Could my ISP be upto something...

Recently, I have began to questions the privacy practices of the ISP I use for my home setup.
The past 2 weeks I have noticed some very strange behavior related to my internet account.
But first a little background...The company I work for requires me to do monthly remote security audits on clients systems, things like vulnerability scanning, IDS evasion, ...ect to make sure everything is working as its supposed to. Particullary in the case of IDS evasions it's very important for me to hide my IP, otherwise the admins on those networks will know when I am auditing them, and the whole process of a secret audit is botched. I use proxy's and address spoofing a lot for these things. I just started an account with this ISP about a month ago, and for the first 2 weeks had no problem forging packets. Then about two weeks ago they begain using egress filtering, which totally stopped my ability to spoof from their network (Although I still can using VPN to another one). At about the same time this happened I began to notice that my anonymous proxy connections where no longer anonymous either! After testing various anonymous proxy's from all over the world (I tried about 50...) I found that the end point still pointed back to my ISP. Although this IP was not my IP, it still pointed back to an address within my ISP's address space. So, I dug a little deeper. I trace routed the path thru my internet connection and found my packets were going thru an additional machine that wasn't there two weeks ago. I decided to ping that address and to my surprise found that my firewall was blocking inbound ICMP requests to my machine in response to my ping (It pointed right back at me!). I checked my IP again to make sure that the ISP hadnt reassigned it to this address. They hadn't, it's the same as it's always been. So I pinged my IP address that winipcfg reports...Nothing happened, no inbound ICMP at all. Anything sent to my ipconfig address never arrives, only packets sent to this virtual address make it to my machine. I know that my ISP has me using a different router/gatway configuration then everyone else on their network.
As far as the proxy thing, this is really strange...Theres really no way to account for an annomous proxy not being anonymous just for my IP is there? Am I correct? The only thing I can think of is that my ISP is stripping the proxy TCP/IP wrapper of my packets, then requesting the data themselves, then sending it to my machine. I'm not really sure just what to do or think just yet. Needless to say I instantly SSL'ed EVERYTHING, stopped using my ISP's DNS, and totally hardened my firewall against my own ISP! So now I bet there really wondering whats up, they have no idea what data or with whom my system is dealing with... For the time being I just want to investigate more into exactly what my ISP is doing with my packets and how they're routing them. I would like to see my packets as they arrive at an anonymous proxy (So if anyone has anon proxy with packet logger that I could send a couple requests too, let me now). Any suggestions on what might be happening? Personally, I think there sensors picked up on some of the non-standard/spoofed traffic I was sending, and they then classified me as a potential hacker, and stuck me on a different segment then everone else where they could monitor my connections and prevent me from interacting with the internal network. Wouldnt this be discrimination? As far as the proxy thing, if there doing what it looks like to me, they are totally invading my privacy. Just for my own satisfaction I wrote a spider that scoured the net looking for email addresses of my ISP's customers and now I have a list of about 4000, If things get really bad I plan on mass mailing everyone and telling them whats going on. I plan on bring this up in person with my ISP when I know exactly whats going on...Any comments?

Read your ISP's AUP (Acceptable Use Policy). Your activities may be against their policy.

Massmailing everyone at your ISP will definitely get you kicked off the net.

Quote:

---

Just for my own satisfaction I wrote a spider that scoured the net looking for email addresses of my ISP's customers and now I have a list of about 4000, If things get really bad I plan on mass mailing everyone and telling them whats going on. I plan on bring this up in person with my ISP when I know exactly whats going on...Any comments?

---

Yeah, smart move especially when you depend on them for internet. Why don't you just call them on their hotline/ tech support and demand to talk to a higher up? Or even better if they are located close to you go and talk to them. Lastly, why didn't you tell your ISP of your situation? If its legit as you say they shouldn't have a problem with it especially with papers from your work? ????

Adding to what SirDice said: What does your AUP tell you?

Discrimination? Probably but so what.

You admit to using the services in a manner that would cause any provider to have pause and alarm. I can't blame them for monitoring your activity, gathering info and at the same time limiting what garbage you can pull in the process. If that is in fact what is happening.

I don't see what the big deal is. If you don't like the service, don't use it!!!!!!!

SGS

with the echelon technology in place on most ISP's and you thinking you have rights and don't need to tell anyone why your doing what your doing... i wouldn't plan on flying anywhere if i were you.

