It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
U.S Military Spying on Canadian ?
page: 15
share:
I'm sorry if it gets technical but last night, I found maybe evidences that the U.S, more specifically the Defense Information Systems Agency is
spying on us here in Canada and maybe Rogers is involved Here's what I found.
I currently live in Ottawa, Canada and I use Rogers cable as my ISP (Internet Service Provider). When doing a traceroute for google.com (72.14.204.99), notice the first hop I get:
$tracepath -n 72.14.204.99
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
3: 66.185.81.77 (ROGERS-CABLE-BACKBONE ) 33.461ms
4: 69.63.250.154 (ROGERS-CABLE) 36.092ms asymm 5
...
Essentially what this does is trace the path your traffic takes to reach its destination, in this case google.com (72.14.204.99).
Notice what my first hop is ? I did a lookup on 7.25.212.1 and turns out it belongs to DISA, or the Defense Information Systems Agency.
I've been working as a network security analyst for a few years now and it's the first time I see something like this. I tried the same command on all my roomates computer and I get the same result. I then asked two friends to do the same command and none of them received the same result as me (they both are in Canada but none of them are using Rogers).
Next thing I tried is to connect to my neighbor's wireless router (and she's also a Rogers customer) and funny enough, there was that 7.25.212.1 IP again. It's the first time I actually notice this so I have no idea for how long this has been happening.
Today I called Rogers to have more explanation. I first talked to a nice lady who completely reseted my modem from distance and there it was again, 7.25.212.1. After putting me on hold for about 15 minutes, she came back with no explanation and told me to go to the closest Rogers store and have my modem replaced. I told her that this is completely unacceptable and that I needed an explanation for this. After being transfered to a a few departments, I finally spoke to a guy who asked me the same questions... put me on hold for a little while, comes back with no more information and asks me to send an email to some Rogers' department.
I then tried to do more troubleshooting cuz it's starting to freak me out. I tried to reach different servers in different countries (Canada, US, China, Brazil, Russia) and everytimes, the first hop is that DISA IP address.
Here are a few programs under DISA. (SIPRNET, NIPRNET, RACE, Forge.mil). It's worth noting that SIPRNET, which stands for Secret Internet Protocol Router Network, is supposed to be one of their top secret network. In fact, this is the network that Bradley Manning got all is information from.
Take a look at this article .
So now I'm asking everybody on ATS to do these steps:
Windows
Open a command prompt (Start/Run/ and type "cmd")
Do a traceroute for any server you want by using the command tracert ("tracert -d google.com")
Do a lookup for the few first IPs you get. For me it was the 1st hop.
Take that IP and look it up on a site like www.robtex.com or www.dshield.org
You'll see to which organization it belongs to.
Linux
I'm sure if you're using linux you probably know how do to a tracepath. Refer to me example above.
or
type in a terminal: tracepath -n google.com
And let's see how many people have answers from DISA.
I currently live in Ottawa, Canada and I use Rogers cable as my ISP (Internet Service Provider). When doing a traceroute for google.com (72.14.204.99), notice the first hop I get:
$tracepath -n 72.14.204.99
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
3: 66.185.81.77 (ROGERS-CABLE-BACKBONE ) 33.461ms
4: 69.63.250.154 (ROGERS-CABLE) 36.092ms asymm 5
...
Essentially what this does is trace the path your traffic takes to reach its destination, in this case google.com (72.14.204.99).
Notice what my first hop is ? I did a lookup on 7.25.212.1 and turns out it belongs to DISA, or the Defense Information Systems Agency.
I've been working as a network security analyst for a few years now and it's the first time I see something like this. I tried the same command on all my roomates computer and I get the same result. I then asked two friends to do the same command and none of them received the same result as me (they both are in Canada but none of them are using Rogers).
Next thing I tried is to connect to my neighbor's wireless router (and she's also a Rogers customer) and funny enough, there was that 7.25.212.1 IP again. It's the first time I actually notice this so I have no idea for how long this has been happening.
Today I called Rogers to have more explanation. I first talked to a nice lady who completely reseted my modem from distance and there it was again, 7.25.212.1. After putting me on hold for about 15 minutes, she came back with no explanation and told me to go to the closest Rogers store and have my modem replaced. I told her that this is completely unacceptable and that I needed an explanation for this. After being transfered to a a few departments, I finally spoke to a guy who asked me the same questions... put me on hold for a little while, comes back with no more information and asks me to send an email to some Rogers' department.
