[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Linux-aus] bigpond now uses proxy servers to spy on 'us'
- To: abuse@telstra.com, abuse@bigpond.com, darlug@darlug.org, linux-aus@lists.linux.org.au, ntnmail@ntn.newsltd.com.au, infocomm@nt.gov.au, privacy@privacy.gov.au, minister@dcita.gov.au, newswatch@ninemsn.com.au
- Subject: [Linux-aus] bigpond now uses proxy servers to spy on 'us'
- From: "Rohan M." <rohbags@purplesock.net.au>
- Date: Tue Jul 4 02:14:04 2006
- Importance: High
- List-archive: <http://lists.linux.org.au/archives/linux-aus/>
- List-help: <mailto:linux-aus-request@lists.linux.org.au?subject=help>
- List-id: Linux Australia <linux-aus.lists.linux.org.au>
- List-post: <mailto:linux-aus@lists.linux.org.au>
- List-subscribe: <http://lists.linux.org.au/listinfo/linux-aus>, <mailto:linux-aus-request@lists.linux.org.au?subject=subscribe>
- List-unsubscribe: <http://lists.linux.org.au/listinfo/linux-aus>, <mailto:linux-aus-request@lists.linux.org.au?subject=unsubscribe>
- Sender: linux-aus-admin@lists.linux.org.au
- User-agent: SquirrelMail/1.4.6
To whom it may concern,
I would like Telstra/Bigpond to please explain why in the last 48 hours or
so they have installed proxy servers on behalf of "akamai technologies"
which is now routing all of my http (web) traffic through these proxy
servers. I presume at very least all of Darwin's broadband traffic is also
routed through these proxies.
Please see the following which support my claims:
I noticed traffic was a little slow, domain name requests were happening
lighting fast as normal but waiting for responses from web servers was a
little longer than normal. A quick netstat set off my paranoia...
C:\Documents and Settings\rohbags>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3260 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3261 0.0.0.0:0 LISTENING
TCP 10.0.0.220:139 0.0.0.0:0 LISTENING
TCP 10.0.0.220:1126 10.0.0.250:5050 ESTABLISHED
TCP 10.0.0.220:1398 207.68.178.16:80 TIME_WAIT
TCP 10.0.0.220:1402 61.9.129.145:80 ESTABLISHED
TCP 10.0.0.220:1403 216.74.132.12:80 TIME_WAIT
TCP 10.0.0.220:1404 216.74.132.12:80 TIME_WAIT
TCP 10.0.0.220:1405 61.9.129.145:80 ESTABLISHED
TCP 10.0.0.220:1410 61.9.129.152:80 ESTABLISHED
TCP 10.0.0.220:1411 61.9.129.152:80 ESTABLISHED
TCP 10.0.0.220:1418 61.9.193.134:80 ESTABLISHED
TCP 10.0.0.220:1419 61.9.209.161:80 ESTABLISHED
TCP 10.0.0.220:1421 216.180.238.201:80 ESTABLISHED
TCP 10.0.0.220:1481 63.88.212.82:80 TIME_WAIT
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1046 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1047 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1086 127.0.0.1:1087 ESTABLISHED
TCP 127.0.0.1:1087 127.0.0.1:1086 ESTABLISHED
TCP 127.0.0.1:1123 127.0.0.1:1124 ESTABLISHED
TCP 127.0.0.1:1124 127.0.0.1:1123 ESTABLISHED
TCP 127.0.0.1:10110 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1027 *:*
UDP 0.0.0.0:1038 *:*
UDP 0.0.0.0:1129 *:*
UDP 0.0.0.0:1141 *:*
UDP 0.0.0.0:4500 *:*
UDP 10.0.0.220:123 *:*
UDP 10.0.0.220:137 *:*
UDP 10.0.0.220:138 *:*
UDP 10.0.0.220:1900 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1044 *:*
UDP 127.0.0.1:1900 *:*
Notice the 61.9.*.*:80 servers (which are the proxies). These are telstra
IP blocks but they resolve to *.deploy.akamaitechnologies.com
In the above example I was visiting sites like cnn.com, ninemsn.com.au,
nytimes.com and its obvious that I was not directly hitting those servers.
