Preparing for persecution

Discussion:

Mark Harris

2011-07-19 00:01:14 UTC

So, Skynet is coming online as of 1 September, and the slimy
"rightsholders" can collect information on activity from 15 August (you
knew that, didn't you?). Those of us who've put our heads above the
parapet to oppose things like ACTA, s92A, TPPA and the filesharing
amendment might not be regarded as completely paranoid if we were to
think of ourselves as potential targets - $75 is a reasonable
cost-effective way to tie up a critic.

On the basis of my paranoia, then, I'm looking for a way to reliably log
my traffic so as to have evidence to present. If the bastards come for
me, I want to take them to the court, not the other way around.

I have a eeepc which is not doing anything at the moment (screen's
buggered - they don't like being dropped much - but the external monitor
output works fine) and I'm wondering if I can plug that into my network
as a logging device.

I'm on TelstraClear cable, and use a DLink DI524 wireless router, with a
mixed network of wired and wireless connections.

Is there some sort of appliance iso I can load up the eee with that will
do this sort of logging? Or is there a combination of recommended
software packages?

Please bear in mind I am not a CLI guru but a point and click junkie
(ooo, shiny!) ;-) but any suggestions would be gratefully appreciated.

Cheers

~mark

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Jethro Carr

2011-07-19 00:49:51 UTC

Permalink

Post by Mark Harris
I have a eeepc which is not doing anything at the moment (screen's
buggered - they don't like being dropped much - but the external monitor
output works fine) and I'm wondering if I can plug that into my network
as a logging device.
I'm on TelstraClear cable, and use a DLink DI524 wireless router, with a
mixed network of wired and wireless connections.
Is there some sort of appliance iso I can load up the eee with that will
do this sort of logging? Or is there a combination of recommended
software packages?

hi Mark,

You could do what you want with netflow - which will record source and
destination packets, along with time, protocol/ports and packet size.

You need something which can either intercept all traffic between your
network and cable modem or a router which is able to push out netflow
records to a DB somewhere.

My recommendation is something like a small Linux router or a Mikrotik
device (~ $75) between the cable modem and your dlink, doing the NAT and
routing, along with netflow collecting.

Netflow records can then be pushed to a netflow collector like flowd on
a linux server and either stored in on disk files or loaded into a SQL
database.

Various tools exist for querying netflow records, but it's a pretty easy
DB structure to work with.

I'm sure there must be more point-and-click or packaged solutions
available, but this is how the underlying guts work. I've done it the
hardware since I like pain and all. :-)

regards,
jethro

--
Jethro Carr
www.jethrocarr.com
www.amberdms.com

Mark Harris

2011-07-19 00:56:48 UTC

Permalink

Post by Jethro Carr
You could do what you want with netflow - which will record source and
destination packets, along with time, protocol/ports and packet size.
You need something which can either intercept all traffic between your
network and cable modem or a router which is able to push out netflow
records to a DB somewhere.
My recommendation is something like a small Linux router or a Mikrotik
device (~ $75) between the cable modem and your dlink, doing the NAT and
routing, along with netflow collecting.

Yeah, I somehow thought that was the place to put it, which lets the
eeepc out as it only has one network port. I was hoping it could, sort
of watch from the side rather than be in the middle of the flow. No
impact on throughput from this?

Post by Jethro Carr
I'm sure there must be more point-and-click or packaged solutions
available, but this is how the underlying guts work. I've done it the
hardware since I like pain and all. :-)

That's something I've noticed about you, mate ;-)

Cheers and thanks

~mark

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Jethro Carr

2011-07-19 01:39:57 UTC

Permalink

Post by Mark Harris

There are two ways you could do that in a nice way:

1. Your router collects the netflow records and sends them to the eeepc
for recording and storage.

2. Have a switch capable of mirroring traffic out of a port to the
eeepc, so you can intercept the traffic and account for it all on the
eeepc.

Either way, you'd need to change the router you're using - I don't
believe the dlink will cut it, unless you're able to get something like
OpenWRT onto it.

