nanog mailing list archives

Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)

From: Marshall Eubanks <tme () americafree tv>
Date: Sun, 19 Dec 2010 14:02:00 -0500


On Dec 19, 2010, at 8:06 AM, Joe Greco wrote:

On 12/18/2010 5:15 PM, Marshall Eubanks wrote:


I get nothing from wikileaks.org, although the DNS is active :


$ host wikileaks.org
wikileaks.org has address 64.64.12.170


Doesn't it seem vaguely suspicious that whois was just updated?

Domain ID:D130035267-LROR
Domain Name:WIKILEAKS.ORG
Created On:04-Oct-2006 05:54:19 UTC
Last Updated On:17-Dec-2010 01:57:59 UTC
Expiration Date:04-Oct-2018 05:54:19 UTC

It seems like it'd be reasonable to be cautious.


Yes. Now, for me, wikileaks.org does alias to wikileaks.info

wget -r wikileaks.org
--13:49:00--  http://wikileaks.org/
           => `wikileaks.org/index.html'
Resolving wikileaks.org... done.
Connecting to wikileaks.org[64.64.12.170]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://mirror.wikileaks.info/ [following]
--13:49:00--  http://mirror.wikileaks.info/
           => `mirror.wikileaks.info/index.html'
Resolving mirror.wikileaks.info... done.
Connecting to mirror.wikileaks.info[92.241.190.202]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 90,059 [text/html]

Which, according to RIPE is assigned to Russia, but with a contact in Panama

% Information related to '92.241.190.0 - 92.241.190.255'

inetnum:        92.241.190.0 - 92.241.190.255
netname:        HEIHACHI
descr:          Heihachi Ltd
country:        RU
admin-c:        HEI668-RIPE
tech-c:         HEI668-RIPE
status:         ASSIGNED PA
mnt-by:         RU-WEBALTA-MNT
source:         RIPE # Filtered

person:         Andreas Mueller
address:        Bella Vista, Calle 53, Marbella
address:        Ciudad de Panama, Panama
remarks:        Visit us under gigalinknetwork.com
remarks:        ICQ 7979970
remarks:        Dedicated Servers, Webspace, VPS, DDOS protected Webspace
remarks:        Send abuse ONLY to: abuse () gigalinknetwork com
remarks:        Technical and sales info: support () gigalinknetwork com
phone:          +5078321458
abuse-mailbox:  abuse () gigalinknetwork com
nic-hdl:        hei668-RIPE
mnt-by:         WEBALTA-MNT
source:         RIPE # Filtered


neither of which would give me confidence.

Regards
Marshall


... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

Current thread:

Spamhaus under DDOS from AnonOps (Wikileaks.info) Steve Linford (Dec 18)
- Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Jack Bates (Dec 18)
  - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Marshall Eubanks (Dec 18)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Jack Bates (Dec 18)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Joe Greco (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Marshall Eubanks (Dec 19)
  - RE: Spamhaus under DDOS from AnonOps (Wikileaks.info) Frank Bulk - iName.com (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Paul Ferguson (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Simon Waters (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Paul Ferguson (Dec 19)
    - RE: Spamhaus under DDOS from AnonOps (Wikileaks.info) Frank Bulk - iName.com (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Rich Kulawiec (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) Ned Moran (Dec 19)
    - Re: Spamhaus under DDOS from AnonOps (Wikileaks.info) foks (Dec 19)