| R. A. Hettinga on Wed, 29 Aug 2001 12:56:44 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| <nettime> IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages? |
[via <tbyfield@panix.com>; orig to <dcsb@ai.mit.edu>]
--- begin forwarded text [headited @ nettime]
Date: Wed, 29 Aug 2001 07:38:38 +1000
To: ip-sub-1@majordomo.pobox.com
From: David Farber <dave@farber.net>
Subject: IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?
<x-flowed>
>From: "mobythor" <mobythor@fuckmicrosoft.com>
>To: <farber@eff.org>
>
>
>U.S. DoD looking for pro-Sklyarov pages?
>(english)
>by Mark Bialkowski
>4:26pm Mon Aug 27 '01
><mailto:mbialkowski@home.com>mbialkowski@home.com
>For some reason, U.S. Department of Defense machines are searching the web
>for pages related to Dmitry Sklyarov, the latest victim of the
>DMCA. Webmasters: check your logs.
>Early Sunday morning, long before dawn, I glanced through the results
>Webalizer pumped out for my Code Red-tainted web access logs. In the
>section on hits by region, there was a tiny chunk of hits from US military
>(.mil) hosts. Intrigued, I located the specific hostnames. Only two hosts
>accounted for the 47 recorded hits existing in my logs:
>
>
>198.26.123.36 - BU-WCS1-KELLY.NIPR.MIL
>
>198.26.123.37 - BU-WCS2-KELLY.NIPR.MIL
>The best surprises were yet to come. Searching through my logs using the
>wonderful Unix tool grep for the aforementioned IPs produced the following
>results:
>
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:36 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:47 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:49 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:32 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:40 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:56 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:57 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:12 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [09/Aug/2001:16:33:30 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:51 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:28 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:48 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:35:11 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [11/Aug/2001:20:35:42 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:36 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:04 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:34 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:13 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:16 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:10 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:11 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:42 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:48:14 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:21 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:24 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:37 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:38 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:04 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:05 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:10 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:32 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:33 -0400] "GET /adobe.html HTTP/1.0"
>200 2128 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:36 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [26/Aug/2001:00:19:19 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>
>For the confused, each line above can be read as:
>IP.address - - [Day/Month/Year:hour:minute:second -time zone] "File
>accessed" "-" "User agent"
>NIPR.mil hosts weren't just spidering my site, they were specifically
>looking for three files:
>
>robots.txt, a file that, if it exists, tells web spiders what to avoid.
>
>adobe.html, my small page on the Dmitry Sklyarov arrest.
>
>defcon.ppt, my copy of Sklyarov's presentation on Adobe eBook "security"
>The spiders completely ignored my copy of Adobe PDF Processor. I don't
>know why.
>
>
>For more info on Dmitry Sklyarov, see freesklyarov.org, and keep in mind
>the known players in that case; Adobe and the Department of Justice.
>
>
>Further research through my four weeks of back logs showed those two
>machines to be the only ones with "Inktomi Search" user agents. Inktomi
>"develops and markets network infrastructure software essential for global
>enterprises and service providers." [1] Government organizations
>currently using Inktomi's products include "Argonne National Laboratory,
>Federal Communications Commission (FCC), Library of Congress, National
>Oceanic and Atmospheric Administration (NOAA), a division of the U.S.
>Department of Commerce, the U.S. Department of Energy, U.S. Department of
>Veterans Affairs, and the U.S Department of Agriculture [...] U.S.
>Department of State, U.S. Department of the Interior, U.S. Department of
>Commerce, U.S. Department of Transportation, U.S. Department of Education,
>U.S. Department of the Navy and the Executive Office of the President." [2]
>
>
>NIPR belongs to none of the above groups. NIPR.mil is the Network
>Operations Center for the U.S. Department of Defense, a division of the
>Defense Information Systems Agency. [3] The particular machines that my
>spider hits came from are housed at Kelly AFB in Texas. [4]
>
>
>
>All of this leads to a single question... why are Department of Defense
>computers being used to search for pages on the Sklyarov/Adobe case and
>Sklyarov's presentation?
>
>
>I encourage webmasters hosting pages about Dmitry, and copies of the
>PowerPoint presentation, to check their logs for hits from the 198.25.0.0
>- 198.26.255.255 netblock; this is the block controlled by NIPR. I'm
>specifically interested in hits from Inktomi Search spiders, looking for
>files related to Sklyarov. I want to find out how widespread this
>activity is, and I intend to find out for what purpose this searching is
>taking place.
>
>
>-Mark Bialkowski
>
>
>[1] Inktomi's front page
>[2] Press release: "Inktomi Delivers Award-Winning Search Technology to
>Government Organizations," Aug. 20, 2001
>
>
>[3] <http://www.carnicom.com>www.carnicom.com, "NIPR Activity Increases"
>
>
>[4] Information from tin.nu WHOIS server gateway
For archives see: http://www.interesting-people.org/
</x-flowed>
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
# archive: http://www.nettime.org contact: nettime@bbs.thing.net