www.nettime.org
Nettime mailing list archives

<nettime> IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?
R. A. Hettinga on Wed, 29 Aug 2001 12:56:44 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?


     [via <tbyfield {AT} panix.com>; orig to <dcsb {AT} ai.mit.edu>]

--- begin forwarded text [headited  {AT}  nettime]

Date: Wed, 29 Aug 2001 07:38:38 +1000
To: ip-sub-1 {AT} majordomo.pobox.com
From: David Farber <dave {AT} farber.net>
Subject: IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?

<x-flowed>
>From: "mobythor" <mobythor {AT} fuckmicrosoft.com>
>To: <farber {AT} eff.org>
>
>
>U.S. DoD looking for pro-Sklyarov pages?
>(english)
>by Mark Bialkowski
>4:26pm Mon Aug 27 '01
><mailto:mbialkowski {AT} home.com>mbialkowski {AT} home.com
>For some reason, U.S. Department of Defense machines are searching the web
>for pages related to Dmitry Sklyarov, the latest victim of the
>DMCA.  Webmasters: check your logs.
>Early Sunday morning, long before dawn, I glanced through the results
>Webalizer pumped out for my Code Red-tainted web access logs. In the
>section on hits by region, there was a tiny chunk of hits from US military
>(.mil) hosts.  Intrigued, I located the specific hostnames. Only two hosts
>accounted for the 47 recorded hits existing in my logs:
>
>
>198.26.123.36 - BU-WCS1-KELLY.NIPR.MIL
>
>198.26.123.37 - BU-WCS2-KELLY.NIPR.MIL
>The best surprises were yet to come.  Searching through my logs using the
>wonderful Unix tool grep for the aforementioned IPs produced the following
>results:
>
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:36 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:47 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:49 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:32 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:40 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:56 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:57 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:12 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [09/Aug/2001:16:33:30 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:51 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:28 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:48 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:35:11 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [11/Aug/2001:20:35:42 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:36 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:39 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:04 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:34 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:13 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:16 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:10 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:11 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:42 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:48:14 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:21 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:24 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:37 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:38 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:04 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:05 -0400] "GET /adobe.html HTTP/1.0"
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:10 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:32 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:33 -0400] "GET /adobe.html HTTP/1.0"
>200 2128 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:36 -0400] "GET /data/files/defcon.ppt
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [26/Aug/2001:00:19:19 -0400] "GET /robots.txt HTTP/1.0"
>404 337 "-" "Inktomi Search"
>
>For the confused, each line above can be read as:
>IP.address - - [Day/Month/Year:hour:minute:second -time zone] "File
>accessed" "-" "User agent"
>NIPR.mil hosts weren't just spidering my site, they were specifically
>looking for three files:
>
>robots.txt, a file that, if it exists, tells web spiders what to avoid.
>
>adobe.html, my small page on the Dmitry Sklyarov arrest.
>
>defcon.ppt, my copy of Sklyarov's presentation on Adobe eBook "security"
>The spiders completely ignored my copy of Adobe PDF Processor.  I don't
>know why.
>
>
>For more info on Dmitry Sklyarov, see freesklyarov.org, and keep in mind
>the known players in that case; Adobe and the Department of Justice.
>
>
>Further research through my four weeks of back logs showed those two
>machines to be the only ones with "Inktomi Search" user agents. Inktomi
>"develops and markets network infrastructure software essential for global
>enterprises and service providers." [1]  Government organizations
>currently using Inktomi's products include "Argonne National Laboratory,
>Federal Communications Commission (FCC), Library of Congress, National
>Oceanic and Atmospheric Administration (NOAA), a division of the U.S.
>Department of Commerce, the U.S. Department of Energy, U.S. Department of
>Veterans Affairs, and the U.S Department of Agriculture [...] U.S.
>Department of State, U.S. Department of the Interior, U.S. Department of
>Commerce, U.S. Department of Transportation, U.S. Department of Education,
>U.S. Department of the Navy and the Executive Office of the President." [2]
>
>
>NIPR belongs to none of the above groups.  NIPR.mil is the Network
>Operations Center for the U.S. Department of Defense, a division of the
>Defense Information Systems Agency. [3]  The particular machines that my
>spider hits came from are housed at Kelly AFB in Texas. [4]
>
>
>
>All of this leads to a single question... why are Department of Defense
>computers being used to search for pages on the Sklyarov/Adobe case and
>Sklyarov's presentation?
>
>
>I encourage webmasters hosting pages about Dmitry, and copies of the
>PowerPoint presentation, to check their logs for hits from the 198.25.0.0
>- 198.26.255.255 netblock; this is the block controlled by NIPR.  I'm
>specifically interested in hits from Inktomi Search spiders, looking for
>files related to Sklyarov.  I want to find out how widespread this
>activity is, and I intend to find out for what purpose this searching is
>taking place.
>
>
>-Mark Bialkowski
>
>
>[1] Inktomi's front page
>[2] Press release: "Inktomi Delivers Award-Winning Search Technology to
>Government Organizations," Aug. 20, 2001
>
>
>[3] <http://www.carnicom.com>www.carnicom.com, "NIPR Activity Increases"
>
>
>[4] Information from tin.nu WHOIS server gateway

For archives see: http://www.interesting-people.org/
</x-flowed>

--- end forwarded text

-- 
-----------------
R. A. Hettinga <mailto: rah {AT} ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net