I then tried to do more troubleshooting cuz it's starting to freak me out. I tried to reach different servers in different countries (Canada, US, China, Brazil, Russia) and everytimes, the first hop is that DISA IP address.
Here are a few programs under DISA. (SIPRNET, NIPRNET, RACE, Forge.mil). It's worth noting that SIPRNET, which stands for Secret Internet Protocol Router Network, is supposed to be one of their top secret network. In fact, this is the network that Bradley Manning got all is information from.
Take a look at this article .
So now I'm asking everybody on ATS to do these steps:
Windows
Open a command prompt (Start/Run/ and type "cmd")
Do a traceroute for any server you want by using the command tracert ("tracert -d google.com")
Do a lookup for the few first IPs you get. For me it was the 1st hop.
Take that IP and look it up on a site like www.robtex.com or www.dshield.org
You'll see to which organization it belongs to.
Linux
I'm sure if you're using linux you probably know how do to a tracepath. Refer to me example above.
or
type in a terminal: tracepath -n google.com
And let's see how many people have answers from DISA.
EVERY powerful nation is spying on EVERY other nation of any worth whatsoever... so while I doubt a lot of spying is being done in Ethiopia or
Zimbabwe, you can be DAMN certain that not only the USA but also China, Russia, Israel, Japan, England, and countless other countries are spying on
Canada 24 hours a day, 7 days a week.
Same goes for ANY other powerful country.
Edit: Hell, I MET a Mossad agent right here on American soil and he was so courteous and polite I barely even minded it.
Same goes for ANY other powerful country.
Edit: Hell, I MET a Mossad agent right here on American soil and he was so courteous and polite I barely even minded it.
edit on 10/7/2011 by
DieBravely because: (no reason given)
If I was you I would edit out your PC's IP addressing of you post...
I agree with you. That's why I need other people from ATS to try these steps and check if lots of people see the same thing. If they do, this becomes
a proof that they are really spying instead of just saying "I'm sure the government spies on us".
they probably want to see who and what we are saying about the occupy wall street movement as well as making lists of political activists who are
opposed to the tar sands projects as well as fracting for natural gas 2 of which is their main source of fuels now...yes Canada is now on the US oil
hit list check what haarper did in 2008 which gives them the power to invade us without any opposition or consent we all know how well CIA can stage
civil unrest in any city now www.canada.com...
strange that OP's traceroute counts 1,1,1,2,3,4... is thast normal for Linux ?
mine counts 1,2,3,4,5 etc
also i would like to point out that an IP is just a number, and you need to know exactly at which point a DNS name resolution gives a correct result, meaning: if you configure your internal network to use the 7.25.212.xxx segment, you are free to do so, as is your local cable provider, who may use the segment in question routing the traffic between your cable-modem and its own hardware PRIOR letting your traffic out into the www
your trace does not know wether traffic is routed this way, instead it simply asks the known DNS servers for any IP it got aware of. and as long such an internal routing is active those segments are not booked into the DNS system cause they would collide with the official user.
maybe your cable provider does not follow specific guidelines in number usage
defined here www.iana.org...
mine counts 1,2,3,4,5 etc
also i would like to point out that an IP is just a number, and you need to know exactly at which point a DNS name resolution gives a correct result, meaning: if you configure your internal network to use the 7.25.212.xxx segment, you are free to do so, as is your local cable provider, who may use the segment in question routing the traffic between your cable-modem and its own hardware PRIOR letting your traffic out into the www
your trace does not know wether traffic is routed this way, instead it simply asks the known DNS servers for any IP it got aware of. and as long such an internal routing is active those segments are not booked into the DNS system cause they would collide with the official user.
maybe your cable provider does not follow specific guidelines in number usage
defined here www.iana.org...
edit on 7-10-2011 by TMJ1972 because: added possible explanation
Originally posted by revs0lution
Notice what my first hop is ? I did a lookup on 7.25.212.1 and turns out it belongs to DISA, or the Defense Information Systems Agency.
DISA is not an intelligence agency and does not collect communications intelligence. When the US government wants internet traffic, they tell the NSA to collect it, and NSA gets it directly from black chambers in major service providers. They don't appear on a traceroute because they're tapping the signal, not acting as an intermediate. When the NSA wants to know what you're doing, you won't know about it.
Here are a few programs under DISA. (SIPRNET, NIPRNET, RACE, Forge.mil). It's worth noting that SIPRNET, which stands for Secret Internet Protocol Router Network, is supposed to be one of their top secret network. In fact, this is the network that Bradley Manning got all is information from.
SIPRNET isn't top secret. It only goes to secret.