Example of domain name resolve:
C:\Documents and Settings\rohbags>tracert 61.9.129.145
Tracing route to a-61-9-129-145.deploy.akamaitechnologies.com [61.9.129.145]
over a maximum of 30 hops:
1 <1 ms 1 ms <1 ms 10.0.0.254
2 46 ms 46 ms 48 ms 172.18.113.5
3 80 ms 75 ms 75 ms 172.18.72.22
4 123 ms 108 ms 98 ms
a-61-9-225-200.deploy.akamaitechnologies.com [61.9.225.200]
5 46 ms 50 ms 57 ms
GigabitEthernet3-4.way21.Adelaide.telstra.net [165.228.106.13]
6 79 ms 72 ms 69 ms
GigabitEthernet11-0.fli-core1.Adelaide.telstra.net [203.50.119.129]
7 91 ms 98 ms 92 ms
Pos-channel1.lon-core3.Melbourne.telstra.net [203.50.6.177]
8 197 ms 142 ms 157 ms
TenGigabitEthernet8-1.exi1.Melbourne.telstra.net [203.50.80.11]
9 191 ms 180 ms 167 ms bpber001.lnk.telstra.net [139.130.0.14]
10 237 ms 246 ms 251 ms
a-61-9-129-145.deploy.akamaitechnologies.com [61.9.129.145]
Trace complete.
WOW - notice even a traceroute to 61.9.129.145 still routes me through
61.9.225.200 (akamaitechnologies.com)
Something Else I found concerning was that one of the IPs seen in the
netstat above, resolved to the following:
C:\Documents and Settings\rohbags>tracert 63.88.212.82
Tracing route to statse.webtrendslive.com [63.88.212.82]
over a maximum of 30 hops:
1 1 ms <1 ms 1 ms 10.0.0.254
2 47 ms 46 ms 47 ms 172.18.113.5
^C
WTF? web trends live??
OK, now look at this site:
http://www.akamai.com/en/html/services/web_analytics.html
See what web trends live does!!
Telstra you arseholes how dare you invade my privacy like that!
This is completely unacceptable!
To further support my claim, here are reverse trace routes taken from
online services.
>From t1shopper.com (ICMP ping):
Tracing route to 61.9.228.254 ...
1 161.58.14.161 (161.58.14.161) 0.413 ms 0.256 ms 0.236 ms
2 ge-1-1-0-278.r00.stngva01.us.wh.verio.net (204.2.123.185) 5.508 ms
0.311 ms 0.278 ms
3 vl-5.r01.stngva01.us.bb.gin.ntt.net (129.250.27.190) 0.290 ms 0.293
ms 0.283 ms
4 xe-1-2-0.r20.asbnva01.us.bb.gin.ntt.net (129.250.2.84) 0.388 ms
0.380 ms 0.375 ms
5 p16-0.uunet.asbnva01.us.bb.gin.ntt.net (129.250.9.70) 1.717 ms 1.725
ms 1.707 ms
6 0.so-5-0-0.XL2.DCA5.ALTER.NET (152.63.43.178) 1.713 ms 1.701 ms
1.768 ms
7 0.so-6-0-0.CL2.LAX15.ALTER.NET (152.63.10.222) 73.127 ms 73.209 ms
106.622 ms
8 POS7-0.GW2.LAX15.ALTER.NET (152.63.117.85) 73.186 ms 73.115 ms
73.165 ms
9 reach-gw.customer.alter.net (63.114.60.62) 73.344 ms 73.336 ms
73.264 ms
10 i-3-0.wil-core02.net.reach.com (202.84.251.173) 73.203 ms 73.159 ms
73.483 ms
11 i-5-0.syd-core03.net.reach.com (202.84.143.230) 266.627 ms 266.556
ms 266.452 ms
12 10GigabitEthernet2-0.oxf-core1.Sydney.telstra.net (203.50.13.29)
267.279 ms 267.301 ms 267.334 ms
13 Bundle-Ether2.chw-core2.Sydney.telstra.net (203.50.6.1) 268.479 ms
269.509 ms 268.545 ms
14 Bundle-POS1.exi-core1.Melbourne.telstra.net (203.50.6.14) 298.709 ms
283.954 ms 282.622 ms
15 Pos7-0.way-core4.Adelaide.telstra.net (203.50.6.190) 295.344 ms
295.506 ms 295.436 ms
16 TenGigabitEthernet9-1.way18.Adelaide.telstra.net (203.50.120.28)
296.284 ms 296.238 ms 296.214 ms
17 telstr419.lnk.telstra.net (165.228.106.78) 296.220 ms 296.374 ms
296.315 ms
18 a-61-9-225-197.deploy.akamaitechnologies.com (61.9.225.197) 296.281
ms 296.248 ms 296.426 ms
19 * * *
20 * * *
>From ringofsaturn.com (TCP ping):
Tracerouting to 61.9.228.254 using TCP packets...
