[oclug] tuesday afternoon rant about the FBI and an isp
draven at distmirr.com
Mon Mar 19 17:08:06 EST 2001
Here's the deal. I, like many of you on this list and other tech
savy/hax0r's, can't stand child pornography. I mean I hate it with a
passion. Well last night, I had one of those spells were I wanted to see
how fast I could 1) find kiddie porn and 2) find all the information I need
to take them down either by my own force, or the authorities. Being the
nice person I am (smile), I first did a whois on them. Got all the contact
information (one even being an adult entertainment company!) I or anyone
else could want (name, address and phone number). I then did a traceroute
on the two suspects. One turned out to be in New York, the other in
Russia. After all that, I did a port scan on the sites. This is when all
hell broke loose.
I found all sorts of open goodies, telnet, wu-ftpd (smile), ssh, sunrpc
etc..etc.. I logged all of my findings (like I always do) in a simple
little text file. All the info I found, I forwarded off to the fbi and
interpoll. Never tried to take down the machines or anything (don't ask me
why... I guess I'm just a really super nice person).
Well the next day (this morning), I got an icq message from my co-worker.
The deal is, my little network is on the network of a branch of the isp I
used to work at as one of their sys admins. I'm no longer working there,
and my friend/co-worker is the owner of that office. Well he got an email
around 1am from the network admin and the owner of the isp. Apparently
they got a phone call from the FBI. Turns out, the isp is a member of some
org. (the name escapes me at this time) that works directly with the FBI.
The FBI has a port sniffer setup on the backbone for the ISP (Cable and
Wireless) and monitors EVERYTHING.
When I scanned the machine in New York, a red flag went up. When I scanned
the other machine in Russia and touched sunrpc port (a known hack acording
to the fbi), a flashing neon sign flashed up on their monitors.
The network admin disabled the route for my network. Since he didn't have
access to any of my machines, all he knew is there was some script kiddie
got access to a machine and was about to cause some hell on the network.
The owner called me to tell me what was going on (basically to give me some
extreme heat). I explained what I was doing, and he started to calm down.
He then told me that the FBI is now watching my network 24/7. And I mean
<u>everything</u>. He said if it (it meaning a portscan) happens again,
that the machine will be confiscated by the government.
What I don't understand is why wouldn't they look at what I was scanning?
If they did, they would see pictures of 10 year children being sexually
tortured. Plus, I just faxed a two page report (to the local branch) with
the information they needed to take these scum bags down, with the same IP
that I was scanning.
Now I live with the fact that every single packet that is sent to/from my
network (including this very email) is being monitored by the government
(and probably the sys admin, whom from what I can tell doesn't like me very
much for what ever reason. Can't say I blame him, however I do feel that
he doesn't take the time to think or ask questions before he acts. He
could have gone about this in a more mature way if you ask me, but we wont
get in to that.)
Anyone know what the government is using as a packet sniffer, what
techniques they use to view the packets etc..? Has anyone had a similar
It appears that the government is finally trying to take control of the one
thing that is next to impossible to take control of. Visions of a little-
person trying to grab a hold of the horns of a raging bull while wearing
all red comes to mind.
Thanks for reading this and putting up with my meaningless rant :)
More information about the OCLUG