First, try alternate programs---traceroute on linux and others, could be a bug in the tracing program.
Then log on to your router's or modem's config page (may be 192.168.0.1 or something like that). Look at what it is getting for default gateway.
If you have a DSL or cable then your first physical hop has to be on your provider's network no matter what (laws of physics). I wonder if the provider has some misconfiguration and the provider is lying about it's IP and providing something bad via DHCP.
If you had traffic going into DISA, I think it's more likely they would complain that you are messing up their network. DISA is the phone company and internet provider for the US military.
I actually doubt you are really getting packets going to real DISA networks.
Then log on to your router's or modem's config page (may be 192.168.0.1 or something like that). Look at what it is getting for default gateway.
If you have a DSL or cable then your first physical hop has to be on your provider's network no matter what (laws of physics). I wonder if the provider has some misconfiguration and the provider is lying about it's IP and providing something bad via DHCP.
If you had traffic going into DISA, I think it's more likely they would complain that you are messing up their network. DISA is the phone company and internet provider for the US military.
I actually doubt you are really getting packets going to real DISA networks.
edit on 7-10-2011 by mbkennel because: (no reason given)
Hey op, I live in England . I have used your steps given and nothing out of the ordinary here. Happy days
Here are my results (rogers is my ISP):
NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
OriginAS:
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent:
NetType: Direct Allocation
RegDate: 1997-11-24
Updated: 2006-04-28
Ref: whois.arin.net...
OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
RegDate:
Updated: 2011-08-17
Ref: whois.arin.net...
OrgAbuseHandle: REGIS10-ARIN
OrgAbuseName: Registration
OrgAbusePhone: +1-800-365-3642
OrgAbuseEmail: [email protected]
OrgAbuseRef: whois.arin.net...
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: [email protected]
OrgTechRef: whois.arin.net...
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-614-692-2708
OrgTechEmail: [email protected]
OrgTechRef: whois.arin.net...
And just to make sure they are giving correct results, I went to www.cqcounter.com... and got the same result!!
SOB!
NetRange: 7.0.0.0 - 7.255.255.255
CIDR: 7.0.0.0/8
OriginAS:
NetName: DISANET7
NetHandle: NET-7-0-0-0-1
Parent:
NetType: Direct Allocation
RegDate: 1997-11-24
Updated: 2006-04-28
Ref: whois.arin.net...
OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
RegDate:
Updated: 2011-08-17
Ref: whois.arin.net...
OrgAbuseHandle: REGIS10-ARIN
OrgAbuseName: Registration
OrgAbusePhone: +1-800-365-3642
OrgAbuseEmail: [email protected]
OrgAbuseRef: whois.arin.net...
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: [email protected]
OrgTechRef: whois.arin.net...
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-614-692-2708
OrgTechEmail: [email protected]
OrgTechRef: whois.arin.net...
And just to make sure they are giving correct results, I went to www.cqcounter.com... and got the same result!!
SOB!
reply to post by revs0lution
I'm with Rogers too. I looked it up in the links you provided and it gave me Rogers 3 times and Google 3 times. However when I looked up the first number on the WhoIs site, it says DISANET7
I'm with Rogers too. I looked it up in the links you provided and it gave me Rogers 3 times and Google 3 times. However when I looked up the first number on the WhoIs site, it says DISANET7
I knew it!!!! They're after our BACON!!!!!!
[atsimg]http://files.abovetopsecret.com/images/member/933c5b277b77.gif[/atsimg]
[atsimg]http://files.abovetopsecret.com/images/member/933c5b277b77.gif[/atsimg]
edit on 7-10-2011 by Tasty Canadian because: Just couldn't help
myself.
I just ran some tests, found nothing suspicious. I'm on Telus though, not Rogers.
I think the OP is on to something though...
I think the OP is on to something though...
After doing a little bit of research, I went to three of my friends who have Rogers. Some of them use Linux as computer.. other uses Windows and did
trace from their computers. I also brought my own laptop to do tests. Everytime I did a traceroute or tracepath, I got that 7.25.212.1 address. To
those who mentionned that it might have done a DNS query before, well no it can't be because i'm using the IP directly and not a domain name for my
test. My default route points to my gateway (192.168.0.1) in my case and I did not configure any route to go to 7.25.212.x. I did check my modem's
gateway and it points to a Rogers IP. There are no reason for this answer from DISANET. So from there I started to capture packets...
