends and interest in declassified government documents.

If I can help others understand the back channel (mind games) please don't hesitate to post.

All these years I was so sure that level 3 was designed by a hidden lover, today I find out other ways. I'm so disappointed.

Oh PS, I forgot to mention I stopped tracing my online routes a few years ago after a strange phone call was received from unknown. When I quickly used the redial option to hear a man answer "This isn't good, leave a message and we'll get back to you" in Atlanta, Georgia. I immediately burst into laughter before hanging up. Seems I won that round!

This is most certainly bogus. The way trace route works it it sends a packet through differnt Hops across the country. Therefore if the NSA was monitoring on this att IP EVERY one of your tracerts to ANY website would have that. Otherwise they would only see the packets you send when you go to yahoo.com not places like f-theUS.com or whatever. Tracert just shows you the hops it makes when going to the destination you put in.

reply to post by ZombieAssassin

Quite correct. This was the point of my post at the top of the page.

If you want to end the NSA patriot act bull#, think about throwing some support Ron Pauls way. I have some real problems with his pro-life views, but his position on privacy are big step in the right direction.

note: I do not work for Ron Paul and am not even sure I'm going to support him. but its some food for thought.

Originally posted by ZombieAssassin
This is most certainly bogus. The way trace route works it it sends a packet through differnt Hops across the country. Therefore if the NSA was monitoring on this att IP EVERY one of your tracerts to ANY website would have that. Otherwise they would only see the packets you send when you go to yahoo.com not places like f-theUS.com or whatever. Tracert just shows you the hops it makes when going to the destination you put in.

Yes, and a couple of years ago ending in 2006 I kept landing in Asia or Europe
when accessing C2C or Rense dot com. If you can explain that I'm all ears.
Seems some one was bouncing me globally averaging over 14 hops changing the timeline when skipping me over the international date line. This all started back in 1996.

Its been an education on fast eddie communications!

I will admit that I got creeped out when reading a relatives address and phone number being displayed in 1997 as being the mailing address for some Washington online business. When I took the webmaster to task on what I read, he told me it was displayed wrong making me sound crazy.

[edit on 11-10-2007 by Skydancer]

Originally posted by damajikninja
Wow, look at me! The Thread Killer!

No really, I didn't mean to completely bring this thread to a halt, but the stuff I posted above was important IMO. Just wanted everybody to be more aware of how things work.

Sorry OP!

[edit on 6/27/2007 by damajikninja]

Perhaps not, the real issue under all of this is WHERE they're doing the data capture. They're using a fiber optic "splitter" to basically take all of the data traveling through it and route it to a monitoring system, alot like packet sniffing but on the physical layer (The lowest layer and the most basic building block to a network). The odd part about it is that the device used to perform this task is kept very hush hush and I've seen little reference to it outside of the article I'll list below.

Now at hand is are we being monitored just by going through AT&T's router with the hostname of "sffca.ip.att.net". There's a few things to remember about this, this merely shows that router is in between you and the server for nsa.gov, and that you would have to see this site come up on other sites that you trace routed. I'm guessing that this is the San Fransisco office with room 641A that is referred to just by the hostname starting with "sffca". If it is indeed going through there, there is a very high chance that is where they do the capture and logging of data. That doesn't mean in ANY way that they're not using this method at other sites and at other routers, I think it was estimated before the San Fransisco office routes almost 50% of traffic in the US. That's a high number, but hardly includes everyone. I think that's too high of a miss rate for the likes that install systems such as the one in the San Fransisco office.

Also as far as posting your trace routes, it's not a problem at all if you take off the first 3 or so lines as it will not reveal your IP, perhaps the ISP you use, but nothing that would invite attacks.

Here's a snippit about the fiber optic splitter used:

Plans for the "secret room" were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from "AT&T Labs Connectivity & Net Services" and authored by the labs' consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. (See sample PDF 1-4.) This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not "leak" their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.

From: www.wired.com...

Also, FWIW my traffic is not going through any of AT&Ts sffca routers, but it is going though about 3 of their routers on the way to nsa.gov. Another good IP to check traffic to as a double check on the sffca router is to "4.2.2.1"

Just out of curiosity, where are the ATS servers? I did a trace with this site's address and it ended in dallas, tx.