Demonstration of ConceptChiapas, Mexico - January 3rd, 2000 - the Zapatista Air Force "bombarded" the federal barracks of the Mexican Army with hundreds of paper airplanes. Each airplane carried a message for the soldiers monitoring the border. In remembrance of this event the Electronic Disturbance Theater (EDT) releases a digital version of the Zapatista Air Force Action: the Zapatista Tribal Port Scan.
What is a port?
A port is an abstraction for the connection points used for network services, such as e-mail and the WWW. Every computer connected to the Internet has 65536 ports through which other computers on the net might establish socket connections. Common services such as http (the web) and e-mail are implemented as socket connections, using standard ports such as 80 (http), and 25 (smtp).
What is a port scan?
It is possible, actually common, to attempt to make socket connections on a server's multitude of ports in order to determine what services reside on that machine.
Why scan ports?
Port scans should be non-controversial. If your machine is connected to the Internet, you are exposing all of your ports, and you should expect connection attempts on any of them. Because a port scan is sometimes, very rarely, a prelude to hacking attempts, many fascist leaning system administrators mistakenly classify the port scan itself as a hostile act. But just because a port scan may on rare occasions reveal an exploitable weakness, it is not the same as actually exploiting the weakness. It is no different in principle from counting the windows and doors of a secure building from a public sidewalk. If a machine is on the public Internet, the ports are visible from that public sidewalk. It is the responsibility of building security to evaluate any threat, no law can be passed against looking. (Except under fascism, of course.)
Who is paranoid about their ports?
Typically it is the most powerful who can afford the high cost of total paranoia. Some systems utilize sophisticated security software that report on every attempted connection, or warn administrators about large numbers of unusual connection attempts. From this you may draw your own conclusions about exactly whose machines and people are likely to pay attention to the kind of tribal scan that ZTPS performs.
What is Tribal?
Tribal is a term that refers to the use of more than one computer (their different network identities), to distribute the work. The Zapatista Tribal Port Scan uses the Java Virtual Machine available in all standard web browsers to implement the port scan. The participating user simply visits the web site URL of a ZTPS implementation, and the scanning begins. Designed to be opened in a smallish browser window and minimized for all day scanning at home, work, or school, the ZTPS applet will scan a random port on a particular machine (chosen by the implementers posting the ZTPS site), from once per minute to once per hour, selectable by the user. Using both TCP and UDP socket connections, ZTPS may be configured to randomly select from an implementer-selected list of text messages, some of which may be logged by targeted machines. (Messages flying over the fence.) A download button in the applet interface makes it easy for users to download ready-to-implement software, and full source code for their own purposes, (or for modification). ZTPS effectiveness improves with the number of participating user/activists, so collective participation, as always, is very important.
Why a Zapatista Port Scan?
The Zapatistas are winning the war. Their intelligent and calculated application of the responsibility to risk, their creativity and conceptual edge in terms of activism, and their commitment to provocative transgressions that turn the opposition's borders into Zapatista assets, all point toward port scanning as an activist tool, and conceptual art. (Remember that Subcomandante Marcos was a Professor of Digital Media.)
EDT offers ZTPS to the community of net activists and artists with a few requests. Please improve, mutate, grow and spread the code. (Click the download button in the ztps interface for a complete archive.) Please also think of the system administrators who will pick up your packet airplanes when they land in the security logs on the other side of the fence;-)
ImplementationThere are two ways to implement ztps on the client side.
Code signing:If you wish to implement ztps via the web as an applet, you will need to acquire a code signing certificate from a certification authority and sign the applet code. This will enable the mobile code to ask the individual user for permission to make the network connections necessary to scan a third site. If you do not, the applet will not connect to the target server, giving output similar to this:
port 63351: trying TCP="tactical media"; no connection; com.ms.security.SecurityExceptionEx[socketChecker.run]: cannot connect to "www.whitehouse.gov"
This is because the applet loaded from (in this case) switch.sjsu.edu is trying to connect to another server (www.whitehouse.gov). The target server is not being scanned. The only work around for a mass demonstration is to sign the applet code (which may require code modification for some browsers), or to encourage users to download the ztps archive and run it as a local application.
Java Code signing resources:Excellent educational resource by Roedy Green
Get a Certificate
Get JavaUsers who wish to run ztps as an application can refer to the following resources. You will need to download a Java virtual machine suitable for Java 1.1.x programs.
Sun's Java site:
Java 2 Platform - install the Java runtime environment on your system
and you can run ztps as a desktop application:
Related links on port scanningWired articles on the Draft Convention on Cyber-crime, a proposed international treaty that could make port scan illegal world wide.
Privacy a Likely Loser in Treaty
Police Treaty a Global Invasion?
Draft Convention onCyber-crime (Council of Europe)
Wired article on Norwegian Supreme Court Decision:
Dec 23 1998 http://www.wired.com/news/politics/0,1283,17024,00.html