1 L300.VFTTP-04.DLLSTX.verizon-gni.net (72.64.77.1) 10.012 ms 9.480 ms
9.902 ms
2 P1-3.LCR-03.DLLSTX.verizon-gni.net (130.81.37.32) 9.854 ms 9.240 ms
9.912 ms
3 so-6-0-0-0.PEER-RTR1.DFW80.verizon-gni.net (130.81.17.173) 9.878 ms
10.080 ms 9.982 ms
4 POS2-0.GW10.DFW9.ALTER.NET (152.63.97.57) 9.906 ms 9.189 ms 9.940 ms
5 0.so-3-1-0.XT2.DFW9.ALTER.NET (152.63.101.134) 9.921 ms 9.157 ms
9.919 ms
6 0.so-5-0-0.CL2.LAX15.ALTER.NET (152.63.115.201) 42.412 ms 41.768 ms
42.388 ms
7 POS7-0.GW2.LAX15.ALTER.NET (152.63.117.85) 42.470 ms 41.835 ms
42.398 ms
8 reach-gw12.customer.alter.net (157.130.247.158) 42.415 ms 41.698 ms
42.430 ms
9 unknown.net.reach.com (202.84.251.165) 42.412 ms 41.830 ms 42.339 ms
10 i-9-1.syd-core03.net.reach.com (202.84.144.62) 239.909 ms 236.929 ms
239.910 ms
11 10GigabitEthernet2-0.oxf-core1.Sydney.telstra.net (203.50.13.29)
337.405 ms 381.560 ms 379.920 ms
12 Bundle-Ether2.chw-core2.Sydney.telstra.net (203.50.6.1) 242.474 ms
241.937 ms 242.325 ms
13 Bundle-POS1.exi-core1.Melbourne.telstra.net (203.50.6.14) 254.924 ms
254.419 ms 254.936 ms
14 Pos7-0.way-core4.Adelaide.telstra.net (203.50.6.190) 267.443 ms
266.887 ms 267.449 ms
15 TenGigabitEthernet9-1.way18.Adelaide.telstra.net (203.50.120.28)
267.383 ms 266.762 ms 267.440 ms
16 telstr419.lnk.telstra.net (165.228.106.78) 267.355 ms 266.792 ms
267.247 ms
17 a-61-9-225-196.deploy.akamaitechnologies.com (61.9.225.196) 267.453
ms 266.873 ms 267.444 ms
18 * * *
19 CPE-61-9-228-254.sa.bigpond.net.au (61.9.228.254) [open] 317.591 ms
329.461 ms 362.344 ms
Both of the above reverse traceroutes show these akamai tech servers are
at the closest point to bigpond customers, not bigpond sites!
This, in my mind, proves that this system (web trends live) is installed
and used solely for collecting traffic stats on Bigpond customers, which
means bigpond now know every single site you visit and the way they are
forcing all www traffic through these systems means there is no way around
it.
