[UFO Chicago] [greg@kroah.com: [CrackMonkey] [dave@farber.net: IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages?]]

Peter A. Peterson II pedro@tastytronic.net
Wed, 29 Aug 2001 00:00:40 -0500 

Get this.

Chicago is no exception to this trend. My machines have been spidered
too. And they weren't interested in just Dmitry, either...

wcs3-cbus.nipr.mil - - [28/Aug/2001:14:01:03 -0500] "GET /ufo.html HTTP/1.0" 200 3767
wcs3-cbus.nipr.mil - - [28/Aug/2001:14:01:10 -0500] "GET /directions.html HTTP/1.0" 200 8248
wcs3-cbus.nipr.mil - - [28/Aug/2001:14:02:13 -0500] "GET /history.html HTTP/1.0" 200 6869
bu-wcs3-kelly.nipr.mil - - [28/Aug/2001:15:37:04 -0500] "GET /robots.txt HTTP/1.0" 404 -
bu-wcs3-kelly.nipr.mil - - [28/Aug/2001:15:37:06 -0500] "GET /free-sklyarov/chicago-protest-information.txt HTTP/1.0" 200 8830

Notice those top three entries. They have also perused the pictures on
two-bit. I just hope they pick nice looking ones for my file.

Peter

----- Forwarded message from Greg KH <greg@kroah.com> -----

From: Greg KH <greg@kroah.com>
To: crackmonkey@crackmonkey.org
Date: Tue, 28 Aug 2001 14:47:13 -0700

The wonders of grep...


----- Forwarded message from David Farber <dave@farber.net> -----

Date: Wed, 29 Aug 2001 07:38:38 +1000
From: David Farber <dave@farber.net>
To: ip-sub-1@majordomo.pobox.com
Subject: IP: U.S. DoD [seems to be djf] looking for pro-Sklyarov pages? 


