[AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

Aqius aqius at lavabit.com
Mon Jun 25 11:13:13 EST 2012 

Assuming results are on the money (which seems fair - someone's even tested
it with the same phone and found behaviour only effects the Telstra sim), I
honestly can't see how this would be for tracking purposes.

 

There are so many smarter and easier ways. So I either embrace the tin foil
hat, and say NSA, but then it apparently doesn't happen on https, so that's
a bit weak. The only other angle I can think of is a desire to fulfil a
legal requirement and prove what is accessed ala RIAA or some such.

 

PS. There is a chopper here now too!!! ;)

 

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joshua D'Alton
Sent: Monday, 25 June 2012 10:36 AM
To: ausnog at ausnog.net"
Subject: Re: [AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

 

Yes nothing like someone not being open and honest to spoil what would
otherwise probably be a very benign and reasonable thing to do. 

On Mon, Jun 25, 2012 at 10:32 AM, Matthew Moyle-Croft <mmc at mmc.com.au>
wrote:

I can replicate it across APNs as well.   Disappointing that they're not
honest about what and why they're doing it.  Transparency isn't just for
HTTP proxying!

 

 

MMC

 

On 25/06/2012, at 9:20 AM, Eric Pinkerton wrote:

 

Ausnoggers..

 

Whilst there is a lot of tin foil hattery and other spasticity on this WP
Thread, http://forums.whirlpool.net.au/archive/1935438 - the questions it
throws up have made me curious, esp given Telstra's official response in the
following article "

 

http://www.scmagazine.com.au/News/305928,telstra-says-its-not-spying-on-user
s.aspx

 

"But in a short statement, Telstra's senior media boss Craig Middleton said
the company's wireless network management assured that "there is nothing
untoward in what the Whirlpool member has observed - it is a normal network
operation" NOTHING TO SEE HEAR MOVE ALONG.

 

In short, if you make a request to a web server on port 80 from a Telstra
mobile, you'll see a request immediately after your legit request from the
Telstra gateway that originates from a US IP address hosted at Rackspace.

 

Legit request..

58.163.xxx.xxx - - [24/Jun/2012:23:12:09 +0000] "GET /test101 HTTP/1.1" 404
464 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X)
AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206
Safari/7534.48.3"

 

Curious identical request follows.

50.57.190.97 - - [24/Jun/2012:23:12:09 +0000] "GET /test101 HTTP/1.0" 404
526 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9)
Gecko/2008052906 Firefox/3.0"

 

Whilst I accept this is probably benign, and can think of several reasons
why the output of such a process might be of value to Telstra, I find myself
less convinced than a certain senior media boss seems to be that this is "a
normal network operation". To me normal would be to say pull this info
straight from the proxy server.

 

Also, just to be awkward, I am curious as to why a cloud provider, would be
using what looks a lot like a cluster of VPS's in someone else's cloud based
out of Texas ;-)

 

Also why is there a black helicopter hovering above me?

 

So many questions..

 

Discuss!

 

 

E

 

Message protected by MailGuard: e-mail anti-virus, anti-spam and content
filtering.
http://www.mailguard.com.au/mg

 
 

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

 


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120625/5e9bbe22/attachment.html>

More information about the AusNOG mailing list