
The Pirate Bay – North Korean hosting? No, it’s fake - dewey
https://rdns.im/the-pirate-bay-north-korean-hosting-no-its-fake
======
tuomasb
It's fake but his analysis is wrong. TPB is still somewhere in Europe.
Otherwise you couldn't have 50ms RTT to thepiratebay.se TCP port 80 from
within Europe. I explained here how they do it
<http://news.ycombinator.com/item?id=5319720>

~~~
bradleyjg
From the discussion there it looks like the real host is

rrbone UG (haftungsbeschraenkt)

Leibnizstr. 8a

44147 Dortmund

GERMANY

<https://www.rrbone.net/>

~~~
runn1ng
Yes, he added a second part

[https://rdns.im/the-pirate-bay-north-korean-hosting-no-
its-f...](https://rdns.im/the-pirate-bay-north-korean-hosting-no-its-fake-p2)

------
moxie
Dude, this was a (really well executed) joke! It should be our responsibility
to help keep this shit going.

~~~
youngerdryas
Yes, let's make internet freedom a joke. But we already have anonymous for
that.

Edit: The real tragedy is the people excusing NK so they can have their way.
I'm not saying they are dumb, just unlucky at thinking.

Edit2: No defense of hackivists making a mockery of themselves? How much does
TPB make?

~~~
derleth
> The real tragedy is the people excusing NK so they can have their way.

I've read this sentence a few times, left, come back, and re-read it a few
times, and I still can't really make heads or tails of it.

Are you saying that people doing this (pretending their website is hosted in
North Korea) makes light of the suffering of people who live in North Korea? I
don't understand how you can conclude that: The whole point is that, as bad as
North Korea is, it still doesn't go after torrent sites. It wouldn't work if
North Korea were replaced with a country that actually has a lot of freedoms.

Are you implying that people should be working to end what's going on in North
Korea? Well, what can anyone do? Any serious attempt to force change would
simply lead to a massive, destructive war, killing most of the people that the
outside world wants to help.

~~~
youngerdryas
> The whole point is that, as bad as North Korea is, it still doesn't go after
> torrent sites.

You might be unlucky at thinking.

~~~
derleth
Hey, I never implied North Korea had any torrent sites to go after.

Besides, that's their thinking, not mine. If anyone's unlucky it's them.

~~~
youngerdryas
> as bad as North Korea is, it still doesn't go after torrent sites.

Because they don't have any? I think I'll stick with my previous answer.

------
jtchang
One thing a lot of people don't realize is that a good deal of how the
internet routes traffic is simply determined by trust. Yes there are
complicated legal agreements between AS's but when ti comes down to it any AS
can advertise any route they want. Most edge routes are configured to simply
trust routes as they come in. If they didn't we wouldn't have such a redundant
infrastructure.

~~~
jlgaddis
> when ti comes down to it any AS can advertise any route they want

If the provider isn't filtering, sure.

> Most edge routes are configured to simply trust routes as they come in

Actually, edge routers are where your prefix filtering takes place. It's much
more difficult to filter at the "core".

~~~
windexh8er
Very true, but where is the core? I've setup many BGP peering sessions, and
yes all of those direct edge connections into tier 1 providers is generally
filtering prefixes longer than /24. These are where the big propagation
problems happen. Whoops, I just advertised my internal network (including a
bunch of /31 and /32s) to the Internet either clobbering route tables
(capacity problem) or stomping routes.

This is why my comment posted in the recent CloudFlare post mortem talks about
good network engineers and the misunderstanding of many 'technical savvy'
folks that know enough to do some really dumb things architecturally.

This lends credence to the fact that, this is well understood if you've spun
up peering sessions more than once. I find it slightly embarrassing most
people don't realize how fragile a framework BGP really is. But it definitely
comes to light reading through forums like HN that lean towards the developer
side of readership.

~~~
jlgaddis
It's not hard to "do things right". We filter our customers advertisements to
us (requiring them to register their routes in a routing registry and then
manually verifying them before allowing the prefixes to be accepted) as well
as filtering what we advertise upstream (and our upstream performs filtering
on our advertisements as well).

If you advertise /31s and /32s, well, you shouldn't be redistributing into BGP
and, of course, your upstream should be filtering those prefixes and throwing
them away. Problem solved.

Perhaps the majority of people here on HN don't understand BGP. Then again,
most of them probably don't need to.

~~~
noselasd
But how much of your transit providers or non-customer peers do you trust ?

------
a1a
I think this comment on the article is worth reading:

blumentopf am 04. March 2013 um 22:06: "Note that 175.45.176.0/22 is visible
behind China Unicom in the global routing table (shortest AS path ends with
4837 131279), whereas 194.71.107.0/24 is only visible behind Intelsat (22351
131279 51040). It should therefore not come as a surprise that you see a
different route when you’re doing a traceroute directly to 175.45.177.217.

While you could be right it’s also conceivable that there’s a link between
Cambodia and North Korea and that the next hop behind 202.72.96.6 is indeed
175.45.177.217 (in North Korea, not just a transit net for BGP handoff). So I
don’t see this as conclusive evidence that it’s a fake."

------
oellegaard
This is the reason why I read HN and not some regular news media. Here you
can't write bullshit, there will be a repost within a short amount of time,
describing what really happened.

