[AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

Eric Pinkerton Eric.Pinkerton at stratsec.net
Mon Jun 25 09:50:00 EST 2012


Whilst there is a lot of tin foil hattery and other spasticity on this WP Thread, http://forums.whirlpool.net.au/archive/1935438 - the questions it throws up have made me curious, esp given Telstra's official response in the following article "


"But in a short statement, Telstra's senior media boss Craig Middleton said the company's wireless network management assured that "there is nothing untoward in what the Whirlpool member has observed - it is a normal network operation" NOTHING TO SEE HEAR MOVE ALONG.

In short, if you make a request to a web server on port 80 from a Telstra mobile, you'll see a request immediately after your legit request from the Telstra gateway that originates from a US IP address hosted at Rackspace.

Legit request..
58.163.xxx.xxx - - [24/Jun/2012:23:12:09 +0000] "GET /test101 HTTP/1.1" 404 464 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"

Curious identical request follows... - - [24/Jun/2012:23:12:09 +0000] "GET /test101 HTTP/1.0" 404 526 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0"

Whilst I accept this is probably benign, and can think of several reasons why the output of such a process might be of value to Telstra, I find myself less convinced than a certain senior media boss seems to be that this is "a normal network operation". To me normal would be to say pull this info straight from the proxy server.

Also, just to be awkward, I am curious as to why a cloud provider, would be using what looks a lot like a cluster of VPS's in someone else's cloud based out of Texas ;-)

Also why is there a black helicopter hovering above me?

So many questions....


Message  protected by MailGuard: e-mail anti-virus, anti-spam and content filtering.http://www.mailguard.com.au/mg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120625/41b4359d/attachment.html>

More information about the AusNOG mailing list