I did tests with tools like firewalk and tcptraceroute which allow you to sent TCP traffic on the Internet using port 21,22,23,25,53,80 and by setting the TTL to "1" and then "2" and so on .... This simulates normal traffic instead of just ICMP just in case the ISP uses some ACL on their core routers.
Essentially what this does is to send a packet to the destination IP I want with a TTL value of "1". The rules are that for every hop, the router that gets the packet have to decrease the TTL by 1. When reaching a TTL of 0, the router is forced to answer with a ICMP type 11 (TTL exceeded) which reveals the route it took. If you try this several times, you might get different routes depending on the traffic load on the core routers.
What the pcap revealed is kinda odd. To come back to my traceroute example :
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
3: 66.185.81.77 (ROGERS-CABLE-BACKBONE ) 33.461ms
4: 69.63.250.154 (ROGERS-CABLE) 36.092ms asymm 5
...
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
This is the first packet sent, with a TTL of 1.
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
This is the odd part. It returned a TTL of 255. This theoretically means that there were no hops between me (192.168.0.48) and them (7.25.212.1) which is why it also shows as "1" in the traceroute result.
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
Now this packet shows a TTL of 254. This is exactly what you'd expect assuming that it sent it's packet initially with a TTL of 255 minus the 1 hop to reach me = 254.
3. the third packet has a TTL of 253... 255 minus 2 hops = 253 ...
So here it is. I tried with many tools, at different Rogers network and they all show the same result. It makes no sense to receive a packet from DISANET given the reason i just explained. This packet should no exist...
I will do more traffic analysis tonight when i get home and update you with my findings. For those who are interrested I can send you some pcaps and logs to help me figure this thing out.
Any other ideas ?
I did tests with tools like firewalk and tcptraceroute which allow you to sent TCP traffic on the Internet using port 21,22,23,25,53,80 and by setting the TTL to "1" and then "2" and so on .... This simulates normal traffic instead of just ICMP just in case the ISP uses some ACL on their core routers.
Essentially what this does is to send a packet to the destination IP I want with a TTL value of "1". The rules are that for every hop, the router that gets the packet have to decrease the TTL by 1. When reaching a TTL of 0, the router is forced to answer with a ICMP type 11 (TTL exceeded) which reveals the route it took. If you try this several times, you might get different routes depending on the traffic load on the core routers.
What the pcap revealed is kinda odd. To come back to my traceroute example :
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
3: 66.185.81.77 (ROGERS-CABLE-BACKBONE ) 33.461ms
4: 69.63.250.154 (ROGERS-CABLE) 36.092ms asymm 5
...
1: 192.168.0.48 (my home laptop) 0.355ms pmtu 1500
This is the first packet sent, with a TTL of 1.
1: 7.25.212.1 (DISANET7) 12.883ms
1: 7.25.212.1 11.441ms
This is the odd part. It returned a TTL of 255. This theoretically means that there were no hops between me (192.168.0.48) and them (7.25.212.1) which is why it also shows as "1" in the traceroute result.
2: 66.185.91.181 (ROGERS-CABLE-BACKBONE) 14.401ms
Now this packet shows a TTL of 254. This is exactly what you'd expect assuming that it sent it's packet initially with a TTL of 255 minus the 1 hop to reach me = 254.
3. the third packet has a TTL of 253... 255 minus 2 hops = 253 ...
So here it is. I tried with many tools, at different Rogers network and they all show the same result. It makes no sense to receive a packet from DISANET given the reason i just explained. This packet should no exist...
I will do more traffic analysis tonight when i get home and update you with my findings. For those who are interrested I can send you some pcaps and logs to help me figure this thing out.
Any other ideas ?
Originally posted by FurvusRexCaeli
You're right on this, it is not in intelligence agency. The Defense Information Systems Agency (DISA) is a United States Department of Defense agency that provides information technology (IT) and communications support to the President, Vice President, Secretary of Defense, the military Services, and the Combatant Commands.
It is still an agency under the DoD. They might not do intelligence but are certainly involved in IT and network communication.
Again, you're right.
I guess my point is that I might have jumped too quickly to a conclusion by saying they might be spying on us. I still haven't found a logical explanation as to why i'm seeing a response from them 1st.
DISA is not an intelligence agency and does not collect communications intelligence. When the US government wants internet traffic, they tell the NSA to collect it, and NSA gets it directly from black chambers in major service providers. They don't appear on a traceroute because they're tapping the signal, not acting as an intermediate. When the NSA wants to know what you're doing, you won't know about it.
You're right on this, it is not in intelligence agency. The Defense Information Systems Agency (DISA) is a United States Department of Defense agency that provides information technology (IT) and communications support to the President, Vice President, Secretary of Defense, the military Services, and the Combatant Commands.
