Zapatista Tribal Port Scan: A Demonstration Tool

From ricardo dominguez <>
Date Mon, 15 Jan 2001 20:27:28 -0500

[: hacktivism :]

Zapatista Tribal Port Scan:

A Demonstration Tool

by the Electronic Disturbance Theater

Chiapas, Mexico - January 3rd, 2000 - the Zapatista Air Force "bombarded"

the federal barracks of the Mexican Army with hundreds of paper airplanes.

Each airplane carried a message of peace for the Mexican Army soldiers
monitoring the borders of the Zapatista communities. In remembrance of

this event the Electronic Disturbance Theater (EDT) releases a demonstration

of this electronic translation of the Zapatista Air Force Action:

the Zapatista Tribal Port Scan.* A direct-action tool for net.activist,

net.artists, and net.hacktivist everywhere.

*For the source code distributed on Jan, 3, 2000 by EDT of the

"zapatista tribal port scan (ZTPS)", go to EDT’s homepage.**

Electronic Disturbance Theater

P.S. On December 2, 2000, subcomandante Marcos announced that
the central command of the Zapatista National Liberation Army (EZLN)

will travel to Mexico City in February, to lobby for passage of the

San Andres Accords. For Marcos and the Zapatista leadership, this

will be their first public appearance outside of Chiapas since their

uprising began in 1994. In announcing their historic trip to Mexico City,

Marcos has invited the accompaniment of national and international civil society

to join the Zapatistas from February 24 to March 10. The trip to Mexico City

will start in San Cristóbal de Las Casas, Chiapas, on February 24 and

end in Mexico City on March 6. The Electronic Disturbance Theater will

join the procession - we invite all of you to join also.

Zapatista March 2001


***[[Message Sideload]]***

Zapatista Army of National Liberation.

January 12, 2001.

To Civil Society:


I am writing to you while it is raining and we are waiting here for the
return of the companeros and companeras who went to the march in San
Cristobal de Las Casas. In a manner which is not customary for us, we are
trying to keep you informed as to how things are going here through letters
like this.

The Zapatista Information Center's mailbox has been quickly filling, being
emptied, and filling up again. Greetings and mobilization proposals from
various states in the Republic are arriving. In the D.F., for example, a
very detailed proposal came from U.A.M. which, however, presents serious
inconveniences. For example, they invite us to dine, but how are we going
to eat with our ski-masks on? Ah, really? So the promises about improving
the menu are of no use if, whenever they want, we're going to end up being
fed intravenously. In Ciudad Juarez, Chihuahua, they were handing out
flyers in the streets today, and in Tijuana, B.C., they held a rally. From
Guanajuato, Morelos, Oaxaca, Puebla and Hidalgo, they are asking us for the
dates and our itinerary in their states. Fine, we're going to make this
public when we have it ready. Don't worry, and have the parties ready.

On the international level, the influx is no less: a delegation of
Italians, between 200 and 300 persons, confirmed that they will be arriving
in Mexico in February, and they'll be prepared for being expelled. From
San Francisco, California, U.S., they are advising us they will be coming
to accompany the delegation, and they will be informing the "Frisco"
community of everything that happens along the route and during the stay in
the D.F. From Switzerland, they have confirmed the attendance of a
delegation. We are being advised of the same from Argentina and France.
In the State of Spain, they don't stop. In addition to hanging from towers
and mountains, they are going to set out (they don't say by what means, but
I imagine it won't be walking) to throw themselves into the entire route.

Something verrry important: accommodations. And I'm not referring to the
accommodations for the zapatista delegation, but those for all the people
who, from the states of the Republic and from other parts of the world, are
going to participate in the march along with us. An idea: that
organizations and groups which can offer places to put people up please
advise the Zapatista Information Center, and the "pilgrims" can then be

Concerning the technological breakthroughs, I am informing you that the Web
page is now functioning. The address is: I am
taking the opportunity to make a request of all the web pages that already
exist, or which refer to the zapatones and their movement: please put in a
"link" or "pass", or whatever it's called, so that those visiting your
pages can also have access to the one about the current mobilization. We
also have our e-mail address now. The address is:

Good, that's how things are up to now. We'll be passing along more
information to you in the next one.

Vale. Salud, and may peace come soon dot com.

>From the mountains of the Mexican Southeast.

Subcomandante Insurgente Marcos.
Mexico, January of 2001.


Zapatista Tribal Port Scan: A Demonstration Tool.

What is a port?

A port is an abstraction for the connection points used for network services,

such as e-mail and the WWW. Every computer connected to the Internet

has 65536 ports through which other computers on the net might establish

socket connections. Common services such as http (the web) and e-mail are
implemented as socket connections, using standard ports such as 80 (http),

and 25 (smtp).

What is a port scan?

It is possible, actually common, to attempt to make a socket connections

on a server's multitude of ports in order to determine what services reside

on that machine. Why scan ports? Port scans should be non-controversial.

If your machine is connected to the Internet, you are exposing all of your

ports, and you should expect connection attempts on any of them. Because

a port scan is sometimes, very rarely, a prelude to hacking attempts,

many fascist leaning system administrators mistakenly classify the port

scan itself as a hostile act. But just because a port scan may on rare occasions
reveal an exploitable weakness, it is not the same as actually exploiting

the weakness. It is no different in principle from counting the windows

and doors of a secure building from a public sidewalk. If a machine is
on the public Internet, the ports are visible from that public sidewalk.

It is the responsibility of building security to evaluate any threat, no

law can be passed against looking. (Except under fascism, of course.)

Who is paranoid about their ports?

Typically it is the most powerful who can afford the high cost

of total paranoia. Some systems utilize sophisticated security

software that report on every attempted connection, or warn

administrators about large numbers of unusual connection

attempts. From this you may draw your own conclusions about
exactly whose machines and people are likely to pay attention

to the kind of tribal scan that ZTPS performs.

What is Tribal?

Tribal is a term that refers to the use of more than one computer

(their different network identities), to distribute the work.

The Zapatista Tribal Port Scan uses the Java Virtual Machine

available in all standard web browsers to implement the port scan.

The participating user simply visits the web site URL of a ZTPS
implementation, and the scanning begins. Designed to be opened

in a smallish browser window and minimized for all day

scanning at home, work, or school, the ZTPS applet will scan

a random port on a particular machine (chosen by the

implementers posting the ZTPS site), from once per minute

to once per hour, selectable by the user. Using both TCP and

UDP socket connections, ZTPS may be configured to
randomly select from an implementer selected list of

text messages, some of which may be logged by targeted

machines. (Messages flying over the fence.) A download

button in the applet interface makes it easy for users to

download ready-to-implement software, and full source

code for their own purposes. ZTPS effectiveness improves

with the number of participating user/activists, so collective

participation, as always, is very important.

Why a Zapatista Port Scan?

The Zapatistas are winning the war. Their intelligent and calculated

application of the responsibility to risk, their creativity and conceptual

edge in terms of activism, and their commitment to provocative
transgressions that turn the opposition's borders into Zapatista assets,

all point toward port scanning as an activist tool, and conceptual art.

(Remember that Subcomandante Marcos was a Professor of Digital Media. ;-)

EDT offers ZTPS to the community of net.activist, net.artists, and

net.hacktivist with a few requests: please improve, mutate, grow

and spread the code.

(Click the download button in the ZTPS interface for a complete archive.)

Please also think of the system administrators who will pick

up your packet airplanes with a poem when they land in the
security logs on the other side of the fence;-)


There are two ways to implement ZTPS on the client side.

1.The participant/user enters the URL of a signed ZTPS implementation

their web browser. The ZTPS then loads into the web browser and

begins scanning the domain pre selected by the implementers of
the ZTPS web site. Code signing is necessary, because the ZTPS

applet must be granted special permission to make a network

socket connection to any server other than the one from which

it itself loaded. (*see demonstration link below for an unsigned sample.)

2.Participants or users may download ZTPS, and run it locally

as a Java application. When running ZTPS as an application,

there are no applet security restrictions, so code signing is unnecessary.

When used as an application, the user can choose which site to

scan instead of having that choice made by the implementers

of a ZTPS web site.

Download Archive Here

*Visit ZTPS a demonstration of the ZTPS concept and interface here.

Go here:

This demo is hosted by the Computers in Art, Design, Research

and Education Digital Media Laboratory at San Jose State University.


Code signing:

If you wish to implement ZTPS via the web as an applet, you will need to

acquire a code signing certificate from a certification authority and

sign the applet code. This will enable the mobile code to ask the

individual user for permission to make the network connections

necessary to scan a third site. If you do not, the applet will not

connect to the target server, giving output similar to this:

port 63351: trying TCP="tactical media"; no connection;[]: cannot connect to

This is because the applet loaded from (in this case)

is trying to connect to another server (

The target server is not being scanned. The only work around for

a Mass Demonstration is to sign the applet code (which may

require code modification for some browsers), or to encourage

users to download the ZTPS archive and run it as a Local Application.

Java Code signing resources:

Excellent educational resource by Roedy Green
Signing Classes with the Netscape Object Signing Tool:
Signing Java Applets with Microsoft's Authenticode

Get a Certificate

Get Java

Users who wish to run ztps as an application can refer to the

following resources. You will need to download a Java virtual machine

suitable for Java 1.1.x programs.

Sun's Java site:

Java 2 Platform - install the Java runtime environment

on your system and you can run ztps as a desktop

Related links on port scanning

Wired articles on the Draft Convention

on Cyber-crime, a proposed international treaty that
could make port scan illegal world wide.

Privacy a Likely Loser in Treaty
Dec 7th 2000,1283,40576,00.html

"[The treaty] could also make it illegal to distribute some

kinds of security products used by system
administrators to secure their networks against intruders."

Police Treaty a Global Invasion?
October 17th 2000,1283,39519,00.html

"Technical experts have said Article 6 of the measure,

titled "Illegal Devices," could ban commonplace
network security tools like crack and nmap, which

is included with Linux as a standard utility."
(nmap is a sophisticated port scanner)

Draft Convention onCyber-crime (Council of Europe)

Wired article on Norwegian Supreme Court Decision:
Let the Web Server Beware

Dec 23 1998,1283,17024,00.html

"The essence of [the ruling] is that if you want to join the Internet,

you have to assure that you're protected," said Gunnel Wullstein,

president and CEO of Norman Data Security. "If you don't want to be
visited, close your ports."


Zapatista Tribal Port Scan: A Demonstration Tool.


Electronic Disturbance Theater

In Solidarity with the Zapatistas



Zapatista March 2001

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]