EVERY powerful nation is spying on EVERY other nation of any worth whatsoever... so while I doubt a lot of spying is being done in Ethiopia or Zimbabwe, you can be DAMN certain that not only the USA but also China, Russia, Israel, Japan, England, and countless other countries are spying on Canada 24 hours a day, 7 days a week.

Same goes for ANY other powerful country.

Edit: Hell, I MET a Mossad agent right here on American soil and he was so courteous and polite I barely even minded it.

If I was you I would edit out your PC's IP addressing of you post...

I agree with you. That's why I need other people from ATS to try these steps and check if lots of people see the same thing. If they do, this becomes a proof that they are really spying instead of just saying "I'm sure the government spies on us".

First, try alternate programs---traceroute on linux and others, could be a bug in the tracing program.

Then log on to your router's or modem's config page (may be 192.168.0.1 or something like that). Look at what it is getting for default gateway.

If you have a DSL or cable then your first physical hop has to be on your provider's network no matter what (laws of physics). I wonder if the provider has some misconfiguration and the provider is lying about it's IP and providing something bad via DHCP.

If you had traffic going into DISA, I think it's more likely they would complain that you are messing up their network. DISA is the phone company and internet provider for the US military.

I actually doubt you are really getting packets going to real DISA networks.

Hey op, I live in England . I have used your steps given and nothing out of the ordinary here. Happy days

I knew it!!!! They're after our BACON!!!!!!

I just ran some tests, found nothing suspicious. I'm on Telus though, not Rogers.

I think the OP is on to something though...

After doing a little bit of research, I went to three of my friends who have Rogers. Some of them use Linux as computer.. other uses Windows and did trace from their computers. I also brought my own laptop to do tests. Everytime I did a traceroute or tracepath, I got that 7.25.212.1 address. To those who mentionned that it might have done a DNS query before, well no it can't be because i'm using the IP directly and not a domain name for my test. My default route points to my gateway (192.168.0.1) in my case and I did not configure any route to go to 7.25.212.x. I did check my modem's gateway and it points to a Rogers IP. There are no reason for this answer from DISANET. So from there I started to capture packets...

I did tests with tools like firewalk and tcptraceroute which allow you to sent TCP traffic on the Internet using port 21,22,23,25,53,80 and by setting the TTL to "1" and then "2" and so on .... This simulates normal traffic instead of just ICMP just in case the ISP uses some ACL on their core routers.
Essentially what this does is to send a packet to the destination IP I want with a TTL value of "1". The rules are that for every hop, the router that gets the packet have to decrease the TTL by 1. When reaching a TTL of 0, the router is forced to answer with a ICMP type 11 (TTL exceeded) which reveals the route it took. If you try this several times, you might get different routes depending on the traffic load on the core routers.

What the pcap revealed is kinda odd. To come back to my traceroute example :

1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
3: 66.185.81.77 (ROGERS-CABLE-BACKBONE ) 33.461ms
4: 69.63.250.154 (ROGERS-CABLE) 36.092ms asymm 5
...

1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
This is the first packet sent, with a TTL of 1.

1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
This is the odd part. It returned a TTL of 255. This theoretically means that there were no hops between me (192.168.0.48) and them (7.25.212.1) which is why it also shows as "1" in the traceroute result.

2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
Now this packet shows a TTL of 254. This is exactly what you'd expect assuming that it sent it's packet initially with a TTL of 255 minus the 1 hop to reach me = 254.

3. the third packet has a TTL of 253... 255 minus 2 hops = 253 ...



So here it is. I tried with many tools, at different Rogers network and they all show the same result. It makes no sense to receive a packet from DISANET given the reason i just explained. This packet should no exist...

I will do more traffic analysis tonight when i get home and update you with my findings. For those who are interrested I can send you some pcaps and logs to help me figure this thing out.


Any other ideas ?