Re: Megaupload.com seized

["Scott Weeks" <surfer () mauigateway com>]

On Jan 19, 2012, at 5:41 PM, Ryan Gelobter wrote:

> The megaupload.com domain was seized today, has anyone noticed significant
> drops in network traffic as a result?
>
> http://www.scribd.com/doc/78786408/Mega-Indictment
> http://techland.time.com/2012/01/19/feds-shut-down-megaupload-com-file-sharing-website/
-----------------------------------------------------------------

------------ derek () derekivey com wrote: --------------
From: Derek Ivey <derek () derekivey com>

Interesting… it looks like they seized the servers and didn't touch DNS. 


-bash-3.00$ nslookup megaupload.com

Non-authoritative answer:
Name:   megaupload.com
Address: 174.140.154.22
Name:   megaupload.com
Address: 174.140.154.23
Name:   megaupload.com
Address: 174.140.154.24
Name:   megaupload.com
Address: 174.140.154.20
Name:   megaupload.com
Address: 174.140.154.21

DNS still points to Mega Upload's IPs.
---------------------------------------------------------------



Collecting client IP addresses to send notices to?  >;-)  I notice other IPs in the range ( for example, .223 and .123) 
say the same thing about UDP/53.

scott




ku# nmap -P0 -sU -p U:53 174.140.154.22
PORT   STATE         SERVICE
53/udp open|filtered domain


ku# nmap -P0 -sU -p U:53 174.140.154.21
PORT   STATE         SERVICE
53/udp open|filtered domain


ku# nmap -P0 -sU -p U:53 174.140.154.20
PORT   STATE         SERVICE
53/udp open|filtered domain


ku# nmap -P0 -sU -p U:53 174.140.154.223
PORT   STATE         SERVICE
53/udp open|filtered domain

ku# nmap -P0 -sU -p U:53 174.140.154.123
PORT   STATE         SERVICE
53/udp open|filtered domain



ku# nmap -P0 -A 174.140.154.20
All 1000 scanned ports on 174.140.154.20 are filtered
Too many fingerprints match this host to give specific OS details