It is still an agency under the DoD. They might not do intelligence but are certainly involved in IT and network communication.
SIPRNET isn't top secret. It only goes to secret.
Again, you're right.
I guess my point is that I might have jumped too quickly to a conclusion by saying they might be spying on us. I still haven't found a logical explanation as to why i'm seeing a response from them 1st.
reply to post by Tasty Canadian
Thanks for the LOL..
Its all about Canadian bacon.
That being said, the PP was right, NSA collects the info. And if an agency is going to bother spying on an ally, they would hide that reroute.
Thanks for the LOL..
Its all about Canadian bacon.
That being said, the PP was right, NSA collects the info. And if an agency is going to bother spying on an ally, they would hide that reroute.
edit on 8-10-2011 by nixie_nox because: (no reason given)
Parts of that 7.*.*.* are non-routed (note not non-routable!) DoD keep them reserved behind their firewalls, so they aren't really in the "publicly addressable" IP address space. You can't get a routing to DoD machines in that address space. Rumour has it that Rogers ran out of non-routable IP address space! (Rogers, unlike the American ISPs) run a unified network rather than a geographically segregated network which means that each non-routable IP address is unique in its entire geography, so they can run out! Rumour also has it that they went to IANA and DoD and got permission to use the non-routed parts of the 7.* address space if it's not routed out of Rogers networks. Sketchy but until IP V6 comes along, all kinds of bandaid solutions are coming along to problems like this.
Source
Found this in a forum. Although it's not a definitive answer, it's entirely possible.
Always fun to debunk your own theories.
reply to post by revs0lution
traceroute www.google.ca
traceroute to www.google.ca (74.125.91.104), 30 hops max, 60 byte packets
1 7.9.228.1 (7.9.228.1) 27.728 ms 29.599 ms 31.391 ms
It is the Canadian government snooping on you. They used to go to a address on ns2.security.co.uk which was a improperly managed Barracuda networks server for tapping internet communications. All you had to do was reverse DNS the Server then go to the servers webbage which anounced it’s intent. Since I exposed this snooping done by the British government at Canada’s request they have asked the Americans for help. I am pleased with the new snooping setup as it does not slow down my connection like the old ns2.security.co.uk.
This is what you can expect from the Stephen Harper government.
Source:
www.disa.mil...
traceroute www.google.ca
traceroute to www.google.ca (74.125.91.104), 30 hops max, 60 byte packets
1 7.9.228.1 (7.9.228.1) 27.728 ms 29.599 ms 31.391 ms
It is the Canadian government snooping on you. They used to go to a address on ns2.security.co.uk which was a improperly managed Barracuda networks server for tapping internet communications. All you had to do was reverse DNS the Server then go to the servers webbage which anounced it’s intent. Since I exposed this snooping done by the British government at Canada’s request they have asked the Americans for help. I am pleased with the new snooping setup as it does not slow down my connection like the old ns2.security.co.uk.
This is what you can expect from the Stephen Harper government.
Source:
www.disa.mil...
edit on 15-12-2011 by Sly2k111 because: (no reason given)
new topics
-
What Am I Hearing
General Chit Chat: 7 hours ago
top topics
-
A Bunch of Maybe Drones Just Flew Across Hillsborough County
Aircraft Projects: 13 hours ago, 7 flags -
Who's coming with me?
General Conspiracies: 14 hours ago, 4 flags -
What Am I Hearing
General Chit Chat: 7 hours ago, 1 flags
active topics
-
A Bunch of Maybe Drones Just Flew Across Hillsborough County
Aircraft Projects • 20 • : network dude -
Who's coming with me?
General Conspiracies • 31 • : putnam6 -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3634 • : angelchemuel -
Will all hell break out? Jersey drones - blue beam
Aliens and UFOs • 41 • : angelchemuel -
Drones everywhere in New Jersey
Aliens and UFOs • 72 • : ufoorbhunter -
What Am I Hearing
General Chit Chat • 3 • : theatreboy -
And Here Come the Excuses!!
General Conspiracies • 160 • : Lazy88 -
Rant. I am sick of people saying the police are revenue raising.
Rant • 10 • : PorkChop96 -
From the MUSK-RAMASWAMY Department of Government Efficiency commission - DOGE.
Above Politics • 62 • : Irishhaf -
Remember These Attacks When President Trump 2.0 Retribution-Justice Commences.
2024 Elections • 98 • : WeMustCare
5