fale@machine:~$ tcptraceroute -f 128 -m 128 thepiratebay.se
Selected device venet0, address 5.9.249.8, port 40771 for outgoing packets
Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max
128 thepiratebay.org (194.71.107.15) [open] 51.673 ms 49.002 ms 47.187 ms
That server is in Germany, no way it's possible to have 50ms to NK. Also traditional traceroute has 500ms+ RTT.
They are faking/spoofing the ICMP responses.
They are also prepending their route advertisement with corresponding AS paths to further disguise it.
194.71.107.0/24 *[BGP/170] 02:10:36, MED 0, localpref 150, from 80.91.255.255
AS path: 2914 39138 22351 131279 51040 I
AS39138 is probably the real upstream provider of TBP. They peer with AS51040(TPB network) and TPB router prepends AS22351(Intelsat) and AS131279(North Korean ISP) into it's AS Path before advertising it to AS39138.
Exactly. Here is a collection of route-servers and looking glasses which tell you what path a route from ISP x to IP y will take. http://www.bgp4.as/looking-glasses
You will see that every single route to 194.71.107.0/24 will travel through AS39138.
That server is in Germany, no way it's possible to have 50ms to NK. Also traditional traceroute has 500ms+ RTT.
They are faking/spoofing the ICMP responses. They are also prepending their route advertisement with corresponding AS paths to further disguise it.
From TeliaSonera looking glass http://lg.telia.net/
194.71.107.0/24 *[BGP/170] 02:10:36, MED 0, localpref 150, from 80.91.255.255 AS path: 2914 39138 22351 131279 51040 I
AS39138 is probably the real upstream provider of TBP. They peer with AS51040(TPB network) and TPB router prepends AS22351(Intelsat) and AS131279(North Korean ISP) into it's AS Path before advertising it to AS39138.