BlueWolf's Howl

« Back on the horse | Bluewolf's Howl | Upside Down »

January 04, 2003

The Dallas Police

If you've read The Tommyknockers by Stephen King, you know that "The Dallas Police" have nothing to do with Dallas itself (or any police force in Texas). Some people see The Dallas Police everywhere. And, yes, there are those who snoop invade our computers (or cyberspace) for a myriad of reasons. Many of those reasons are to sell us something. Some are more malicious or ominous. Regardless, paranoia can sometimes be a humorous happening.

Network administrators set a lot of automatic pings, probes and the like. Some are set up for defense of a network, others are used to make the network appear to respond faster. One of the "smoke and mirrors" tactics that is used relates to caching web pages. There are many places that use a caching proxy for web access. Many military sites use such a proxy for their sites. This equipment keeps track of frequently visited sites and automatically refreshes the cached page before you ask for it -- so that when you go to CNN's site in the morning to read the news, the page pops up quicker. It's faster because you're getting the page from the proxy's cache (locally) instead of trying to fight for bandwidth at 8am with every other Internet user. Pretty nifty, eh?

This has some side effects. Naturally, in order to serve up the most current version of the page, the proxy has to go to the page and put it in its cache. CNN never notices. Smaller sites (with site stats) sometimes notice. Since it's not a user going there, the stats may show things like "Operating System : Unknown" or "Browser : Netscape 3.01" or other such oddities. It looks like stealth - in reality, it's only just a little technomagic.

Another "automatic" thing that some sites (including military sites) employ relates to IP lookup and authentication. Encryption is considered a weapon (munition) and is regulated by the government. When you go to Microsoft or Netscape to download their latest browser with 128-bit encryption (in the US), the site has to look at your IP address and insure that it is from a block that is registered as "used in the US." If you are from outside the US, you have to download and install the 56-bit encryption version. So the site has to validate your IP address to insure that you download the appropriate version (and they comply with the current laws and regulations).

Security needs dictate that anyone trying to explore or break into your network is logged. Some administrators try to gather as much information about the attacker as possible. Sometimes people wander in (or try to explore) areas that are not allowed - or not allowed from certain IP addresses. Attacks (real and imagined) are normally investigated.

Knowing all these things... (and yes, it's a bit oversimplified for discussion's sake) I run across a post on a bulletin board about an Air Force site: "there closing this month but... i was probed by a kelly afb mil ip address in the 198 range last night. The government accessed my computer illegaly."

Now, I don't know any of the particulars about this "probe," and this guy's computer may have been probed by an overzealous security geek... However, I doubt that the military has the time or the inclination to "probe" some user's computer. (Although, I did wonder what some person from South Africa was doing keeping up with the US Air Force's CERT site...)

OMG... I'm The Dallas Police!

Posted by BlueWolf on January 4, 2003 11:09 PM