China may be spying on BC gov't

[jenai]

Today I thought I'd traceroute to B.C. Government Home - Province of British Columbia to see how well BC Systems has it secured.

I was shocked at what I found.

Right after the hop goes to an internal IP address in the 192.168.2.0 range, I get this address:

121.255.30.241

It resolved to outside of Canada in Hefei, Anhui, China.

I kid you not. gov.bc.ca is pwned by the Chinese through DNS cache poisoning.

I'm frakken appalled. Hopefully my email to the sys admin in Victoria gets through, considering the extensive packet sniffing being done in Hefei.

Oh, I don't know when I'll tell CTV if ever.

This is an internal security matter between me and Victoria.

[ebbomega]

Never struck you that it might be that your ISP isn't on the same infrastructure as the BC government web page, and the only plausible route is through China, did it?

If it's hopping to China AFTER your internal network, wouldn't that be on your ISP's side and not on the BC Gov?

[NinjaBoy]

Quote:

Originally Posted by jenai

Oh, I don't know when I'll tell CTV if ever.

Speaking as someone who works for that company, I'll let you know straight up we have an impressive team of researchers, consultants, reporters, writers and producers who are dedicated to researching stories...

...and making sure that unfounded crap like this never gets to air.

[EPID3MIK-7]

ytmnd - you're the man now dog!

[rawb]

you have taken something that doesn't make sense and then attached the most unlikely explanation to it, ever.

[Gusto]

how you came to this conclusion from running a traceroute to a webserver, i have no idea. wtf.

[NinjaBoy]

Stop thinking you are a hacker whenever you run a traceroute...

[b0ld]

another typical script kiddie / whitehat .

[G3N3R4L]

there's a sys admin in victoria right now laughing his ass off

[jenai]

yes, CTV would suppress it; it's in the pocket of the powers-that-be.

here is the traceroute that contradicts someone's explanation in the reply to my OP, cos his explanation is based on not bothering to traceroute the IP address.


---
traceroute to 142.32.252.190 (142.32.252.190), 30 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 2.977 ms 2.862 ms 2.906 ms
2 192.168.1.1 (192.168.1.1) 10.062 ms 9.575 ms 11.943 ms
3 rd1bb-ge3-0-0-3.vc.shawcable.net (64.59.159.210) 11.605 ms 23.523 ms 936.175 ms
4 rc2bb-tge0-0-0-0.vc.shawcable.net (66.163.69.141) 22.354 ms 76.469 ms 13.198 ms
5 rc2wh-tge0-7-1-0.vc.shawcable.net (66.163.69.73) 14.015 ms 16.059 ms 12.158 ms
6 pix-gw.gov.bc.ca (206.223.127.6) 14.144 ms 9.435 ms 13.905 ms
7 vanrc002.net.gov.bc.ca (142.30.231.4) 15.925 ms 27.256 ms 13.500 ms
8 vicrc004.net.gov.bc.ca (198.162.64.52) 14.956 ms 20.604 ms 13.867 ms
9 vicrr033.net.gov.bc.ca (142.32.234.36) 18.479 ms 15.770 ms 16.159 ms
10 vicgw013.net.gov.bc.ca (142.32.34.37) 17.967 ms 21.681 ms 21.884 ms
11 192.168.2.6 (192.168.2.6) 16.032 ms 16.647 ms 15.970 ms
12 121.255.30.241 (121.255.30.241) 15.440 ms 36.141 ms 16.961 ms
13 * * *

right after hop 10 it's gone off to an IP registered in China, but probably somewhere else in Victoria, due to the narrow standard deviance.

[jenai]

Quote:

Originally Posted by G3N3R4L

there's a sys admin in victoria right now laughing his ass off

actually according to his voice mail, he is on holiday pay c/o of your tax dollars until January 15. He probably took the 6 week leave started Dec. 4

[Gusto]

ISP: ANHUI PROVINCIAL EDUCATION DEPARTMENT

maybe they're training spies lol.

[rawb]

LETS PLAY INTERNET 101

Quote:

Originally Posted by jenai

yes, CTV would suppress it; it's in the pocket of the powers-that-be.

here is the traceroute that contradicts someone's explanation in the reply to my OP, cos his explanation is based on not bothering to traceroute the IP address.

LOL RITE

Quote:

---
traceroute to 142.32.252.190 (142.32.252.190), 30 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 2.977 ms 2.862 ms 2.906 ms
2 192.168.1.1 (192.168.1.1) 10.062 ms 9.575 ms 11.943 ms
3 rd1bb-ge3-0-0-3.vc.shawcable.net (64.59.159.210) 11.605 ms 23.523 ms 936.175 ms
4 rc2bb-tge0-0-0-0.vc.shawcable.net (66.163.69.141) 22.354 ms 76.469 ms 13.198 ms
5 rc2wh-tge0-7-1-0.vc.shawcable.net (66.163.69.73) 14.015 ms 16.059 ms 12.158 ms
6 pix-gw.gov.bc.ca (206.223.127.6) 14.144 ms 9.435 ms 13.905 ms
7 vanrc002.net.gov.bc.ca (142.30.231.4) 15.925 ms 27.256 ms 13.500 ms
8 vicrc004.net.gov.bc.ca (198.162.64.52) 14.956 ms 20.604 ms 13.867 ms
9 vicrr033.net.gov.bc.ca (142.32.234.36) 18.479 ms 15.770 ms 16.159 ms
10 vicgw013.net.gov.bc.ca (142.32.34.37) 17.967 ms 21.681 ms 21.884 ms