The third possibility is to use a *shudder* hub, between the cable modem
and the dlink router.

By plugging the eeepc into the hub, it would be able to see all traffic
between the cable modem and the dlink router.

I'd prefer to avoid that, since if the hub sucks, you might find some
performance impact.

Post by Mark Harris

Post by Jethro Carr
I'm sure there must be more point-and-click or packaged solutions
available, but this is how the underlying guts work. I've done it the
hardware since I like pain and all. :-)

That's something I've noticed about you, mate ;-)

No pain, no gain. :-)

regards,
jethro

--
Jethro Carr
www.jethrocarr.com
www.amberdms.com

Daniel Reurich

2011-07-19 22:40:12 UTC

Permalink

Post by Mark Harris
So, Skynet is coming online as of 1 September, and the slimy
"rightsholders" can collect information on activity from 15 August (you
knew that, didn't you?)

I don't believe that collecting information part has been widely
publicized. That's no doubt going to catch a lot of people out.

Thanks for the reminder... :)

--
Daniel Reurich
Centurion Computer Technology (2005) Ltd
Ph: 021 797 722

siology.io

2011-07-20 07:04:39 UTC

Permalink

Message: 2
Date: Tue, 19 Jul 2011 12:01:14 +1200
Subject: [nzlug] Preparing for persecution
Content-Type: text/plain; charset=UTF-8; format=flowed

<snip>

On the basis of my paranoia, then, I'm looking for a way to reliably log
my traffic so as to have evidence to present. If the bastards come for
me, I want to take them to the court, not the other way around.

<snip>

Cheers
~mark

I'm not totally up to speed with the NZ legal system yet, but surely
the only evidence with any gravitas in such a court case would be that
provided by your ISP, and not the defendant.

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Mark Harris

2011-07-20 08:30:30 UTC

Permalink

Post by siology.io
I'm not totally up to speed with the NZ legal system yet, but surely
the only evidence with any gravitas in such a court case would be that
provided by your ISP, and not the defendant.

With respect, if you're going to get into this debate, you NEED to be up
to speed with this particular law. Actually, *EVERYBODY* on the Internet
in NZ needs to be up with it, because Big Content's record with accuracy
is not good.

In particular s122N of the Copyright (Infringing File Sharing) Amendment
Act 2011
(http://www.legislation.co.nz/act/public/2011/0011/latest/DLM2764327.html?search=ts_act_copyright_noresel&p=1#DLM3331808)
says:

"122N Infringement notice as evidence of copyright infringement
“(1) In proceedings before the Tribunal, in relation to an infringement
notice, it is presumed—
“(a) that each incidence of file sharing identified in the notice
constituted an infringement of the rights owner's copyright in the work
identified; and
“(b) that the information recorded in the infringement notice is
correct; and
“(c) that the infringement notice was issued in accordance with this Act.
“(2) An account holder may submit evidence that, or give reasons why,
any 1 or more of the presumptions in subsection (1) do not apply with
respect to any particular infringement identified in an infringement notice.
“(3) If an account holder submits evidence or gives reasons as referred
to in subsection (2), the rights owner must satisfy the Tribunal that,
in relation to the relevant infringement or notice, the particular
presumption or presumptions are correct.

So the Tribunal starts off presuming that the rightsholder is telling
the truth, therefore infringement has occurred, therefore the account
holder is guilty unless they can prove otherwise.

