143.228.0.0/16 and house.gov

William Allen Simpson william.allen.simpson at gmail.com
Thu Oct 2 15:08:46 CDT 2008


John Schnizlein wrote:
> I connected the internal network of the US House of Representatives to 
> the Internet when I worked there, and operated it through both 
> Democratic and Republican control.

Aha, I wondered who was to blame....

Of course, my Member was on the Internet before the House, as MERIT -- the
very same organization that ran/runs NANOG -- had its own POP (called an SCP
in those days) in DC.  Only later did we use the House net.

She usually took her Mac laptop to Science and Education committee meetings.
Her staff was often asked how they got her to use her own laptop, when they
couldn't get their own members to read (or type) their own email.

This was all pre-2001, and Blackberry mania.


>   I never saw any snooping by either 
> party of the network traffic, and I had sniffers for diagnosing problems 
> in several communication closets.

Yet, there was verified interception of both House and Senate email
communications.  Nobody claimed it was "on the wire" network traffic, as
there were many weaknesses in the data network security design.

And the vicious fight about our setting up a VPN to bypass the centrally
controlled system -- as in "if you do this, we'll cut off your network
access entirely" -- led all concerned to guess that there was a political
reason, not a technical reason.  So, I just used non-standard ports, and
some other firewalling, to prevent your staff from detecting it.

Also, there was the long fight about members running their own servers
(as in member.house.gov), instead of relying on the central servers for
connectivity (www.house.gov/member).  Again, we really didn't trust the
Republicans not to examine internal data.


>   I do recall unfounded accusations 
> both ways, but it would be sad for the rumors to outlive the reality.

Like this verified and widely reported:

   "Democrats Suggest Inquiry Points to Wider Spying by G.O.P."
   http://query.nytimes.com/gst/fullpage.html?res=940DE4D7173AF933A25751C0A9629C8B63&sec=&spon=&pagewanted=print


> The notorious case of intercepted cell-phone conversations had nothing 
> to do with the data network.
> 
True, but irrelevant.


> I will not say anything about how large or redundant the data center is 
> for obvious reasons, beyond that I am no longer employed there and do 
> not have the details.
> 
I've not even visited DC since 2002, and the old building with the page
dorm was torn down that summer.

But I can dig and traceroute.  I'm pretty sure this isn't an ideal (or
standard conforming) setup.  But it shouldn't have been swamped, as seems to
be akamaized.

===

;; QUESTION SECTION:
;financialservices.house.gov.   IN      A

;; ANSWER SECTION:
financialservices.house.gov. 3600 IN    CNAME   www.house.gov.
www.house.gov.          3503    IN      CNAME   house.gov.edgesuite.net.
house.gov.edgesuite.net. 4372   IN      CNAME   a1164.g.akamai.net.
a1164.g.akamai.net.     20      IN      A       192.122.184.19
a1164.g.akamai.net.     20      IN      A       192.122.184.7

===

house.gov.              900     IN      SOA     mercury.house.gov. dnsadmin.mail.house.gov. 1002529 3600 1800 604800 3600

house.gov.              14128   IN      NS      chyron.house.gov.
house.gov.              14128   IN      NS      mercury.house.gov.

mercury.house.gov.      14166   IN      A       143.231.1.67
chyron.house.gov.       14149   IN      A       143.228.129.38





More information about the NANOG mailing list