EVERYTHINGS FINE UP UNTIL HERE

Quote:

11 192.168.2.6 (192.168.2.6) 16.032 ms 16.647 ms 15.970 ms

THIS IS AN INTERNAL ADDRESS, WHICH MEANS YOU HAVE SOMETHING INTERNAL ON YOUR NETWORK REPLYING TO THIS AND FORWARDING YOU ON TO:

Quote:

12 121.255.30.241 (121.255.30.241) 15.440 ms 36.141 ms 16.961 ms
13 * * *

SO IN CLOSING, YOUR SHIT SUCKS AND THIS HAS NOTHING TO DO WITH THE BC GOVERNMENT OR THEIR ROUTING

[DefJef]

I wish I had the kinda free time that Jenai has so I could make tinfoil hats all day and worry about random traceroutes and anything else that's not important and totally out of my control.

[NinjaBoy]

Quote:

Originally Posted by jenai

yes, CTV would suppress it; it's in the pocket of the powers-that-be.

A local TV evening news is put together over the course of six hours or so...

The news director, sends his reporters to cover what he feels take priority in the news. They come back, put it together. He approves it. He doesn't contact anyone else for approval.

It goes to air.

In order for your theory, the news director (and assistant news director) has to be in the governments pocket. Although, I'm not sure which government you are accusing of controlling them, the chinese or the BC...

So there's two people that they have to buy off. Then add in all the other stations in Vancouver... we're at six. Oh, for the hell of it lets add the major cities as well. That's probably about fifteen for the sake of arguement...

30 people, who are reporters for a living, being bought out by the government and turning down the opportunity to report the biggest story of their life...

Wow... a bit of a stretch...

Oh, lets also not forget the fact that there are about a hundred stations in each province...

So now we're at 200 people in this province, or 2000 people across Canada....

You're trying to convince me that out of 2000 reporters nobody would report this?

[tiedye]

Quote:

Originally Posted by jenai

This is an internal security matter between me and Victoria.

This is mint!

[jenai]

oh, on an OT note I lost my mobile 15 minutes ago near Church's, probably in the parking lot south of the building.

or, it could be stuck under the car seat of the roomie's. hmm time to SMS it.

i wonder where my stereo bluetooth receiver is...

[NinjaBoy]

Church/Russian conspiracy obviously.

[SEAN!]

Quote:

Originally Posted by jenai

oh, on an OT note I lost my mobile 15 minutes ago near Church's, probably in the parking lot south of the building.

or, it could be stuck under the car seat of the roomie's. hmm time to SMS it.

i wonder where my stereo bluetooth receiver is...

there are people who are willing to live with you?

[jenai]

Quote:

Originally Posted by rawb

LETS PLAY INTERNET 101



LOL RITE



EVERYTHINGS FINE UP UNTIL HERE



THIS IS AN INTERNAL ADDRESS, WHICH MEANS YOU HAVE SOMETHING INTERNAL ON YOUR NETWORK REPLYING TO THIS AND FORWARDING YOU ON TO:




SO IN CLOSING, YOUR SHIT SUCKS AND THIS HAS NOTHING TO DO WITH THE BC GOVERNMENT OR THEIR ROUTING

The internal address is outside the gateway in Victoria, which means it's within that area. The IP address may be administered by what APNIC says it is, but the DNS cache poisoner is in Victoria, because the ping response times are under 50 mS.

192.168.2.6 indicates that the GW in hop 10 is compromised.

[rawb]

Quote:

Originally Posted by jenai

The internal address is outside the gateway in Victoria, which means it's within that area. The IP address may be administered by what APNIC says it is, but the DNS cache poisoner is in Victoria, because the ping response times are under 50 mS.

192.168.2.6 indicates that the GW in hop 10 is compromised.

I AM REALLY GOING TO LOVE HOW YOU ARE GOING TO EXPLAIN HOW YOU ARE GETTING TRACEROUTE REPLIES FROM AN INTERNAL IP IN VICTORIA.

[ebbomega]

Quote:

Originally Posted by b0ld

another typical script kiddie / whitehat .

script kiddies and whitehats are two completely different things.

Whitehats are actually hackers.

[lildonkey]

isn't whitehat legit practices and blackhat shady practices, with greyhat being in the middle?

wait... anyways..... jenai you are a fucking idiot, get some help.

[ebbomega]

Quote:

Originally Posted by jenai

The internal address is outside the gateway in Victoria, which means it's within that area. The IP address may be administered by what APNIC says it is, but the DNS cache poisoner is in Victoria, because the ping response times are under 50 mS.

192.168.2.6 indicates that the GW in hop 10 is compromised.

You don't understand.

The only way you'll be able to talk to a 192.168.x.x address is if it is in YOUR LAN. If you were to ping such an address (essentially what tracert does) then your ISP would recognize it as a private IP and wouldn't route it at all.

What is most likely your problem is that your own computer (or router) is compromised and is bouncing traffic that hits the next hop on tracert to china. But if this was happening on the victoria end, it would NOT be showing a 192.168.x.x address. At all.

Sorry, you're the one that's being spied on by China, not the government.

[ebbomega]

Quote:

Originally Posted by lildonkey

isn't whitehat legit practices and blackhat shady practices, with greyhat being in the middle

Yup. Script kiddies, on the other hand, are just a form of cracker that doesn't really care so much about how things work but instead focuses on amassing as many exploits as possible and using them to compromise people's systems.

I've never heard of a whitehat script kiddie.