November 8, 2011

There were 3 posts published on November 8, 2011 (this is page 1 of 1).

Addressing some theories about DoD snooping

Update Nov. 10: The mystery has been solved. Sprint’s borrowing DoD IP addresses, most likely without DOD’s knowledge. It appears to be entirely harmless.

A few of my friends have weighed in with their theories as to why I was seeing my phone traffic coming from a DoD network. Many of these theories point out how the DoD is the owner of vast stretches of IP address space, many of which aren’t advertised as public routes. Some organizations treat these addresses as non-routable addresses, making it appear traffic originates from the DoD. One blogger discovered the IPs of the UK Ministry of Defence being used similarly by T-Mobile.
Continue reading

DoD IP address mysteriously unreachable

I decided to see if I could find out more about this mysterious IP address that apparently belongs to the Department of Defense.

One of the best ways to do this is to run a traceroute, which shows the path back to the IP through the Internet’s routers. I also wanted to see if I could find any evidence that my router or my ISP’s router was compromised or broken.

Performing a traceroute from my home computer to the IP provides me this output:

root@maestro:# traceroute 28.191.58.169
traceroute to 28.191.58.169 (28.191.58.169), 30 hops max, 60 byte packets
1 wireless.tonsler (192.168.3.252) 0.971 ms 1.419 ms 1.634 ms
2 user-0c2h181.cable.mindspring.com (24.40.133.1) 14.064 ms 13.993 ms 24.788 ms
3 66.26.46.13 (66.26.46.13) 18.689 ms 18.942 ms 19.029 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *

It’s not unusual that the traceroute dies on the way back: many hosts and/or networks go down and the packet trace stops. However, it is interesting that the traceroute dies on Time Warner’s network. That last router, 66.26.46.13, belongs to Road Runner:
Continue reading

Why is the Defense Department snooping on my phone?

Update Nov 9 11:00 AM. Mystery solved! Sprint is apparently squatting on the DoD addresses, using them for their internal phone network. Sprint understandably wants to firewall these phones from the wild and wooly Internet, so it NATs the phone traffic from these supposedly-private IPs to the phone’s public IP address. SIP packets have the internal IP embedded in them, however, and aren’t easily NATted. This address slipped through Sprint’s firewall, causing me alarm (fortunately undue alarm!)

Break out your tinfoil hats because this will blow your mind.

I found something quite disturbing today while trying to get my Virgin Mobile LG Optimus V phone talking completely through Voice-Over-IP (VoIP). For reasons not entirely clear yet, I discovered that voice packets from my phone are being routed to an IP address belonging to the Department of Defense.

Some background

I had long been a “dumb phone” kind of guy when it comes to mobile phones but finally bit the bullet and got an Android phone from Virgin Mobile when the right plan came along. I am also a VoIP enthusiast and have been sending phone calls over the Internet for almost ten years now. I’m also a cheapskate, so naturally when I got my Android phone one of the first things I wanted to do was to figure out how to make calls with it completely over VoIP – using my unlimited data plan instead of burning my limited voice minutes. That’s what hackers do, you know.
Continue reading