Neptune0z,
I'm going to have to applaud your ISP for taking a very pro-active approach in dealing with internet threats. While users have a certain degree of responsibility in securing their pc's, I also think ISP's should bear some of the burden...and yours is doing exactly that. Some ISP's are now suspending accounts if an infected machine (within their domain) is causing problems, even if the user has no idea it's infected. They make users clean their systems and then reinstate their account privilages. (again, I applaud these ISP's). Think of your situation another way Neptune. Imagine someone remotely auditing your system, without your consent, for malicious purposes. Would you want your ISP to stop it? or would that be discrimination? Like everyone in this thread has been stating, your ISP has no idea what your intentions are and why you're spoofing IP's and performing remote attacks through proxies. For all practical purposes, you might as well be a cracker (in your ISP's eyes) because they don't know you have consent from the admins of the network(s) you're auditing.

Quote:

---

The past 2 weeks I have noticed some very strange behavior related to my internet account

---

yeah, your ISP thinks your're a cracker (shocker!) and is dealing with you accordingly.
What in the hell made you think that your ISP was clairvoyant enough to realize you were simply running legit scans? how much common sense would it have taken to think "hmm, maybe I should let my ISP know what I'm doing just in case they see what's normally considered malicious activity flowing through their network". Considering it's what you do for a living (and I'm assuming you think paychecks are a good thing) do you really want to inform your company that you can longer do remote audits because you never informed your ISP of your activity and your account is now blocked and/or suspended?

It's called "common sense" Neptune, use it.

"Massmailing everyone at your ISP will definitely get you kicked off the net. " -- Sir Dice

There's always another ISP out there to use though. I pay for my service and as a customer there's various things I expect from them as a business. An attempt to tag me so that my
surfing habits are not anonymous is totally unacceptable and I would gladly lose my account to let others know.

"with the echelon technology in place on most ISP's and you thinking you have rights and don't need to tell anyone why your doing what your doing... i wouldn't plan on flying anywhere if i were you." --tedob1

Echelon and its supporting policies "Patriot act, CPA, ...ect" are a complete violation of our rights. I encourage everyone to read more about these things. www.eff.org
As far as the flying thing, for the past 6 years everytime I fly I get searched at every terminal, every transfer, every check point. Knowledge is power...


The internet was founded on anonimity. Any attempt to violate this, needs to be resisted at all costs. Like anything in this world if we dont fight for our rights we will lose them, I gaurentee we will lose them. I'm not surprised to find out my ISP would be monitoring me because of my internet activities, any decent admin would see this as a security threat. I appriciate everyones comments.

Okay a few questions. Mainly because your attitude makes me feel like something just isnt right. Okay so the company you work for makes you use your own persoanl resources to do your job? You dont have an internet connection at the office that you could use? You would have a lot more luck explaining this to your ISP if it was coming from an office building and not your house.

Yes you are paying for a service but why do you need to be annonymous with your ISP. Do you honestly think they are going to go to the companies you "audit" and say hey this subscriber is scanning you? Explain to them what your job requiers then be prepared to back it up with some proof. Yea you have rights we all do. One of the biggest rights that alot of people forget is the right of a business to refuse service of anykind to any customer for any reason. And yes companies do have that legal right. No thats not toi say your ISP can say " we're not going to provide you with service because you are a black gay jewish person" but they have the right to prevent you from using their service in a harmfull manner. To the tech's over there thats exactly what it loooks like. Grow up and be responsable for what you are doing. Or start your own ISP and let all your local skiddies run rampant

EDIT: and how broadband providers are in your area? anonymous scvanning from dial up cna be a real bitch. I know of two broadband ISP's in my area. the cable isp and the DSL company

Quote:

---

Originally posted here by Neptune0z
"Massmailing everyone at your ISP will definitely get you kicked off the net. " -- Sir Dice

The internet was founded on anonimity. Any attempt to violate this, needs to be resisted at all costs. Like anything in this world if we dont fight for our rights we will lose them, I gaurentee we will lose them. I'm not surprised to find out my ISP would be monitoring me because of my internet activities, any decent admin would see this as a security threat. I appriciate everyones comments.

---

Although the notion of Internet access being a "right" could be well debated, let's pretend your
premise is correct. With "rights" comes responsibility. Part of yours would be to make arrangements with your ISP ahead of time. To outline your activities ahead of time through a proactive relationship with your ISP. In the least, attempt to use well documented communication to your ISP letting them know what to expect and when.

I have done this in the past for people in your situation.
You should expect to have a member of the org requesting to be audited ready to confirm your situation to your ISP and be willing to provide documentation to the matter.

If as you say "knowledge is power", practice what your preach and provide your ISP with knowledge of you, your practice, and your intent.

I started this thread with the idea that people would post ideas / suggestions about what my isp is doing with regards the proxy thing...Instead it turned into a 'lets dog-on on neptune for mismanagment of his IP' thread...Not what I'm interested in...I may be in the wrong...But thats irrelevant...Please only post if you have suggestions for what my ISP may be doing to make my sessions thru anonymous proxies not anonymous...