143.228.0.0/16 and house.gov

John Schnizlein schnizlein at isoc.org
Thu Oct 2 16:06:35 CDT 2008


This will be my last response on this despite whatever spin follows.

On 2008Oct2, at 4:08 PM, William Allen Simpson wrote:

> John Schnizlein wrote:
>> I connected the internal network of the US House of Representatives  
>> to the Internet when I worked there, and operated it through both  
>> Democratic and Republican control.
>
> Aha, I wondered who was to blame....

Thank you for the compliment.

> ...
>>  I never saw any snooping by either party of the network traffic,  
>> and I had sniffers for diagnosing problems in several communication  
>> closets.
>
> Yet, there was verified interception of both House and Senate email
> communications.  Nobody claimed it was "on the wire" network  
> traffic, as
> there were many weaknesses in the data network security design.

If you know any, please send them to me privately.  I can assure the  
community that our design and implementation got repeated review and  
testing from the best we could find at the time.

> And the vicious fight about our setting up a VPN to bypass the  
> centrally
> controlled system -- as in "if you do this, we'll cut off your network
> access entirely" -- led all concerned to guess that there was a  
> political
> reason, not a technical reason.  So, I just used non-standard ports,  
> and
> some other firewalling, to prevent your staff from detecting it.

I hope no damage was produced by any inadvertent back doors opened by  
your VPN.

Since we were not blocking applications other than IRC, I don't know  
what you felt you needed to get around.

> Also, there was the long fight about members running their own servers
> (as in member.house.gov), instead of relying on the central servers  
> for
> connectivity (www.house.gov/member).  Again, we really didn't trust  
> the
> Republicans not to examine internal data.

Although I do not recall the particular offices, I do recall that  
several committees and members had both email and web servers in their  
own offices with domains delegated to them on request.  I have no idea  
what "long fight" you might have experienced.

>>  I do recall unfounded accusations both ways, but it would be sad  
>> for the rumors to outlive the reality.
>
> Like this verified and widely reported:
>
>  "Democrats Suggest Inquiry Points to Wider Spying by G.O.P."
>  http://query.nytimes.com/gst/fullpage.html?res=940DE4D7173AF933A25751C0A9629C8B63&sec=&spon=&pagewanted=print

As I recall this was simply a case of one staffer logging into a  
server in a different office.  As you mentioned above, not "on the  
wire" and not a data network security issue.  As sometimes still  
happens, the "computer network" actually referred to a file server.   
This article is about activities in the Senate, which operates  
independently of the House - was your experience actually with respect  
to the Senate?

John




More information about the NANOG mailing list