Politicians and IP Addresses

With the Omnibus Crime Bill on the way, I decided to look at my blog once more. I first looked at what IP address the Canadian Parliament was using.

bowserj@parsons:~$ dig parl.gc.ca

; <<>> DiG 9.7.3 <<>> parl.gc.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;parl.gc.ca.			IN	A

;; ANSWER SECTION:
parl.gc.ca.		300	IN	A	192.197.82.36

;; Query time: 124 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 18 21:50:08 2011
;; MSG SIZE  rcvd: 44

OK, so if anyone from the House or the Senate offices reads this blog, they will be coming from the 192.197.82.0/24 subnet. Turns out that the Government of Canada does read this blog, and I used the good old swiss army knife tool to figure it out. I found the following things interesting in my current blog:

paroxysms.access.log.34.gz:192.197.82.203 - - [16/Aug/2011:18:55:08 +0000] "GET /G20ISU/A_1321.PDF HTTP/1.1" 200 334353 "http://www.mediacoop.ca/blog/infil00p/7868" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
paroxysms.access.log.34.gz:192.197.82.203 - - [16/Aug/2011:18:55:50 +0000] "GET /G20ISU/C_1321.PDF HTTP/1.1" 200 214346 "http://www.mediacoop.ca/blog/infil00p/7868" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
paroxysms.access.log.34.gz:192.197.82.203 - - [16/Aug/2011:18:56:14 +0000] "GET /G20ISU/F_1321.PDF HTTP/1.1" 200 6951607 "http://www.mediacoop.ca/blog/infil00p/7868" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
paroxysms.access.log.34.gz:192.197.82.203 - - [16/Aug/2011:19:16:31 +0000] "GET /G20ISU/F_1321.PDF HTTP/1.1" 200 6951607 "http://www.mediacoop.ca/blog/infil00p/7868" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
paroxysms.access.log.34.gz:192.197.82.203 - - [16/Aug/2011:19:19:56 +0000] "GET /G20ISU/G_1321.PDF HTTP/1.1" 200 783005 "http://www.mediacoop.ca/blog/infil00p/7868" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

This is from the G20ISU blog post that I did. I hosted the file itself on my server where I do have logs, and it seems that last month, I caught the attention of someone in the Senate or the House of Commons. This could be a low-level staffer, but I doubt it. I don't retain everything, but I do have some old logs handy, and I found this out:

192.197.82.155 - - [03/Apr/2011:21:36:09 +0000] "GET /2011/03/fadden-in-hot-water-mps-get-access-to-secrets/ HTTP/1.1" 200 6089 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; fr; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"

Someone on Parliament Hill actually read by blog post about Dick Fadden nearly getting fired, and it was someone who was using Firefox on a Mac. They also read the blog post about the RCMP all coming from the same subnet.

The thing with IP addresses is that they're very funny things. If you read Wikipedia, you can get a good idea what people are doing with them. For example, I am guessing that the IP address of 192.197.82.203 belongs to the NDP because of this Wikipedia revision:

Now, it looks like this is reverting an edit by another politician at Parliament Hill, someone at 192.197.82.153. What's funny is that unlike the RCMP, Wikipedia has caught onto this one, and every talk page has this on it:

Now, it seems that the IPs get in trouble frequently, as you can see on this talk page for 203, 153 and 155. There are a lot of MPs learning about Wikipedia revisionism in all parts of the house.

Here are two questions that I wonder about with this IP range:

  • Does this IP address appear on any pr0n sites logs?
  • Is this the IP of the MP at the constituent office?
  • If it is coming from the constituent office, does all traffic go through their VPN, or just official GoC business?

It would be great to track the MPs who are making the decision about whether the RCMP gets to track us. See what sites they visit, and then send them that information informing them that Lawful Access is a VERY BAD IDEA. I have no idea whether the MPs who visited this site were benign/useless/friendly (Liberal/NDP/Green) or are downright hostile and/or evil(Liberal/Conservative). What I do know is that online petitions don't work, and that it's time that people who value privacy online start taking more direct, legal and peaceful means to show exactly how bad of an idea Lawful Access can be.

Comments are closed.