Re: Anonymous Threats

2016-01-10 Thread Valdis . Kletnieks 
On Sun, 10 Jan 2016 20:45:25 -0500, "Eric Rogers" said:
> Thank you for all that have responded, and this response has been the
> majority, to leave well enough alone.  I guess I was hoping that maybe I could
> offer a new way to help narrow this search down.

The only thing that's more likely to get you into trouble that acting "under
color of law" (meaning doing it at the express request of law enforcement) is
taking the same actions *not* under color of law (at which point it's your
problem, not law enforcement's, if you break any laws).


pgpaHCNYMfFa6.pgp
Description: PGP signature

Re: Anonymous Threats

2016-01-10 Thread Andrew Kirch 
I have an idea. Indianapolis Cybercrime should stop playing politics and
treat people like me who are willing to help, and were hugely successful
with respect, and not like a mob informant.
That said, post Snowden, I doubt I would go back... even with Brian Kils
bullshit.

Andrew D Kirch.


On Sunday, January 10, 2016, Eric Rogers  wrote:

> Our local community has recently had threats where the user has a
> FaceBook profile and is threatening the schools, and several surrounding
> schools, saying he is going to shoot everyone and blow them up... This
> is an investigation, but it is getting out of hand.  Several police/FBI
> raids, but yielded no results, and/or did not catch the right person.
> He/she is taunting them, local and federal.
>
>
>
> I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> something similar.  Is there any way to sniff for that type of traffic
> on my network?  I want to make sure that they are not using us as the
> source.
>
>
>
> Any thoughts on how to catch this person?  Even if it isn't us, and it
> is somewhere else I would like to put a stop to it.  Preferably off-list
> if you do respond...
>
>
>
> Thanks in advance.
>
>
>
> Eric Rogers
>
>
>
>
>
> www.pdsconnect.me
>
> (317) 831-3000 x200
>
>
>
>

RE: Anonymous Threats

2016-01-10 Thread Eric Rogers 
Thank you for all that have responded, and this response has been the majority, 
to leave well enough alone.  I guess I was hoping that maybe I could offer a 
new way to help narrow this search down.  It has been extremely frustrating to 
see someone so blatantly cocky in how he is taunting the authorities, yet 
threaten people's lives...this person is taking pictures of "intended targets" 
and their young children saying "maybe they won't make it home tonight" and 
much, much worse...I have reached out to local authorities to offer any help, 
and I haven't had any response, so at this point I am not going to do anything 
to slow or interfere with any investigation... this person needs caught.

As a secondary, I was thinking that by looking at the type of traffic, by using 
a sniffer/IDS or some mechanism to generate a list of possible users so if 
authorities came knocking I could help them ask for the correct information for 
a warrant.

My personal guess is that they are not from this area, possibly overseas from 
the US and using proxies that are nearby the target community.  That means any 
looking into my network won't do any good except find any "exit nodes" in the 
TOR world, but there are several other ways to do the same thing, and too many 
to keep up.

Eric Rogers
PDS Connect
www.pdsconnect.me
(317) 831-3000 x200

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Fisher
Sent: Sunday, January 10, 2016 8:30 PM
To: Notmatt Pleaseignore
Cc: NANOG
Subject: Re: Anonymous Threats

Report it to the authorities and trust that they can handle it,..no matter how 
difficult that is. Remember your place that you are just the admin/operator and 
not the hero. If they need your help, law enforcement will ask for it.

Sucks but what would you do if you found his IP address? Go to his house?
No matter what, law enforcement needs to own the problem.

Thanks,
Scott

On Sunday, January 10, 2016, Notmatt Pleaseignore 
wrote:

