Friday, 17 February 2012

Stop This Amateur IP Tracing Bullshit Now


It all started with the Ottawa Citizen, and it is spreading like a mindless virus designed to kill intelligence!!!!!

What do we know with a high degree of certainty? That the Ottawa Citizen managed to get someone with access to the mailbox ( associated with the @vikileaks30 twitter account to click a link. This link went to a website the Ottawa Citizen controlled and they were able to capture the IP address used to connect to the link.

This is where things start to go down hill...

The IP address used is one of a block of IP addresses where the "House of Commons" is in the "Who Is" record for that IP block. The actual registrant is the "Government of Canada/Gouvernement du Canada".

What does that mean exactly? It means that the Government of Canada owns a range of IP addresses, and has assigned them purportedly (though not necessarily exclusively) to be used by Parliament. Does this mean that all of those IPs are actively being used within the "House Of Commons"? No it does not. Other than common sense, how do I know this? I can prove it. The website for the Parliament of Canada, resolves to one of these IP addresses:

According to the logic circulating out there "an Ottawa Citizen investigation traced the Twitter account to a House of Commons IP address...All the services identified the address as belonging to the Government of Canada — and specifically the House of Commons." the server or servers hosting this website are somewhere in the House of Commons. Under John Baird's seat maybe? In the Prime Minister's office? No. These servers will be in one of the data centres hosting servers and services for the Government of Canada. The way networks can extend for thousands of kilometers, that data centre could be in Prince George, British Columbia for all we know.

Unless someone is willing to share a detailed Government of Canada network diagram, we have absolutely no clue where a computer behind any IP address physically resides. It literally can be anywhere in the world where telecommunication networks extend to. Just because the IP "Who is" record says "House Of Commons", it does not restrict or require that those IP addresses only be used within the "House of Commons". It is entirely possible that the computer that connected to that twitter account was also in another city in this vast country of ours. How can someone do work for the Parliament of Canada and be in say, Canmore Alberta? It is called "tele-commuting."

Next is the even worse tripe also constantly being repeated: "The Citizen found the IP address was also used to update Wikipedia articles often giving them what appears to be a pro-NDP bias, actions that have attracted the attention of numerous Internet observers in recent months."

Any private entity that manages a large private network will share public IP addresses with hundreds, or even thousands of computers. This is called Network Address Translation, or NAT for short. If private entities didn't use NAT (specifically "Hide Mode Nat"), the world would have run out of IPv4 addresses about a decade ago. I can guarantee you that at any given moment that IP address the Ottawa Citizen recorded is being used right now by several hundred devices. Simultaneously.

The only thing we know about this IP address is the following:
1) It is owned by the Government of Canada
2) It can be used by anyone in the employ of, contracted to do services for, or is a guest of the Government of Canada

That's it. We don't know anything else. Anything more than that is rampant speculation.


Anonymous said...

And what about IP address spoofing?

Catelli said...

That would be highly unlikely. You can only spoof communications between two IP addresses if you are already on the same IP subnet/network as the IP address you are trying to spoof. There would be as much point to spoofing a public shared IP address as there would be to trying to steal air outside my window.

Anonymous said... has been thrown out as the ip in question. See what you can dig up on it....
Bottom line the Ottawa Citizen is flawed in their investigation.

Anonymous said...

[q]Anything more than that is rampant speculation. [/q]

Or as the CPC likes to call it - the facts

Anonymous said...

Excellent explanation by the way.

Catelli said...

Why thank-you. When I type in a furious red-hazed rage, I fear that what I write is completely incomprehensible.

sassy said...

I second what Anon at 4:27 said, and add thanks for the clarity.

karen said...

"When I type in a furious red-hazed rage, I fear that what I write is completely incomprehensible."

Fear not. That was entirely comprehensible and enlightening. Thank you.

Luna said...

Yup. I took an IP address of an email from a box I received that I *know* originates in an Environment Canada office in BC. The lookup simply shows that the IP is registered to Environment Canada in Ottawa. No reference to anything else.

Nick Fillmore said...

All very interesting. Bulldog Baird sure jumped quick and hard to damn the NDP -- wanting to get the story into the media -- which he did. It is all messy.

But I don't care even if someone associated with the NDP started this. Toews behaviour was deplorable - changing the name of the bill at the last minute and then saying people who oppsed the bill supported child molesters!

The evil little man behind all of this, has some evil thoughts that we need to be very worried about: