"After Being Cut From Norway, The Pirate Bay Returns From North Korea" or is it just BGP Tricks
The Pirate Bay have released a press release that they are now hosted out of North Korea: "The Pirate Bay has been hunted in many countries around the world. ....This is truly an ironic situation. We have been fighting for a free world, and our opponents are mostly huge corporations from the United States of America, a place where freedom and freedom of speech is said to be held high...... ...We believe that being offered our virtual asylum in Korea is a first step of this country's changing view of access to information......." http://falkvinge.net/2013/03/04/after-being-cut-from-norway-the-pirate-bay-r... https://thepiratebay.se/blog/229 But there is a lot of debate on Reddit that they are not really in North Korea and just doing some BGP trickery: "Anyone can hijack an AS number and not cause any issues for the real user – In this case The Pirate Bay set up a Sat dish in Phenom Penh, Cambodia – Intelsat gives them a BGP session there. The peer net for BGP handoff is 175.45.177.217/30, .216 is Intelsats side and .217 is The Pirate Bay’s. One can use ANY IP they wish for these handoffs, internal, their own, “hijacked” – In this case The Pirate Bay “hijacked” 2 IPs from the North Korean network which does not matter for them as this is only acessible from their side, not from the internet. TBP then injected AS131279 as peer in the upstream table – so it does not look like this: AS22351 – AS51040 But instead: AS22351 – AS131279 – AS51040 This is possible because either Intelsat does not filter BGP announcements (unlikely) or TBP wrote a fake LOA for this AS (likely). Now as we traceroute the TBP IP we see the /30 subnet used for the handoff in Phenom Penh, which is why TPB says it is in North Korea – The ICMP (ping) reply from the IP makes it seem legit but does actually come from and entirely different network (aka the real Star-KP network). (Theres some more but i spare you that as it is pretty technological – for example that AS131279 does not hand over AS51040 routes to AS4737)." http://www.reddit.com/r/technology/comments/19nb00/after_being_cut_from_norw... Anybody have an input on this and able to confirm or deny the claims of BGP Hijacking? -- BaconZombie LOAD "*",8,1
On Mon, Mar 04, 2013 at 09:43:05PM +0000, Bacon Zombie <baconzombie@gmail.com> wrote a message of 71 lines which said:
But there is a lot of debate on Reddit that they are not really in North Korea and just doing some BGP trickery:
And ICMP trickery, to send false ICMP replies (with a delay) to traceroute requests. I am certain they are not in North Korea. The TCP latency when you connect with HTTP to thepiratebay.se if < 40 ms, something which you cannot have from North Korea.
Seems easy enough to convince North Korea that they should announce my prefixes... ;)
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Stephane Bortzmeyer <bortzmeyer@nic.fr> Date: 03/05/2013 10:55 AM (GMT-05:00) To: Bacon Zombie <baconzombie@gmail.com> Cc: nanog@nanog.org Subject: Re: "After Being Cut From Norway, The Pirate Bay Returns From North Korea" or is it just BGP Tricks On Mon, Mar 04, 2013 at 09:43:05PM +0000, Bacon Zombie <baconzombie@gmail.com> wrote a message of 71 lines which said:
But there is a lot of debate on Reddit that they are not really in North Korea and just doing some BGP trickery:
And ICMP trickery, to send false ICMP replies (with a delay) to traceroute requests. I am certain they are not in North Korea. The TCP latency when you connect with HTTP to thepiratebay.se if < 40 ms, something which you cannot have from North Korea.
It was a hoax http://www.pcworld.com/article/2030073/the-pirate-bay-admits-to-north-korean... On Tue, Mar 5, 2013 at 10:10 AM, Warren Bailey < wbailey@satelliteintelligencegroup.com> wrote:
Seems easy enough to convince North Korea that they should announce my prefixes... ;)
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Stephane Bortzmeyer <bortzmeyer@nic.fr> Date: 03/05/2013 10:55 AM (GMT-05:00) To: Bacon Zombie <baconzombie@gmail.com> Cc: nanog@nanog.org Subject: Re: "After Being Cut From Norway, The Pirate Bay Returns From North Korea" or is it just BGP Tricks
On Mon, Mar 04, 2013 at 09:43:05PM +0000, Bacon Zombie <baconzombie@gmail.com> wrote a message of 71 lines which said:
But there is a lot of debate on Reddit that they are not really in North Korea and just doing some BGP trickery:
And ICMP trickery, to send false ICMP replies (with a delay) to traceroute requests.
I am certain they are not in North Korea. The TCP latency when you connect with HTTP to thepiratebay.se if < 40 ms, something which you cannot have from North Korea.
participants (4)
-
Bacon Zombie
-
Grant Ridder
-
Stephane Bortzmeyer
-
Warren Bailey