> I think if the FBI wants your help, they'll let you know.
>
> In the meantime, I would probably avoid anything that looked like you 
> are spying on your customers, especially if you are explicitly 
> targeting customers who are attempting to anonymize their traffic (for 
> whatever reason). No matter how well intentioned. I can see a number of 
> downsides...
>
> But in simple terms, if its Facebook, its HTTPS, and seems you are 
> basically done there. Regardless what anonymous transport they use, 
> you wouldn't be able to see what they are up to...
> On Jan 10, 2016 6:14 PM, "Josh Reynolds"  > wrote:
>
> > Even if you find somebody running TOR, you can't see inside it. They 
> > also could simply be running an exit node, or $reason.
> > On Jan 10, 2016 5:02 PM, "Eric Rogers"  > wrote:
> >
> > > Our local community has recently had threats where the user has a 
> > > FaceBook profile and is threatening the schools, and several
> surrounding
> > > schools, saying he is going to shoot everyone and blow them up... 
> > > This is an investigation, but it is getting out of hand.  Several 
> > > police/FBI raids, but yielded no results, and/or did not catch the right 
> > > person.
> > > He/she is taunting them, local and federal.
> > >
> > >
> > >
> > > I would ASSUME he is using some sort of proxy/anonymizer such as 
> > > TOR or something similar.  Is there any way to sniff for that type 
> > > of traffic on my network?  I want to make sure that they are not 
> > > using us as the source.
> > >
> > >
> > >
> > > Any thoughts on how to catch this person?  Even if it isn't us, 
> > > and it is somewhere else I would like to put a stop to it.  
> > > Preferably
> off-list
> > > if you do respond...
> > >
> > >
> > >
> > > Thanks in advance.
> > >
> > >
> > >
> > > Eric Rogers
> > >
> > >
> > >
> > >
> > >
> > > www.pdsconnect.me
> > >
> > > (317) 831-3000 x200
> > >
> > >
> > >
> > >
> >
>


--
Scott

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Owen DeLong 

> On Jan 9, 2016, at 08:01 , Jeremy Austin  wrote:
> 
> On Sat, Jan 9, 2016 at 5:06 AM, Mike Hammett  wrote:
> 
>> 
>> The best solution for everybody is the solution most consumers are adverse
>> to, which is usage based billing. Granted, many times the providers have
>> shot themselves in the foot by making the charges punitive instead of based
>> on cost plus margin. Reasonable $/gig for everybody! :-)
> 
> 
> I'm tempted to make an analogy to health care, insurance, and universal
> coverage, but I'll abstain.
> 
> Usage based billing alters the typical hockey stick graph: the 10% of users
> using 80% of the bandwidth are otherwise subsidized by the long tail.
> 
> As an ISP, usage-based billing is more sensible, because I would no longer
> have to stress about oversubscription ratios and keeping the long tail
> happy. But usage-based models are more stressful for the consumer; I think
> I disagree that it's the best model for everybody.

As much as I love to criticize T-Mo for what they do wrong (and there’s plenty),
this is one area where I think T-Mo has actually done something admirable.

They have (sort of) usage-based billing.

For $x/month you get Y GB of LTE speed data and after that you drop to 128kbps.

You don’t pay an overage charge, but your data slows way down.

If you want to make it fast again, you can for $reasonable purchase additional
data within that month on a one-time basis.

I would like to encourage other carriers to adopt this model, actually. If
Verizon had a model like this, I would probably switch tomorrow assuming
their prices weren’t too far out of line compared to T-Mo.

> Let me be a consumer advocate for a moment. One of the reasons consumers
> are averse to usage-based billing is that the tech industry has not put
> good tools into their hands. While it is possible to disable automatic
> updates, set Windows 10's network settings to "metered", and micromanage
> your bandwidth, in general:
> 
> The Internet (from the non-eyeball side) is designed around a free-feeding
> usage model. Can you imagine if the App store of your choice showed two
> prices, one for the app and one for the download? The permission-based
> model on Android would have requests like, "This app is likely to cost you
> $4/week. Is this OK?”

Kind of an interesting idea, but to me, the reason usage charges induce
stress has ore to do with the fact that they are kind of out of control
pricey first of all and second of all that you start incurring them without
warning and without any real ability to say no on most networks.

That’s why I actually like the T-Mo strategy here. With existing tools,
the customer has full choice and control about “overage” costs even if
their data usage remains somewhat opaque.

> I don't know all the reasons that satellite provider Starband shut down,
> but that was a usage-based billing market; and it would never have been a
> 'reasonable' $/gig.  I'm working to step into the hole they left, and
> you're right that customers don't want a usage-based model to replace it.

Because their operating costs overall exceeded the value perceived by consumers.
As a result, they could not sell their product to a critical mass of consumers
at a price that would allow them to continue operations.