~mark

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Nick Rout

2011-07-20 09:09:59 UTC

Permalink

With respect, if you're going to get into this debate, you NEED to be up to
speed with this particular law. Actually, *EVERYBODY* on the Internet in NZ
needs to be up with it, because Big Content's record with accuracy is not
good.
In particular s122N of the Copyright (Infringing File Sharing) Amendment Act
2011
(http://www.legislation.co.nz/act/public/2011/0011/latest/DLM2764327.html?search=ts_act_copyright_noresel&p=1#DLM3331808)
"122N Infringement notice as evidence of copyright infringement
“(1) In proceedings before the Tribunal, in relation to an infringement
notice, it is presumed—
“(a) that each incidence of file sharing identified in the notice
constituted an infringement of the rights owner's copyright in the work
identified; and
“(b) that the information recorded in the infringement notice is correct;
and
“(c) that the infringement notice was issued in accordance with this Act.
“(2) An account holder may submit evidence that, or give reasons why, any 1
or more of the presumptions in subsection (1) do not apply with respect to
any particular infringement identified in an infringement notice.
“(3) If an account holder submits evidence or gives reasons as referred to
in subsection (2), the rights owner must satisfy the Tribunal that, in
relation to the relevant infringement or notice, the particular presumption
or presumptions are correct.
So the Tribunal starts off presuming that the rightsholder is telling the
truth, therefore infringement has occurred, therefore the account holder is
guilty unless they can prove otherwise.

I would love to take one of these cases, but I understand lawyers may
not be allowed in the Tribunal.

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Mark Harris

2011-07-20 10:07:43 UTC

Permalink

Post by Nick Rout
I would love to take one of these cases, but I understand lawyers may
not be allowed in the Tribunal.

You understand correctly. However, there is still the option for the
rightsholder to take civil action in the District Court...

~mark

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Nevyn

2011-07-21 00:36:59 UTC

Permalink

Post by siology.io
provided by your ISP, and not the defendant.

As far as I understand it, the ISP doesn't provide evidence persay.
They're an intermediary.

So rights holder complains that X IP address at Y time is breaching on
their rights. They're able to track down ISP and issue them with a
request to send "pirate" notice where "pirate" is person at the end of
X IP at Y time.

So the ISP is basically a translation layer.

The copyright debate becomes a lot more interesting outside of big
media. Medical research for example...

Regards,
Nevyn
http://nevsramblings.blogspot.com/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Mark Harris

2011-07-21 00:54:00 UTC

Permalink

Post by Nevyn
As far as I understand it, the ISP doesn't provide evidence persay.
They're an intermediary.

The ISP (or more correctly, the IPAP) provides the account holder
information to the Tribunal directly when requested by the Tribunal.

~mark

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Atom Smasher

2011-07-21 07:56:51 UTC

Permalink

i hope to not be a test case, but if i ever have to answer to a copyright
tribunal my defense will consist mostly of questioning the
chain-of-custody of any evidence, how it was gathered, and who can
personally testify that they received copyright-infringed material from an
IP address under my control at the time. if it's an automated process then
i will need to review it, down to the level of code and the machine it's
running on, in order to find out why it made a mistake. i'll also have to
review change-logs and procedures for the code and machine it's running
on, to see if it could have been hacked.

i think we've all seen the printer story - http://dmca.cs.washington.edu/

and i think we all know about some trackers adding random ip-addresses to
a swarm for the purpose of plausible deniability... the other side of
plausible deniability is that sometimes deniability really is plausible.

based on that, and the fact that all of these processes seem to be both
automated and outsourced, it's highly improbable that anyone could ever
produce a reasonable quality of evidence in bulk. quite simply, it's too
easy for mistakes to happen. receipt of a mass-mailed infringement letter
is not proof of infringement.

i'd like to think that any legal (or quasi-legal) proceeding that doesn't
require a reasonable level of proof (where "level of proof" needs to be
consistent with the alleged violation and penalties) would quickly become
a human-rights issue.
--
...atom

________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------

"Every great advance in natural knowledge has
involved the absolute rejection of authority."
-- Julian Huxley

