John Chamberlain
Developer Diary
 Developer Diary · You Heard It Here First · Tuesday 20 January 2004
Is ATT / Comcast Spying on Me?
Am I just paranoid or is ATT / Comcast spying on me? Why is there a mysterious machine on my internet loop?

Last week I was getting noticeable lag on my supposed internet cable connection and wierd behaviour like a lot of DNS timeouts and lost packets. So I did a trace route with the following results typical:

C:\>tracert cnn.com

Tracing route to cnn.com [64.236.24.28]
over a maximum of 30 hops:

  1    10 ms    10 ms   <10 ms  10.217.48.1
  2    20 ms    10 ms    10 ms  bar01-p5-2.ntckhe1.ma.attbb.net [24.147.0.157]
  3    10 ms    10 ms    10 ms  bic01-d2-0.ndhmhe1.ma.attbb.net [24.91.0.173]
  4     *       10 ms    10 ms  12.125.33.33
  5    10 ms    10 ms    10 ms  gbr1-p60.cb1ma.ip.att.net [12.123.40.138]
  6     *       10 ms    20 ms  tbr1-p013402.cb1ma.ip.att.net [12.122.5.53]
  7     *       10 ms    20 ms  tbr2-cl1.n54ny.ip.att.net [12.122.10.22]
  8    10 ms    20 ms    10 ms  ggr2-p390.n54ny.ip.att.net [12.123.3.62]
  9    40 ms    20 ms    10 ms  att-gw.ny.aol.net [192.205.32.218]
 10    80 ms    20 ms    10 ms  bb2-nye-P1-0.atdn.net [66.185.151.66]
 11    20 ms    20 ms    20 ms  bb2-vie-P8-0.atdn.net [66.185.152.201]
 12     *       20 ms    20 ms  bb1-vie-P11-0.atdn.net [66.185.152.206]
 13    30 ms    30 ms    30 ms  bb1-cha-P7-0.atdn.net [66.185.152.28]
 14    30 ms    40 ms    40 ms  bb1-atm-P6-0.atdn.net [66.185.152.182]
 15     *        *       30 ms  pop1-atl-P4-0.atdn.net [66.185.136.17]
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
[...rest omitted (behind firewall) so no icmp]
Trace complete.

Look at machines #4 and #9. Kind of suspicious looking huh? Especially #4 which is reverse DNS cloaked. Last week #4 was timing out consistently and I was thinking it was the source of the lag. Of course, it may have just been the extreme cold. In any case I did a port scan on #4 (12.125.33.33) and the profile it put up was Windows. In fact it was exposing port 445. This port is only found on Windows 2000 machines. Since this machine is considerably upstream from me it must be intercepting large groups of customers, like everybody in the county. The likelihood seems to be it is a gigantic Windows 2000 Server box.

Now if I were the suspicious type I would be asking why is there a Windows box on my internet loop? You would only need such a box if you were reading the contents of packets. Not delivering packets--reading and probably storing them. Am I sounding paranoid yet?

I thought so too, but then I did a web search and came up with scary headlines like Comcast Sued for Net Spying and Comcast Admits to Spying on Customers. Maybe I'm not so paranoid after all. All your base belong to us man. Every web site I visit is being tracked by ATT / Comcast! Service people I call about this machine are completely clueless so basically it is me naked and helpless against the evil dalek number 12.125.33.33.

Help!

return to John Chamberlain's home · diary index
Developer Diary · about · info@johnchamberlain.com · bio · Revised 20 January 2004 · Pure Content