> In addition, let's say I know of an ISP that makes 10% of its revenue from
> overage charges. Moving to a purely usage-based model would lower ACR, as
> it would have to charge a more reasonable price/gig; that top 10% of users
> won't replace the lost revenue. So even providers may have little incentive
> to change models, particularly if they have a vested interest in inhibiting
> the growth of video or usage in general.

How can an ISP make 10% of its money from overage charges unless they are
doing usage-based billing? If you’ve got an AYCE plan, you don’t have
overages. If you don’t, then you have some form of usage based billing.

The varieties of usage based billing that are available are a far less
interesting exercise.

Owen

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Mikael Abrahamsson 

On Sat, 9 Jan 2016, Jeremy Austin wrote:

Let me be a consumer advocate for a moment. One of the reasons consumers 
are averse to usage-based billing is that the tech industry has not put 
good tools into their hands. While it is possible to disable automatic 
updates, set Windows 10's network settings to "metered", and micromanage 
your bandwidth, in general:


I encourage people to start engaging in the IETF MIF working group, that 
could be one piece of the puzzle to create this toolset for the customer. 
It would mean one can communicate properties for different network 
connections.


Imagine you setting the mobile connection to "metered" and that you want 
to keep bw usage low on this link, then your applications could be 
configured (hopefully they would come with this as default) so that 
backups won't happen over this connection, and lower video bitrate is used 
than what TCP could indicate to the application is available.


It's of course better if the application do these choices than for the ISP 
to have an middle-box that tries to affect applications by means of TCP 
rate-adaptation trickery.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Alex Buie 
Ugh, I had to deal with this almost daily at $large_metered_us_carrier. We
have WiFi hotspots and USB modems and inevitably the customers who usually
use <2GB and have plans based on that usage got slapped with huge Windows
10 overages. Explaining that no, your "geebee" meter isn't broken,
Microsoft just shafted you got so tiring, especially when they don't have
the faintest clue what Windows Update or data or anything of the sort mean,
just barely enough to sign into their AOL account and check the weather.

The bad part is how aggressively Microsoft is downloading it to your HD
even if you don't accept it. (See Windows.BT folder, )

I am "eagerly" awaiting the next wave of update renaming/repushing.

> On Jan 9, 2016 2:57 PM,  wrote:
>>
>> On Sat, 09 Jan 2016 11:12:16 -0600, Mike Hammett said:
>> > Bytes uploaded and\or downloaded. That's all that should matter.
Initiated by
>> > you or not.
>>
>> You want to be the one explaining to your customer that the reason they
>> got charged for 20G of unexpected transfer was because their 3 Windows 8
>> machines each downloaded Windows 10 without telling them?

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Alan Buxey 
For the sake of security of all internet connected hosts - especially in this 
new era of even more IOT junk , security updates,  firmware and new OS updates 
should be granted libre data rates so that users who keep their devices updated 
are not penalised. 

as for carriers pipes...will, if multicast was seriously taken up then eg OS 
updates could be streamed out on regular updates 

alan

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Max Tulyev 
(chewing my pop-corn) Eh... I would like to have that kind of problems!

Here we sell a residental 1Gbps for $5/mo with really unlimited traffic,
and have a lot of complaint calls if there is slightly less than 1Gbps
for that particular users.

THAT is how the high competitive market works! ;)

On 09.01.16 16:06, Mike Hammett wrote:
> Valid points. 
> 
> The best solution for everybody is the solution most consumers are adverse 
> to, which is usage based billing. Granted, many times the providers have shot 
> themselves in the foot by making the charges punitive instead of based on 
> cost plus margin. Reasonable $/gig for everybody! :-) 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> 
> 
> Midwest Internet Exchange 
> http://www.midwest-ix.com 
> 
> 
> - Original Message -
> 
> From: "Alan Buxey"  
> To: "Mike Hammett"  
> Cc: "North American Network Operators' Group"  
> Sent: Saturday, January 9, 2016 4:38:58 AM 
> Subject: Re: Binge On! - get your umbrellas out, stuff's hitting the fan. 
> 
> You're assuming that people are only using phones with their SIM - those that 
> use a mifi dongle and thus view content on a tablet or laptop will notice 
> 
> We could rate limit traffic from YouTube to 1.5mbps and let the adaptive 
> streaming knock the steam to 480p bit our users with 100mbit connections 
> might wonder why they cannot view 720p or 1080p - and why spicy they view 
> such content - its like putting back the web and online video services 5 
> years. Where does it stop? 320x240 ? 
> 
> Bulk data and background update processes are things that could possibly by 
> throttled - after all, that's pretty much what QoS does. Most of my phone 
> data is google play software updates and on woes phone ios and itunes store 
> updates - it doesn't matter if the update ticks along in the background. 
> Audio and video need to be good. 
> 
> alan 
>