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Nick Rout

2011-07-21 20:09:01 UTC

Permalink

Post by Atom Smasher
i hope to not be a test case, but if i ever have to answer to a copyright
tribunal my defense will consist mostly of questioning the chain-of-custody
of any evidence, how it was gathered, and who can personally testify that
they received copyright-infringed material from an IP address under my
control at the time. if it's an automated process then i will need to review
it, down to the level of code and the machine it's running on, in order to
find out why it made a mistake. i'll also have to review change-logs and
procedures for the code and machine it's running on, to see if it could have
been hacked.
i think we've all seen the printer story - http://dmca.cs.washington.edu/
and i think we all know about some trackers adding random ip-addresses to a
swarm for the purpose of plausible deniability... the other side of
plausible deniability is that sometimes deniability really is plausible.
based on that, and the fact that all of these processes seem to be both
automated and outsourced, it's highly improbable that anyone could ever
produce a reasonable quality of evidence in bulk. quite simply, it's too
easy for mistakes to happen. receipt of a mass-mailed infringement letter is
not proof of infringement.
i'd like to think that any legal (or quasi-legal) proceeding that doesn't
require a reasonable level of proof (where "level of proof" needs to be
consistent with the alleged violation and penalties) would quickly become a
human-rights issue.

The only proof required is the notice - it is presumed to be correct.

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Atom Smasher

2011-07-22 01:41:36 UTC

Permalink

Post by Nick Rout
The only proof required is the notice - it is presumed to be correct.

===============

like i said... i wouldn't want to be a test-case ;)
--
...atom

________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------

"If young people don't turn on to politics,
politics will turn on them."
-- Ralph Nader

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

siology.io

2011-07-21 06:59:00 UTC

Permalink

Date: Wed, 20 Jul 2011 20:30:30 +1200
Subject: Re: [nzlug] Preparing for persecution
Content-Type: text/plain; charset=UTF-8; format=flowed

With respect, if you're going to get into this debate, you NEED to be up
to speed with this particular law. Actually, *EVERYBODY* on the Internet
in NZ needs to be up with it, because Big Content's record with accuracy
is not good.
In particular s122N of the Copyright (Infringing File Sharing) Amendment
Act 2011
(
http://www.legislation.co.nz/act/public/2011/0011/latest/DLM2764327.html?search=ts_act_copyright_noresel&p=1#DLM3331808
)
"122N Infringement notice as evidence of copyright infringement
“(1) In proceedings before the Tribunal, in relation to an infringement
notice, it is presumed—
“(a) that each incidence of file sharing identified in the notice
constituted an infringement of the rights owner's copyright in the work
identified; and
“(b) that the information recorded in the infringement notice is
correct; and
“(c) that the infringement notice was issued in accordance with this Act.
“(2) An account holder may submit evidence that, or give reasons why,
any 1 or more of the presumptions in subsection (1) do not apply with
respect to any particular infringement identified in an infringement
notice.
“(3) If an account holder submits evidence or gives reasons as referred
to in subsection (2), the rights owner must satisfy the Tribunal that,
in relation to the relevant infringement or notice, the particular
presumption or presumptions are correct.
So the Tribunal starts off presuming that the rightsholder is telling
the truth, therefore infringement has occurred, therefore the account
holder is guilty unless they can prove otherwise.
~mark

This is actually as i understood the written law to be, but it was my
understanding that "evidence" in this context is implying a defense such
as "i don't own a computer", "the address in question is a shared network"
or "i was recently a victim of computer theft" rather than "heres my network
traffic logs" as the rebuttal would surely be "aren't you just logging what
you want logged ?". I find it very interesting that a court would consider
such evidence (but i don't dispute that they would as clearly i'm not a
lawyer), do you know of a case I could chase up where such a defense was
used by an individual ?

Point (c) seems like it would be fairly easy for a defendant to prove
compared to (a) or (b).

Personally, my mind would tend to be that if someone knows enough to log
their own traffic they also know enough to not log a crime. I find it very
enlightening that a court would take a different stance.
_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug

Continue reading on narkive:

Search results for 'Preparing for persecution' (Questions and Answers)

replies

Do you believe that Christianity is reverting back to the way it used to be in the early Church during the Roman persecutions?

started 2015-07-04 09:51:34 UTC

religion & spirituality

replies

Matthew 10:32&33.Can you explain these scriptures?

started 2009-03-23 05:58:01 UTC

religion & spirituality

replies

What Exactly Constitutes "PERSECUTION" For Most Christians?