

Ask HN: Wikileaks is available from Tor. Who's blocking it? - alex_marchant

EDIT: Doesn't look like US ISP's (TimeWarner &#38; Comcast) are blocking. Problems seem to arise at Swedish IPs (seems consistent with DDoS).  Anyone have any idea why Tor and some VPN still get through?<p>It looks like the DDoS isn't the main culprit here.  I assume that if the site is available from Tor, then someone must be blocking the site.<p>Can ISP's block Wikileaks? What is their justification if so?
======
A1kmm
It seems to be inaccessible for much of the Internet, but perhaps there is a
Tor exit node that is hosted close to Wikileak's ISP.

wikileaks.ch seems to have two IPs: 88.80.2.31 and 88.80.16.63, both of which
are inaccessable from my NZ ISP.

Using route-views it appears to be routeable:

    
    
      $ telnet route-views.routeviews.org
      Trying 2001:468:d01:33::80df:3367...
      Connected to route-views.routeviews.org.
      ...
      route-views>show bgp ipv4 unicast 88.80.2.31
      BGP routing table entry for 88.80.0.0/19, version 3495795015
      Paths: (35 available, best #12, table Default-IP-Routing-Table)
      Not advertised to any peer
      101 101 11164 3549 42708 50683 50989 33837
        209.124.176.223 from 209.124.176.223 (209.124.176.223)
          Origin IGP, localpref 100, valid, external
          Community: 101:20100 101:20120 101:22100 3549:4819 3549:31752 11164:1110 11164:7880 42708:400
          Extended Community: RT:101:22100
      3277 3267 50683 50989 33837
        194.85.102.33 from 194.85.102.33 (194.85.4.4)
          Origin IGP, localpref 100, valid, external
          Community: 3277:3267 3277:65100 3277:65320 3277:65326 3277:65330
      3333 50683 50989 33837
        193.0.0.56 from 193.0.0.56 (193.0.0.56)
          Origin IGP, localpref 100, valid, external
      ...
      16150 50989 33837
        217.75.96.60 from 217.75.96.60 (217.75.96.60)
          Origin IGP, metric 0, localpref 100, valid, external, best
          Community: 16150:63392 16150:65213
      ...
    

When I ping either address, I get destination host unreachable from
213.248.89.150. Assuming that it isn't being spoofed by an intermediate router
(and it seems unlikely any ISP would really want to do that), that is from
AS1299, TeliaSonera, which is not the final hop but a backbone provider
several hops away from any direct route. It could be that they were asked to
block traffic to that IP to help with the DDoS.

------
beedogs
I can get to it fine from a VPS in Chicago but it's unreachable from anywhere
else.

    
    
        ~/> telnet wikileaks.ch 80
        Trying 88.80.2.31...
        Connected to wikileaks.ch.
        Escape character is '^]'.
        .
        HTTP/1.1 503 Not allowed.
        Server: Varnish
        Content-Type: text/html; charset=utf-8
        Content-Length: 526
        Accept-Ranges: bytes
        Date: Mon, 13 Aug 2012 13:28:18 GMT
        Connection: close
    
            <?xml version="1.0" encoding="utf-8"?>
            <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
            <html>
                <head>
                    <title>WikiLeaks</title>
                </head>
                <body>
                    <h1>We are sorry, but the request could not be completed.</h1>
                    <h2>Please try again in few minutes.</h2>
                    <!-- status: 405 Not allowed. -->
                </body>
            </html>
    
    
            Connection closed by foreign host.

------
guns
That's interesting. I can't reach wikileaks.ch from my home connection, or
from one linode instance, but it is available through a second linode instance
(in Dallas):

<https://www.refheap.com/paste/4309>

These are the servers that are failing to relay packets, all of which respond
to ping:

    
    
        po-10.sto1.se.portlane.net (80.67.4.128)
        te-4-4-gblx.sto1.se.portlane.net (209.130.172.178)
        149.11.24.18 (149.11.24.18)
    

Notice these are all Swedish IPs.

The admins of these servers may be working with Wikileaks to stop the deluge
of packets from the IP blocks with the most attackers, or they are simply
dropping the packets to conserve resources.

~~~
alex_marchant
So maybe it is the DDoS. And the VPN and Tor networks are routing differently,
ie reaching a server under less strain? Is that a possible explanation?

------
Udo
Can you give a little more context?

Wikileaks.org loads just fine using my standard ISP here in Germany. I once
worked for a project that scraped WL periodically for content, so I can tell
you from experience that Wikileaks uptime is not exactly stellar - that's why
they have a million mirror sites.

~~~
Skalman
Wikileaks has been having DDoS issues for quite a few days now[1], and
wikileaks.org (88.80.2.33) is not available with my ISP in Sweden.

[1]
[http://www.technolog.msnbc.msn.com/technology/technolog/wiki...](http://www.technolog.msnbc.msn.com/technology/technolog/wikileaks-
site-down-days-victim-massive-denial-service-attack-935117)

~~~
alex_marchant
Why would it be available so consistently in the Tor browser though?

~~~
Skalman
I have no clue. It does seem like it's blocked selectively as guns seems to
have it working from linode.

Edit: It also seems to work from an Amazon instance that I have access to.

Edit 2: It seems like it works from my university (Lund in Sweden).

------
jamesjguthrie
Inaccessible in the UK for me on the Virgin Media ISP.

~~~
jamesjguthrie
Though I can access it just fine from my T-Mobile phone.