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Christopher Morrow 
On Sun, Jan 10, 2016 at 9:04 AM, Alan Buxey  wrote:
> For the sake of security of all internet connected hosts - especially in this 
> new era of even more IOT junk , security updates,  firmware and new OS 
> updates should be granted libre data rates so that users who keep their 
> devices updated are not penalised.

so, just for the sake of the discussion, how would you do this? Keep
in mind that you probably can't (as a carrier) prefer one 'os' over
another, and you will likely have to deal with everything from Windows
to gentoo and all the tiny raspbian/etc in the middle.

How would a carrier identify and track over time the sources of this
traffic? (note that a 'registry of update sources' probably also won't
fly)

> as for carriers pipes...will, if multicast was seriously taken up then eg OS 
> updates could be streamed out on regular updates

multicast, yes, of course. So... it hasn't worked yet in the last ~20
yrs of the internet, it'll work now because?

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Valdis . Kletnieks 
On Sun, 10 Jan 2016 14:04:13 +, Alan Buxey said:

> as for carriers pipes...will, if multicast was seriously taken up then eg OS
> updates could be streamed out on regular updates

You can multicast the Super Bowl, because to a rather high rate of accuracy
you can assume that everybody who wants to watch the Super Bowl in real time
is tuned in and catching the stream.

It doesn't work as well for software updates, because while I know I'm in
a "No cellular coverage" area hiking the south side of Mt Rogers during the
Super Bowl, and I don't care because I'm no a big pro football fan, my cell
phone may care if it misses an update because of it.

Actually - it probably *won't*, because I'll likely be hiking long enough that
my phone will *never notice* that it missed an update.  So now you need to
find a way to make *reverse* multicast work, so that the update server doesn't
get pounded with several million requests once an hour asking "Did I miss an
update?:


pgpWQb3jMFKB8.pgp
Description: PGP signature

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread John Levine 
>> as for carriers pipes...will, if multicast was seriously taken up then eg OS
>> updates could be streamed out on regular updates

Given that a lot of these updates are happening in the background
without any interaction with the users, I'd think they'd be ideal for
network-un-neutral traffic shaping, throttle them when people are
doing something else, open them up at 3 AM.

In a more reasonable world, I agree that multicasting Windows Update
would make sense, but that would require a whole lot of agreements
from people who aren't inclined to agree.  Also remember that
multicasting only gets you so far, and I would be surprised if you
could multicast over the wireless last mile more efficiently than
unicasting.

R's,
John

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Randy Bush 
>>> as for carriers pipes...will, if multicast was seriously taken up
>>> then eg OS updates could be streamed out on regular updates
> 
> Given that a lot of these updates are happening in the background
> without any interaction with the users

maybe for your customers, but not so true for our user base or others
with which i have experience.  wise folk want control of patching.  and
it's not only IT departments, but end users.

cheeringly, even end users are becoming more cautious, at least those
who have survived :)

otoh, smart devices may tilt this over time.  the security aspects of
this are an amusing and horrifying subject of discussion in the opsec
and other communities.

randy

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread Mike Hammett 
John Doe end user doesn't even know what updating is, much less wants to 
control it or even do it. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

- Original Message -

From: "Randy Bush"  
To: "John Levine"  
Cc: "North American Network Operators' Group"  
Sent: Sunday, January 10, 2016 4:54:34 PM 
Subject: Re: Binge On! - get your umbrellas out, stuff's hitting the fan. 

>>> as for carriers pipes...will, if multicast was seriously taken up 
>>> then eg OS updates could be streamed out on regular updates 
> 
> Given that a lot of these updates are happening in the background 
> without any interaction with the users 

maybe for your customers, but not so true for our user base or others 
with which i have experience. wise folk want control of patching. and 
it's not only IT departments, but end users. 

cheeringly, even end users are becoming more cautious, at least those 
who have survived :) 

otoh, smart devices may tilt this over time. the security aspects of 
this are an amusing and horrifying subject of discussion in the opsec 
and other communities. 

randy

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

2016-01-10 Thread John R. Levine 

Given that a lot of these updates are happening in the background
without any interaction with the users


maybe for your customers, but not so true for our user base or others
with which i have experience.  wise folk want control of patching.  and
it's not only IT departments, but end users.


The Windows 10 stuff generally downloads in the background, then it pops 
up and tells you how wonderful it is.  Most of the end users I know have 
Windows Update set to do its thing automatically, and even if it's not 
installed automatically it'll often download and then ask whether you want 
to install it.



otoh, smart devices may tilt this over time.  the security aspects of
this are an amusing and horrifying subject of discussion in the opsec
and other communities.


No kidding.

R's,
John

Re: Anonymous Threats

2016-01-10 Thread Ishmael Rufus 
I'll keep a look out

On Sun, Jan 10, 2016, 5:02 PM Eric Rogers  wrote:

> Our local community has recently had threats where the user has a
> FaceBook profile and is threatening the schools, and several surrounding
> schools, saying he is going to shoot everyone and blow them up... This
> is an investigation, but it is getting out of hand.  Several police/FBI
> raids, but yielded no results, and/or did not catch the right person.
> He/she is taunting them, local and federal.
>
>
>
> I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> something similar.  Is there any way to sniff for that type of traffic
> on my network?  I want to make sure that they are not using us as the
> source.
>
>
>
> Any thoughts on how to catch this person?  Even if it isn't us, and it
> is somewhere else I would like to put a stop to it.  Preferably off-list
> if you do respond...
>
>
>
> Thanks in advance.
>
>
>
> Eric Rogers
>
>
>
>
>
> www.pdsconnect.me
>
> (317) 831-3000 x200
>
>
>
>

Re: Anonymous Threats

2016-01-10 Thread Scott Fisher 
Report it to the authorities and trust that they can handle it,..no matter
how difficult that is. Remember your place that you are just the
admin/operator and not the hero. If they need your help, law enforcement
will ask for it.

Sucks but what would you do if you found his IP address? Go to his house?
No matter what, law enforcement needs to own the problem.

Thanks,
Scott

On Sunday, January 10, 2016, Notmatt Pleaseignore 
wrote:

> I think if the FBI wants your help, they'll let you know.
>
> In the meantime, I would probably avoid anything that looked like you are
> spying on your customers, especially if you are explicitly targeting
> customers who are attempting to anonymize their traffic (for whatever
> reason). No matter how well intentioned. I can see a number of downsides...
>
> But in simple terms, if its Facebook, its HTTPS, and seems you are
> basically done there. Regardless what anonymous transport they use, you
> wouldn't be able to see what they are up to...
> On Jan 10, 2016 6:14 PM, "Josh Reynolds"  > wrote:
>
> > Even if you find somebody running TOR, you can't see inside it. They also
> > could simply be running an exit node, or $reason.
> > On Jan 10, 2016 5:02 PM, "Eric Rogers"  > wrote:
> >
> > > Our local community has recently had threats where the user has a
> > > FaceBook profile and is threatening the schools, and several
> surrounding
> > > schools, saying he is going to shoot everyone and blow them up... This
> > > is an investigation, but it is getting out of hand.  Several police/FBI
> > > raids, but yielded no results, and/or did not catch the right person.
> > > He/she is taunting them, local and federal.
> > >
> > >
> > >
> > > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> > > something similar.  Is there any way to sniff for that type of traffic
> > > on my network?  I want to make sure that they are not using us as the
> > > source.
> > >
> > >
> > >
> > > Any thoughts on how to catch this person?  Even if it isn't us, and it
> > > is somewhere else I would like to put a stop to it.  Preferably
> off-list
> > > if you do respond...
> > >
> > >
> > >
> > > Thanks in advance.
> > >
> > >
> > >
> > > Eric Rogers
> > >
> > >
> > >
> > >
> > >
> > > www.pdsconnect.me
> > >
> > > (317) 831-3000 x200
> > >
> > >
> > >
> > >
> >
>


-- 
Scott

Anonymous Threats

2016-01-10 Thread Eric Rogers 
Our local community has recently had threats where the user has a
FaceBook profile and is threatening the schools, and several surrounding
schools, saying he is going to shoot everyone and blow them up... This
is an investigation, but it is getting out of hand.  Several police/FBI
raids, but yielded no results, and/or did not catch the right person.
He/she is taunting them, local and federal.

 

I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
something similar.  Is there any way to sniff for that type of traffic
on my network?  I want to make sure that they are not using us as the
source.

 

Any thoughts on how to catch this person?  Even if it isn't us, and it
is somewhere else I would like to put a stop to it.  Preferably off-list
if you do respond...

 

Thanks in advance.

 

Eric Rogers



  

www.pdsconnect.me

(317) 831-3000 x200

Re: Anonymous Threats

2016-01-10 Thread Josh Reynolds 
Even if you find somebody running TOR, you can't see inside it. They also
could simply be running an exit node, or $reason.
On Jan 10, 2016 5:02 PM, "Eric Rogers"  wrote:

> Our local community has recently had threats where the user has a
> FaceBook profile and is threatening the schools, and several surrounding
> schools, saying he is going to shoot everyone and blow them up... This
> is an investigation, but it is getting out of hand.  Several police/FBI
> raids, but yielded no results, and/or did not catch the right person.
> He/she is taunting them, local and federal.
>
>
>
> I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> something similar.  Is there any way to sniff for that type of traffic
> on my network?  I want to make sure that they are not using us as the
> source.
>
>
>
> Any thoughts on how to catch this person?  Even if it isn't us, and it
> is somewhere else I would like to put a stop to it.  Preferably off-list
> if you do respond...
>
>
>
> Thanks in advance.
>
>
>
> Eric Rogers
>
>
>
>
>
> www.pdsconnect.me
>
> (317) 831-3000 x200
>
>
>
>

Re: Anonymous Threats

2016-01-10 Thread Todd Crane via NANOG 
I’m pretty sure that is what TOR was designed to prevent. While your intent may 
be altruistic, technologically speaking, there is no difference between that 
and say Iran or China sniffing out traffic.


> On Jan 10, 2016, at 3:59 PM, Eric Rogers  wrote:
> 
>  Is there any way to sniff for that type of traffic
> on my network?



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Anonymous Threats

2016-01-10 Thread Notmatt Pleaseignore 
I think if the FBI wants your help, they'll let you know.

In the meantime, I would probably avoid anything that looked like you are
spying on your customers, especially if you are explicitly targeting
customers who are attempting to anonymize their traffic (for whatever
reason). No matter how well intentioned. I can see a number of downsides...

But in simple terms, if its Facebook, its HTTPS, and seems you are
basically done there. Regardless what anonymous transport they use, you
wouldn't be able to see what they are up to...
On Jan 10, 2016 6:14 PM, "Josh Reynolds"  wrote:

> Even if you find somebody running TOR, you can't see inside it. They also
> could simply be running an exit node, or $reason.
> On Jan 10, 2016 5:02 PM, "Eric Rogers"  wrote:
>
> > Our local community has recently had threats where the user has a
> > FaceBook profile and is threatening the schools, and several surrounding
> > schools, saying he is going to shoot everyone and blow them up... This
> > is an investigation, but it is getting out of hand.  Several police/FBI
> > raids, but yielded no results, and/or did not catch the right person.
> > He/she is taunting them, local and federal.
> >
> >
> >
> > I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> > something similar.  Is there any way to sniff for that type of traffic
> > on my network?  I want to make sure that they are not using us as the
> > source.
> >
> >
> >
> > Any thoughts on how to catch this person?  Even if it isn't us, and it
> > is somewhere else I would like to put a stop to it.  Preferably off-list
> > if you do respond...
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> > Eric Rogers
> >
> >
> >
> >
> >
> > www.pdsconnect.me
> >
> > (317) 831-3000 x200
> >
> >
> >
> >
>