Due to the extreme breach of privacy, I am making this email public domain
for all to see. Not only has this email been forwarded to
abuse@bigpond.com and abuse@telstra.com, but I will also forward this to
my local LUG and LA, as well as the local and national newspapers and
media sources, the NT information commissioner, the DCITA and the TIO.
This is completely unacceptable and someone's head should roll for this!!
Within the next 12 to 24 hours I will have all available documentation and
evidence uploaded to www.purplesock.net.au/bigpond/ and hopefully some of
the other techies in Darwin can check to see if they too are being
forwarded to these akamai servers.
This calls for a class action in my opinion, so much for freedom eh?!
To further support my claim that these systems have only recently been
introduced, please see the following:
On the 20th of June this year, my speedstream 4200 adsl modem rebooted 6
or 7 times from 7:30am till 11:33am that day. I contacted Bigpond and on
the next day (21st) techs came out and replaced the modem with another
ss4200. The new ss4200 had the latest firmware (less than 4 weeks old) and
this firmware had a nasty bug that blocked data-port access while FTP'ing.
I almost couldn't believe it myself until I was able to replicate the bug
and then told a rep from bigpond how to replicate it so they knew it was a
bug.
The rep from bigpond emailed me some different versions of firmware for
the ss4200 and I was able to FTP again. Eventually, on Monday the 26th,
techies came out once again and replaced the ss4200 with a speedtouch 530,
a much better modem, and all overheating/rebooting/drop-out issues are
gone.
Anyway, the point of telling you all this, is that between the 20th and
the 26th of June I was doing some extensive debugging of my network and
ISP connection, and have all the traceroute logs etc that I sent to
bigpond back then. This is only a week or so ago, and there were NO akamai
servers showing in any traceroutes back then, but now they are
everywhere!!!
Maybe this has something to do with the 'major infrastructure' upgrade
that took place between 6am and 11:30 am on the 22nd of June, which gave
all of Darwin REAL dsl speeds for the first time ever (previous to that
all GameArena servers were minimum of 250ms away, with my gateway being
180ms away located in Adelaide. Now GameArena servers are 70ms away, and
my gateway is just 40ms away - a big difference).
So was this upgrade due to the adsl2+ roll out in 2 months, or are there
other reasons?
Is this a nation wide 'customer spying' thing? ...just what the hell are
bigpond up to?
Obviously I'm passionate about mine and others privacy on the net. As a IT
professional who commonly works with network and Internet security issues,
I must say that I am disgusted with Bigponds actions in regards to this
matter, and I have not seen an ISP lower themselves to these standards
since Eisa (now non existing ISP) spy-ed on their customers back in 1999
before they were brought out by ozemail.
The next question is what do we (the people) do now?
Firstly, these "Akamai Technologies" servers MUST be disabled INSTANTLY. I
refuse to use my ADSL connection while I know Bigpond are spying on me,
that being said I will be seeking compensation from Bigpond for loss of
income until my ADSL connection has been returned to its original
non-intrusive setup.
I strongly suggest all other bigpond customers in Darwin (or anywhere else
this is happening!) to do the same. At the moment we have no idea what
Telstra are doing with the information they collect - or even if they own
it! After all Akamai is based in MI, USA, and are not an Australian
company at all.
Secondly, ...who knows, but i think its time for the community to act as a
whole and put a end to this once and for all, we have rights but if we
don't fight for them they will slowly take them from us.
Please forward this email on to as many bigpond customers that you can,
and if you know a good lawyer forward to them too please :)
Regards,
Rohan Murch.
--
Manager
~PurpleSock~
Email: rohbags@purplesock.net.au
Ph: (08) 8945 7705
Fax: (08) 8945 7710
Mob: 0407 277 775
PS: I spent the last 2.5 hours researching the above facts and figures to
make sure I am 110% correct before going pubic with this claim. I urge all
other techies out there to check their own connection for these proxies
and let me know if you see akamai servers on your route.