by mogster » Sun Jun 04, 2006 11:44 am
OK. So I'm currently working on a blogpost (in Norwegian) and because my blogposts usually are 2 miles long, I'm doing a lot of research.<br>To set up a regime for systematizing the info I'm collecting, I've set up a phpBB board at my site, but closed it from outsiders by doing some ip filtering manually (the safe way - hard coded, lol).<br><br>Anyho - the blog post I'm working on contains info about the so-called Muldergate, a scandal that broke in South Africa in 1978, where it became apparent that the Ministry of Information - led by the notorious <!--EZCODE LINK START--><a href="http://www.sahistory.org.za/pages/people/rhoodie-em.htm" target="top">Eschel Rhoodie</a><!--EZCODE LINK END--> - had used a budget of more than 70 million krugerrand on information operations, propaganda, targeted at Europe, US and the Middle East.<br>An interesting story, I can tell you.<br><br>But even more interesting is this:<br>I've just picked up on this blog post yesterday after having written the start half a year ago (I needed to get hold of Rhoodie's book The Real Information Scandal in hard copy before continuing).<br>I kept working on the info during the night, and continued today as this really need to be finished now. One of the reasons I'm using the phpBB is that it has a good search function, so when I needed some info I knew I'd posted half a year ago, I just think of a key word and hit the search button.<br>Today, about 4 hours ago I wanted an article about the CIA and the media and searched for 'cia'.<br>All well and good, and I found what I was searching for, but 15 minutes ago this pops up in the (hard coded) log file for my internal board:<br><br><!--EZCODE FONT START--><span style="color:black;font-size:xx-small;">04.06.2006 16:10^24.159.240.3^Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1^/board/viewtopic.php?t=492&highlight=cia</span><!--EZCODE FONT END--><br><br>It was repeated four times.<br>The topic in question was the correct topic where my info about CIA and the media was collected, but I doubt the person got through my ip filter.<br>How can this be? I'm behind a firewall, and the site is placed on a server in a DMZ on the same FW. When I post to my site, I could go directly to it by typing the int. ip adress but I prefer to go by domain name, as the site itself is <!--EZCODE LINK START--><a href="http://www.nitrogen.no" target="top">public</a><!--EZCODE LINK END-->.<br><br>So:<br>I type a search, it goes out of my firewall to my gateway (I have a static ip), and then bounces back inside to the server inside the DMZ. When selecting the topic I wanted to see, it gave the url<br>http://www.nitrogen.no/board/viewtopic.php?t=492&highlight=cia<br>The information I was looking for was this:<br><!--EZCODE LINK START--><a href="http://www.unknownnews.net/hh030102.html" target="top">www.unknownnews.net/hh030102.html</a><!--EZCODE LINK END--><br><br>I logged onto another server not local and did a traceroute, here's the result from hop #3:<br><br><!--EZCODE FONT START--><span style="color:black;font-size:xx-small;">4 ge-0-1-1.0024.no-oslms001-pe-1.utfors.net (217.199.46.1) 1.153 ms 1.125 ms 1.001 ms<br> 5 ge-4-0-0.se-sthms001-pe-1.tu.telenor.net (212.105.101.17<!--EZCODE EMOTICON START 8) --><img src=http://www.ezboard.com/images/emoticons/glasses.gif ALT="8)"><!--EZCODE EMOTICON END--> 10.379 ms 10.445 ms 10.413 ms<br> 6 213.242.110.1 (213.242.110.1) 10.412 ms 10.499 ms 10.453 ms<br> 7 ge-0-0-0.mp1.Stockholm1.Level3.net (4.68.96.221) 8.546 ms ge-2-0-0.mp1.Stockholm1.Level3.net (4.68.125.217) 65.881 ms ge-0-0-0.mp1.Stockholm1.Level3.net (4.68.96.221) 8.508 ms<br> 8 as-0-0.bbr1.NewYork1.Level3.net (4.68.128.106) 109.021 ms 109.070 ms 108.749 ms<br> 9 * * ae-13-53.car3.NewYork1.Level3.net (4.68.97.82) 108.966 ms<br>10 192.205.33.93 (192.205.33.93) 111.386 ms att-level3-oc192.NewYork1.Level3.net (4.68.127.150) 111.597 ms 192.205.33.93 (192.205.33.93) 112.165 ms<br>11 tbr1-p012201.n54ny.ip.att.net (12.123.3.106) 136.243 ms 136.139 ms 136.084 ms<br>12 tbr1-cl14.cgcil.ip.att.net (12.122.10.2) 136.611 ms 138.551 ms 136.743 ms<br>13 gar3-p360.cgcil.ip.att.net (12.123.6.1) 134.989 ms 134.918 ms 134.991 ms<br>14 12.118.183.94 (12.118.183.94) 140.110 ms 139.624 ms 140.006 ms<br>15 172.18.97.221 (172.18.97.221) 142.265 ms 142.331 ms 141.992 ms<br>16 172.18.97.61 (172.18.97.61) 139.943 ms 140.013 ms 140.005 ms<br>17 172.18.97.102 (172.18.97.102) 139.314 ms 139.553 ms 139.518 ms<br>18 24-159-240-3.dhcp.mdsn.wi.charter.com (24.159.240.3) 148.944 ms 148.758 ms 149.127 ms</span><!--EZCODE FONT END--><br><br>How can a person in the US do a similar search by topic that I do? And so shortly after?<br>I will need to check my systems, I guess.<br><br>But how did he come by that url - by sniffing a node in the network?<br><br>Edit: typo <p></p><i>Edited by: <A HREF=http://p216.ezboard.com/brigorousintuition.showUserPublicProfile?gid=mogster@rigorousintuition>mogster</A> at: 6/4/06 9:47 am<br></i>