~~~
oseibonsu
The LA Times quoted a post from Hacker News:
[http://www.latimes.com/business/technology/la-fi-tn-
pirate-b...](http://www.latimes.com/business/technology/la-fi-tn-pirate-bay-
north-korea-20130304,0,2555878.story)

~~~
Wilya
I considered editing my topmost comment to say something along the lines:
"Edit: warning, this is not entirely true, read the posts below".

Now I'm just going to tell my mum I'm in the LA Times.

------
tuomasb
Now it seems they have also added fake lag to TCP port 80. hlds@machine:~$
tcptraceroute -f 128 -m 128 thepiratebay.se 80 Selected device venet0, address
5.9.249.8, port 41774 for outgoing packets Tracing the path to thepiratebay.se
(194.71.107.15) on TCP port 80 (www), 128 hops max 128 thepiratebay.org
(194.71.107.15) [open] 751.198 ms 735.700 ms 767.937 ms

This wasn't the case an hour ago. I was able to get 50ms RTT from TCP port 80
but now they probably added fake lag with tc(linux traffic shaping tool)

~~~
pasiaj
@neekeri!

------
dewey
He just posted a part2 for those interested: [https://rdns.im/the-pirate-bay-
north-korean-hosting-no-its-f...](https://rdns.im/the-pirate-bay-north-korean-
hosting-no-its-fake-p2)

"In the end i will also solve the mystery of the REAL hosting location, with
proof."

------
StavrosK
How is it possible to fake the ip of a server? I don't get it. If the A record
resolves to the Korean IP, but the server isn't there, how does it reply?

~~~
wmf
WHOIS tells you where an IP is _supposed_ to be located, but BGP determines
where the IP is _actually_ located. They don't have to agree and both can be
hacked/spoofed.

~~~
StavrosK
Hmm, isn't the Korean subnet allocation fixed? If an IP falls in that range,
doesn't it belong to the Korean ISP? How can someone be assigned that IP by
someone other than the ISP who owns it?

~~~
wmf
BGP has almost no security. Anyone can hijack any IP address, especially if
you can find an unused /24 so that the owner isn't inconvenienced.

~~~
antihero
So you can basically start telling the internet "I AM THIS IP" and eventually
the internet will go "YOU ARE THIS IP" ?

~~~
runn1ng
Yes. As far as I know, that's what happened when Iran started blocking YouTube
in Iran and mistakenly blocked it in entire world.

Luckily, AFAIK, BGP is trust-based, so things go to normal pretty quickly.

~~~
rakslice
Did you mean Pakistan?

[http://www.ripe.net/internet-coordination/news/industry-
deve...](http://www.ripe.net/internet-coordination/news/industry-
developments/youtube-hijacking-a-ripe-ncc-ris-case-study)

------
sokrates
> Do not play with BGP.

Well, okay. Don't touch it. It ain't broken. I don't think there's anything
wrong with showing people who are not network experts how easy it is to
(believably) route things into nirvana. I guess the effects of fake routes
being propagated could have been a lot worse than this. Why not promote some
discussion and thought around BGP and friends? Maybe we can come up with
something more resistant.

~~~
jlgaddis
Work is already underway. Feel free to contribute.

------
sniuff
They are know for trolling, it's just another troll

------
iso-8859-1
Not surprising if it's Cambodia, since that's where Fredrik Neij went when
people dealt him too much shit in Europe. Source: TBP AFK.

~~~
hedwall
Actually, he went to Thailand and settled down in Laos. Gottfrid stayed in
Cambodia until he was apprehended.

------
trotsky
This guy should not go around publicly dissecting fake routes if he does such
a shit job of it. Why would you write a blog post about a route without even
looking at it from a second location? It's hysterical that he brags about his
skills that allowed him to decipher that they were hosting a high traffic
website over a sat link in the middle of nowhere.

------
rikacomet
hmm? The TPB announcement, didn't say that they have taken up the offer made
to them by NK(it clearly says, they are invited), and I'm sure, its not a easy
and quick march to NK. They are hosted in perhaps, in Spain & Norway, as they
say so.

but yeah, the title of the other thread is wrong.

------
Quequau
Spent a solid 30 secounds wondering if that traceroute was somehow live
because it happened to be done from the city I live in and the ISP I use.

------
damian2000
The misspelling of Phnom Penh several times here was a bit grating.

------
ag_47
The link is resulting in a 404 for me

~~~
D9u
That would be the "HN Effect," which is the result of having your site linked
to on page one of THN.

~~~
deno
Shouldn’t give 404 if that was the case.

~~~
dewey
He was moving the blog to another server source: his twitter account

------
youngerdryas
This will be disappointing to some of the more confused HNers.

~~~
jfb
Some of the reasoning skills on display in that other thread beggar the
imagination.

~~~
solarexplorer
s/reasoning/trolling/

~~~
jfb
That, too.

