Hacker News new | comments | show | ask | jobs | submit login

fale@machine:~$ tcptraceroute -f 128 -m 128 thepiratebay.se Selected device venet0, address 5.9.249.8, port 40771 for outgoing packets Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max 128 thepiratebay.org (194.71.107.15) [open] 51.673 ms 49.002 ms 47.187 ms

That server is in Germany, no way it's possible to have 50ms to NK. Also traditional traceroute has 500ms+ RTT.

They are faking/spoofing the ICMP responses. They are also prepending their route advertisement with corresponding AS paths to further disguise it.

From TeliaSonera looking glass http://lg.telia.net/

194.71.107.0/24 *[BGP/170] 02:10:36, MED 0, localpref 150, from 80.91.255.255 AS path: 2914 39138 22351 131279 51040 I

AS39138 is probably the real upstream provider of TBP. They peer with AS51040(TPB network) and TPB router prepends AS22351(Intelsat) and AS131279(North Korean ISP) into it's AS Path before advertising it to AS39138.




Yeah, and why is AS39138 in /all/ the AS paths I tried on that site, when there other ways to AS22351


Exactly. Here is a collection of route-servers and looking glasses which tell you what path a route from ISP x to IP y will take. http://www.bgp4.as/looking-glasses You will see that every single route to 194.71.107.0/24 will travel through AS39138.


Yep, I just tried this myself.

I get about 40 ms from south germany and about 30 ms from france to thepiratebay.se ; but almost 400 ms to www.kcna.kp


yandex.ru




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: