I'll admit it. I've broken the law, and I'm heading for jail. I expect I'll do the full 4 years in a Detroit maximum security penitentiary.

If they ever catch me. *grin*

I thought I was doing a public service by teaching people how to construct firewalls and perform advanced networking techniques, but according to the Michigan Legislature, I have committed a felony because I have "advertised plans or written instructions that I intend to be used or know or have reason to know will be used or is likely to be used to violate subsection (1)." 750.540c(3) The relevant piece of subsection 1 is "(b) Conceal the existence or place of origin or destination of any telecommunications service."

I've had instructions up on my web site since July 25th of last year on how to modify the destination address of TCP/IP packets; search down for "... -m state --state NEW -j DNAT --to-destination 1.2.3.4:5555". This conceals the destination of the original packet.

Interestingly enough, 750.540c(1)(a) limits its scope to "obtaining a telecommunications service with the intent to avoid...any lawful charge for the telecommunications service", but 750.540c(1)(b) does not limit itself that way.

According to subsection (6), "any unlawful telecommunications access device involved in violation of this section...may be destroyed or retained.". That's a real shame - I've enjoyed the laptop on which I wrote the article, and I'm going to have a hard time explaning to my boss why my company supplied laptop was doused in gasoline and torched by the Michigan State Police.

I can't even hide behind the fact that I wrote the article in New Hampshire, because subsection (8) says the "violation...is considered to have occured at the place...where the...access device is...delivered to another person." All it takes is one Michigan resident to read that web page.

Melodrama aside, this is a wonderful example of an overly broad bill actually passing and becoming law. If you took the wording literally, this law could make any of the following illegal.

• Any form of Masquerading or NAT, including connection sharing, port forwarding, or redirection. This would include sharing an IP address between the operating system on the physical computer and the operating system(s) on any virtual machines on it.
• Using VNC, PC Anywhere, GotoMyPC, or any other remote control tool, and making an outbound connection from the controlled machine.
• Making a connection to a remote computer with telnet, rsh, ssh and making an outbound connection from that machine.
• Running an X windows application on another machine and making outbound connections with it.
• Using a proxy firewall, your ISP's DNS server, or any proxy on a machine other than the one at which you're sitting. Good luck using the Internet without using your ISP's DNS server.
• Using CNAME records to obscure the actual target system for a hostname.
• Using MX records to use more than one mail server to accept mail for a given domain.
• In fact, using DNS domain names at all is concealing the destination of the telecommunications service; you're advertising a readable name like www.michiganlegislature.org, but the communication is going to 198.109.173.10.
• Using a domain name that doesn't match your status, for example, a government institution like the Michigan legislature using "michiganlegislature.org" when it should be using a .gov domain.
• The use of ssh, ipsec, or any vpn technology to encrypt or tunnel traffic.
• Merely tunneling IP packets or performing proxyarp is considered "concealing the place of origin or destination of any telecommunications service."
• Using load balancing software or round-robin DNS to use more than one physical computer to provide web content under one hostname.
• Changing the "From:" address in email software to a host or domain different from the machine on which the message was created. I guess I can't use the pobox.com domain anymore.
• Using anonymous email services. In fact, using any email address other than "[email protected]" - and that includes hotmail, yahoo.com, and hundreds of other email providers.
• Using Invisible IRC anonymous IRC, freenet file sharing, or any peer to peer file sharing tool that routes requests through other machines.
• Posting anonymously to a web site, Usenet newsgroup, or mailing list.
• Using the Freenet6 IPV6 gateway. In fact, just about any use of IPv6 where packets get tunneled would be illegal.
• Using wireless ethernet.
• Blocking ping or traceroute packets at a firewall could conceal the source or destination of other connections.
• Modifying your Operating System's fingerprint so that scanning tools report that your machine has a different operating system.
• With a little bit of a mental stretch, everyone connecting to the Internet using any Ethernet card could be considered breaking this law, as the true destination of a network packet is the Mac address of that Ethernet card, but this is concealed from the outside world; they only see IP addresses and the IP to Mac address conversion is only done at the Ethernet network.
• 750.540c(1)(c) Sniffing traffic from an ethernet cable that carries traffic - say Netbios packets - intended for somebody else.
• Distributing or selling an operating system that might be used to masquerade IP traffic. With Linux' Masquerading and Microsoft's connection sharing, just about every PC sold in the state of Michigan from this point on would break this law.
• Getting Internet access at an Internet cafe or public library.
• Using someone else's phone or a pay phone to make a call.
• Forwarding your phone to your cell phone.
• Blocking caller ID for a phone call.
• Using a fax service at a place like Mailboxes, etc. or a hotel.

Because of the implications of load balancing, round-robin DNS, CNAME records, MX records, and NAT/conection sharing, I believe you'd actually have a hard time finding a single Michigan business that is not breaking the law. That includes the Michigan legislature itself - breaking the law by using a CNAME record for their own web site:

www.michiganlegislature.org. 81559  IN  CNAME  michiganlegislature.org.
michiganlegislature.org.     81561  IN      A  198.109.173.10

I can't wait to see them lead themselves off in chains. :-)

From the above list, I may be up for prosecution under an habitual offender law as well. In fact, similar laws are up for review in 8 other states. I sure hope they don't find out about the hundreds of times I've run a sniffer on an Ethernet cable.

William is an Open-Source developer, enthusiast, and advocate from New Hampshire, USA. His day job at SANS pays him to work on network security and Linux projects. Or, at least, it did until he went on the run from the law.

This article is Copyright 2003, William Stearns <[email protected]>. The opinions expressed here are Bill's alone and do not reflect the opinions of any other individual, company, or organization, including Open Source Digest and Sans.