>From: "mobythor" <mobythor@fuckmicrosoft.com>
>To: <farber@eff.org>
>
>
>U.S. DoD looking for pro-Sklyarov pages? 
>(english)
>by Mark Bialkowski
>4:26pm Mon Aug 27 '01
><mailto:mbialkowski@home.com>mbialkowski@home.com
>For some reason, U.S. Department of Defense machines are searching the web 
>for pages related to Dmitry Sklyarov, the latest victim of the 
>DMCA.  Webmasters: check your logs.
>Early Sunday morning, long before dawn, I glanced through the results 
>Webalizer pumped out for my Code Red-tainted web access logs. In the 
>section on hits by region, there was a tiny chunk of hits from US military 
>(.mil) hosts.  Intrigued, I located the specific hostnames. Only two hosts 
>accounted for the 47 recorded hits existing in my logs:
>
>
>198.26.123.36 - BU-WCS1-KELLY.NIPR.MIL
>
>198.26.123.37 - BU-WCS2-KELLY.NIPR.MIL
>The best surprises were yet to come.  Searching through my logs using the 
>wonderful Unix tool grep for the aforementioned IPs produced the following 
>results:
>
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:35 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [02/Aug/2001:13:55:39 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:27:19 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:36 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [05/Aug/2001:14:47:39 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:47 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:15:25:49 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:32 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [07/Aug/2001:16:16:40 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:56 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [08/Aug/2001:15:57:57 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:12 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [09/Aug/2001:16:33:30 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.36 - - [09/Aug/2001:16:33:51 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:28 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:34:48 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [11/Aug/2001:20:35:11 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.36 - - [11/Aug/2001:20:35:42 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [12/Aug/2001:20:55:59 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:36 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [13/Aug/2001:20:35:39 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:11:59 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:04 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [15/Aug/2001:23:12:34 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:13 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [16/Aug/2001:23:27:16 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:10 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [17/Aug/2001:23:41:11 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:39 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:47:42 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [18/Aug/2001:23:48:14 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:21 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:00:03:24 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:37 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [20/Aug/2001:23:56:38 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:04 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:05 -0400] "GET /adobe.html HTTP/1.0" 
>200 2121 "-" "Inktomi Search"
>198.26.123.37 - - [22/Aug/2001:00:11:10 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:32 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:33 -0400] "GET /adobe.html HTTP/1.0" 
>200 2128 "-" "Inktomi Search"
>198.26.123.37 - - [24/Aug/2001:00:17:36 -0400] "GET /data/files/defcon.ppt 
>HTTP/1.0" 200 139776 "-" "Inktomi Search"
>198.26.123.37 - - [26/Aug/2001:00:19:19 -0400] "GET /robots.txt HTTP/1.0" 
>404 337 "-" "Inktomi Search"
>
>For the confused, each line above can be read as:
>IP.address - - [Day/Month/Year:hour:minute:second -time zone] "File 
>accessed" "-" "User agent"
>NIPR.mil hosts weren't just spidering my site, they were specifically 
>looking for three files:
>
>robots.txt, a file that, if it exists, tells web spiders what to avoid.
>
>adobe.html, my small page on the Dmitry Sklyarov arrest.
>
>defcon.ppt, my copy of Sklyarov's presentation on Adobe eBook "security"
>The spiders completely ignored my copy of Adobe PDF Processor.  I don't 
>know why.
>
>
>For more info on Dmitry Sklyarov, see freesklyarov.org, and keep in mind 
>the known players in that case; Adobe and the Department of Justice.
>
>
>Further research through my four weeks of back logs showed those two 
>machines to be the only ones with "Inktomi Search" user agents. Inktomi 
>"develops and markets network infrastructure software essential for global 
>enterprises and service providers." [1]  Government organizations 
>currently using Inktomi's products include "Argonne National Laboratory, 
>Federal Communications Commission (FCC), Library of Congress, National 
>Oceanic and Atmospheric Administration (NOAA), a division of the U.S. 
>Department of Commerce, the U.S. Department of Energy, U.S. Department of 
>Veterans Affairs, and the U.S Department of Agriculture [...] U.S. 
>Department of State, U.S. Department of the Interior, U.S. Department of 
>Commerce, U.S. Department of Transportation, U.S. Department of Education, 
>U.S. Department of the Navy and the Executive Office of the President." [2]
>
>
>NIPR belongs to none of the above groups.  NIPR.mil is the Network 
>Operations Center for the U.S. Department of Defense, a division of the 
>Defense Information Systems Agency. [3]  The particular machines that my 
>spider hits came from are housed at Kelly AFB in Texas. [4]
>
>
>
>All of this leads to a single question... why are Department of Defense 
>computers being used to search for pages on the Sklyarov/Adobe case and 
>Sklyarov's presentation?
>
>
>I encourage webmasters hosting pages about Dmitry, and copies of the 
>PowerPoint presentation, to check their logs for hits from the 198.25.0.0 
>- 198.26.255.255 netblock; this is the block controlled by NIPR.  I'm 
>specifically interested in hits from Inktomi Search spiders, looking for 
>files related to Sklyarov.  I want to find out how widespread this 
>activity is, and I intend to find out for what purpose this searching is 
>taking place.
>
>
>-Mark Bialkowski
>
>
>[1] Inktomi's front page
>[2] Press release: "Inktomi Delivers Award-Winning Search Technology to 
>Government Organizations," Aug. 20, 2001
>
>
>[3] <http://www.carnicom.com>www.carnicom.com, "NIPR Activity Increases"
>
>
>[4] Information from tin.nu WHOIS server gateway



For archives see: http://www.interesting-people.org/

----- End forwarded message -----

_______________________________________________
CrackMonkey: Non-sequitur arguments and ad-hominem personal attacks
http://crackmonkey.org/mailman/listinfo/crackmonkey

----- End forwarded message -----

-- 
---------------------------------------------------------------------
         FREE DMITRY SKLYAROV -- http://www.freesklyarov.org/ 
         In prison for exercising his right to "fair use."