I'll admit it. I've broken the law, and I'm heading for
jail. I expect I'll do the full 4 years in a Detroit maximum security
If they ever catch me.
I thought I was doing a public service, by teaching people
how to construct firewalls and perform advanced networking techniques,
to the Michigan Legislature, I have committed a felony because I
have "advertised plans or written instructions that I intend to be
used or know or has reason to know will be used or is likely to be used
to violate subsection (1)." 750.540c(3) The relevant piece
of subsection 1 is "(b) Conceal the existence or place of origin or
destination of any telecommunications service."
I've had instructions
up on my web site since July 25th
of last year on how to modify the destination address of TCP/IP packets;
search down for "... -m state --state NEW -j DNAT --to-destination
22.214.171.124:5555". This conceals the destination of the original packet.
Interestingly enough, 750.540c(1)(a) limits its scope
to "obtaining a telecommunications service with the intent to
avoid...any lawful charge for the telecommunications service", but
750.540c(1)(b) does not limit itself that way.
Just in case this previous offense might be ignored because
it occurred before the law went into effect, I'll be adding a section in
this article on March 31st (Michigan's time zone) on how to use
masquerading to share an Internet connection - watch this spot.
According to subsection (6), "any unlawful
telecommunications access device involved in violation of this
section...may be destroyed or retained.". That's a real shame -
I've enjoyed the laptop on which I wrote the article, and I'm going to
have a hard time explaning to my boss why my company supplied laptop was
doused in gasoline and torched by the Michigan State Police.
I can't even hide behind the fact that I wrote the article in
New Hampshire, because subsection (8) says the "violation...is
considered to have occured at the place...where the...access device
is...delivered to another person." All it takes is one Michigan
resident to read that web page on or after the date the law takes
effect, Mar 31sth, 2003. If you fall in that category, write me and let
me know we can be co-conspirators in breaking the law.
Melodrama aside, this is a wonderful example of an overly
broad bill actually passing and becoming law. The wording used would
make any of the following illegal.
- Any form of Masquerading or NAT, including connection sharing, port
forwarding, or redirection.
This would include sharing an IP address between the operating system on
the physical computer and the operating system(s) on any virtual
machines on it.
- Using VNC, PC Anywhere, GotoMyPC, or any other remote control tool,
and making an outbound connection from that machine.
- Making a connection to a remote computer with telnet, rsh, ssh and
making an outbound connection from that machine.
- Running an X windows application on another machine and making
outbound connections with it.
- Using a proxy firewall, your ISP's DNS server, or any proxy on a
machine other than the one at which you're sitting. Good luck using the
Internet without using your ISP's DNS server.
- Using CNAME records to obscure the actual target system for a
- Using MX records to use more than one mail server to accept mail for
a given domain.
- In fact, using DNS domain names at all is concealing the
destination of the telecommunications service; you're advertising a
readable name like www.michiganlegislature.org, but the communication is
going to 126.96.36.199.
- Using a domain name that doesn't match your status, for example, a
government institution like the Michigan legislature using
"michiganlegislature.org" when it should be using a .gov domain.
- The use of ssh, ipsec, or any vpn technology to encrypt or tunnel
- Merely tunneling IP
packets or performing proxyarp is
considered "concealing the place of origin or destination of any
- Using load balancing software or round-robin DNS to use more than
one physical computer to provide web content under one hostname.
- Changing the "From:" address in email software to a host or domain
different from the machine on which the message was created. I guess I
can't use the pobox.com domain anymore.
- Using anonymous email services. In fact, using any email
address other than "firstname.lastname@example.org" - and that includes
hotmail, yahoo.com, and hundreds of other email providers.
- Using Invisible IRC
anonymous IRC, freenet
file sharing, or any peer to peer file sharing tool that routes requests
through other machines.
- Posting anonymously to a web site, Usenet newsgroup, or mailing
- Using the Freenet6 IPV6
gateway. In fact, just about any use of IPv6 where packets get
tunneled would be illegal.
- Using wireless ethernet.
- Blocking ping or traceroute packets at a firewall could conceal the
source or destination of other connections.
your Operating System's fingerprint so that scanning tools report
that your machine has a different operating system.
- With a little bit of a mental stretch, everyone connecting to the
Internet using any Ethernet
card could be considered breaking this law, as the true destination of a
network packet is the Mac address of that Ethernet card, but this is
concealed from the outside world; they only see IP addresses and the IP
to Mac address conversion is only done at the Ethernet network.
- 750.540c(1)(c) Sniffing traffic from an ethernet cable that
carries traffic - say Netbios packets - intended for somebody else.
- Distributing or selling an operating system that might be used to
masquerade IP traffic. With Linux' Masquerading and Microsoft's
connection sharing, just about every PC sold in the state of Michigan
from this point on would break this law.
- Getting Internet access at an Internet cafe or public library.
- Using someone else's phone or a pay phone to make a call.
- Forwarding your phone to your cell phone.
- Blocking caller ID for a phone call.
- Using a fax service at a place like Mailboxes, etc. or a hotel.
Because of the implications of load balancing, round-robin
DNS, CNAME records, MX records, and NAT/conection sharing, I believe
you'd actually have a hard time finding a single Michigan business that
is not breaking the law. That includes the Michigan legislature
itself - breaking the law by using a CNAME record for their own web site:
www.michiganlegislature.org. 81559 IN CNAME michiganlegislature.org.
michiganlegislature.org. 81561 IN A 188.8.131.52
I can't wait to see them lead themselves off in chains.
From the above list, I may be up for prosecution under an
habitual offender law as well. In fact, similar
laws are up for review in 8 other states. I sure hope they don't
find out the hundreds of times I've run a sniffer on an Ethernet cable.
William is an Open-Source developer, enthusiast,
and advocate from New Hampshire, USA. His day job at SANS pays him to work on network
security and Linux projects.
This article is Copyright 2003, William Stearns <email@example.com>