[Linux-aus] bigpond now uses proxy servers to spy on 'us'

Rohan M. rohbags at purplesock.net.au
Tue Jul 4 02:14:04 UTC 2006 

To whom it may concern,

I would like Telstra/Bigpond to please explain why in the last 48 hours or
so they have installed proxy servers on behalf of "akamai technologies"
which is now routing all of my http (web) traffic through these proxy
servers. I presume at very least all of Darwin's broadband traffic is also
routed through these proxies.

Please see the following which support my claims:

I noticed traffic was a little slow, domain name requests were happening
lighting fast as normal but waiting for responses from web servers was a
little longer than normal. A quick netstat set off my paranoia...

C:\Documents and Settings\rohbags>netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3260           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3261           0.0.0.0:0              LISTENING
  TCP    10.0.0.220:139         0.0.0.0:0              LISTENING
  TCP    10.0.0.220:1126        10.0.0.250:5050        ESTABLISHED
  TCP    10.0.0.220:1398        207.68.178.16:80       TIME_WAIT
  TCP    10.0.0.220:1402        61.9.129.145:80        ESTABLISHED
  TCP    10.0.0.220:1403        216.74.132.12:80       TIME_WAIT
  TCP    10.0.0.220:1404        216.74.132.12:80       TIME_WAIT
  TCP    10.0.0.220:1405        61.9.129.145:80        ESTABLISHED
  TCP    10.0.0.220:1410        61.9.129.152:80        ESTABLISHED
  TCP    10.0.0.220:1411        61.9.129.152:80        ESTABLISHED
  TCP    10.0.0.220:1418        61.9.193.134:80        ESTABLISHED
  TCP    10.0.0.220:1419        61.9.209.161:80        ESTABLISHED
  TCP    10.0.0.220:1421        216.180.238.201:80     ESTABLISHED
  TCP    10.0.0.220:1481        63.88.212.82:80        TIME_WAIT
  TCP    127.0.0.1:1031         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1046         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1047         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1086         127.0.0.1:1087         ESTABLISHED
  TCP    127.0.0.1:1087         127.0.0.1:1086         ESTABLISHED
  TCP    127.0.0.1:1123         127.0.0.1:1124         ESTABLISHED
  TCP    127.0.0.1:1124         127.0.0.1:1123         ESTABLISHED
  TCP    127.0.0.1:10110        0.0.0.0:0              LISTENING
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1027           *:*
  UDP    0.0.0.0:1038           *:*
  UDP    0.0.0.0:1129           *:*
  UDP    0.0.0.0:1141           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    10.0.0.220:123         *:*
  UDP    10.0.0.220:137         *:*
  UDP    10.0.0.220:138         *:*
  UDP    10.0.0.220:1900        *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1044         *:*
  UDP    127.0.0.1:1900         *:*

Notice the 61.9.*.*:80 servers (which are the proxies). These are telstra
IP blocks but they resolve to *.deploy.akamaitechnologies.com

In the above example I was visiting sites like cnn.com, ninemsn.com.au,
nytimes.com and its obvious that I was not directly hitting those servers.

Example of domain name resolve:

C:\Documents and Settings\rohbags>tracert 61.9.129.145

Tracing route to a-61-9-129-145.deploy.akamaitechnologies.com [61.9.129.145]
over a maximum of 30 hops:

  1    <1 ms     1 ms    <1 ms  10.0.0.254
  2    46 ms    46 ms    48 ms  172.18.113.5
  3    80 ms    75 ms    75 ms  172.18.72.22
  4   123 ms   108 ms    98 ms 
a-61-9-225-200.deploy.akamaitechnologies.com [61.9.225.200]
  5    46 ms    50 ms    57 ms 
GigabitEthernet3-4.way21.Adelaide.telstra.net [165.228.106.13]
  6    79 ms    72 ms    69 ms 
GigabitEthernet11-0.fli-core1.Adelaide.telstra.net [203.50.119.129]
  7    91 ms    98 ms    92 ms 
Pos-channel1.lon-core3.Melbourne.telstra.net [203.50.6.177]
  8   197 ms   142 ms   157 ms 
TenGigabitEthernet8-1.exi1.Melbourne.telstra.net [203.50.80.11]
  9   191 ms   180 ms   167 ms  bpber001.lnk.telstra.net [139.130.0.14]
 10   237 ms   246 ms   251 ms 
a-61-9-129-145.deploy.akamaitechnologies.com [61.9.129.145]

Trace complete.

WOW - notice even a traceroute to 61.9.129.145 still routes me through
61.9.225.200 (akamaitechnologies.com)

Something Else I found concerning was that one of the IPs seen in the
netstat above, resolved to the following:

C:\Documents and Settings\rohbags>tracert 63.88.212.82

Tracing route to statse.webtrendslive.com [63.88.212.82]
over a maximum of 30 hops:

  1     1 ms    <1 ms     1 ms  10.0.0.254
  2    47 ms    46 ms    47 ms  172.18.113.5
^C

WTF? web trends live??

OK, now look at this site:
http://www.akamai.com/en/html/services/web_analytics.html

See what web trends live does!!

Telstra you arseholes how dare you invade my privacy like that!

This is completely unacceptable!


To further support my claim, here are reverse trace routes taken from
online services.

More information about the linux-aus mailing list