Re: Anyone else having trouble reaching thepiratebay.se? AS39138

[Javier J <javier () advancedmachines us>]

It was working for me a few hours ago, and now dead at hop 3 on FIOS again.

If they have 2 prefixes being advertised from AS51040
http://bgp.he.net/AS51040#_prefixes  Why can I traceroute to 1 but not the
other?

[root@tor-proxy network-scripts]# mtr --report -c 5 194.14.56.1
HOST: tor-proxy.home              Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. pfsense.home                  0.0%     5    0.5   1.0   0.4   2.7   1.0
  2. L100.NWRKNJ-VFTTP-134.verizo  0.0%     5    1.3   6.0   1.3  20.6   8.3
  3. G0-5-3-4.NWRKNJ-LCR-22.veriz  0.0%     5    3.2   4.6   3.2   6.7   1.4
  4. ae0-0.NWRK-BB-RTR2.verizon-g  0.0%     5    5.9   8.4   4.9  20.7   6.8
  5. ???                          100.0     5    0.0   0.0   0.0   0.0   0.0
  6. 0.ae2.BR3.NYC4.ALTER.NET      0.0%     5    6.8   6.7   6.6   6.9   0.1
  7. 204.255.169.234               0.0%     5    5.4   5.7   5.2   7.1   0.8
  8. ae-2.r23.nycmny01.us.bb.gin.  0.0%     5    6.2   7.1   5.9  11.0   2.2
  9. ae-6.r21.frnkge03.de.bb.gin. 60.0%     5   94.5  92.6  90.7  94.5   2.7
 10. ae-1.r02.frnkge03.de.bb.gin.  0.0%     5   95.2  94.3  93.1  95.6   1.1
 11. 213.198.77.214                0.0%     5   92.7  93.4  92.7  94.1   0.5
 12. et030-4.RT.TC1.STO.SE.retn.n  0.0%     5  109.2 109.4 109.0 110.9   0.8
 13. GW-ObeNetwork.retn.net        0.0%     5  116.0 190.0 111.1 341.8 100.4
 14. moria-cr-3.piratpartiet.se   20.0%     5  110.1 111.6 109.9 116.1   2.9


[root@tor-proxy network-scripts]# mtr --report -c 5 194.71.107.27
HOST: tor-proxy.home              Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. pfsense.home                  0.0%     5    0.6   0.4   0.3   0.6   0.1
  2. L100.NWRKNJ-VFTTP-134.verizo  0.0%     5    1.4   7.1   1.4  29.1  12.3
  3. ???                          100.0     5    0.0   0.0   0.0   0.0   0.0


The site works 100 % fine over vpn or proxy. So I don't think this is
related to any DDOS attack.




On Thu, Nov 27, 2014 at 2:06 PM, Phil Bedard <bedard.phil () gmail com> wrote:

> In the post you quoted it says:
>
> "In my last post I pointed out the do not announce to peers
> community AS5580 was sending to Cogent, Level3 and who knows who else. So
> any ASN that is not a customer of Cogent or Level3 wont learn the 5580 path
> from them."
>
> Verizon, ATT, and the rest of those networks are Tier-1 networks meaning
> if 5580 was tagging the route with do-not-advertise to their transit
> providers (Level3 & Cogent) the other Tier-1s wouldn't have another route
> to it.  Looking at routing updates there were a lot of them yesterday for
> that prefix, for whatever reason.  The lack of reachability was completely
> due to Atrato, had nothing to do with the ISPs in the US.
>
> It was reachable for me yesterday on our network, but we peer directly
> with Atrato.
>
> It's possible they did it to stop a DDoS, some other kind of attack, or
> any number of reasons.
>
> Phil
>
>
>
>
>
>
> On 11/27/14, 2:47 PM, "Javier J" <javier () advancedmachines us> wrote:
>
> > Looks like its working now (on FIOS anyway)
> >
> > Curious to know why the major networks stopped seeing it yesterday as
> > well.
> >
> > On Thu, Nov 27, 2014 at 12:45 AM, Courtney Smith
> > <courtneysmith () comcast net>
> > wrote:
> >
> > > > No problem here in Los Angeles either, but seeing a lone route through
> > > Atrato only.
> > > > flags destination          gateway          lpref   med aspath origin
> > > > *>    194.71.107.0/24      <>     100     0 3491 5580 39138 22351
> > > 2.207
> > > 51040 i
> > > > *     194.71.107.0/24      <>       100     0 174 5580 39138 22351
> > > 2.207 51040 i
> > > > On 11/27/2014 午前 11:24, Tony Wicks wrote:
> > > > > No problem here in New Zealand
> > > > >
> > > > > tonyw@vrhost1-w> show route 194.71.107.0/24
> > > > >
> > > > > icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active,
> > > 14
> > > > > holddown, 0 hidden)
> > > > > + = Active Route, - = Last Active, * = Both
> > > > >
> > > > > 194.71.107.0/24    *[BGP/170] 10:25:44, MED 0, localpref 90
> > > > >                        AS path: 4826 5580 39138 22351 131279 51040 I,
> > > > > validation-state: unverified
> > > > >                      > to 175.45.102.9 via ae1.526
> > >
> > > Hopefully the body cones thru this time.  The issue isn't city or
> > > country
> > > based.  In my last post I pointed out the do not announce to peers
> > > community AS5580 was sending to Cogent, Level3 and who knows who else.
> > > So
> > > any ASN that is not a customer of Cogent or Level3 wont learn the 5580
> > > path
> > > from them.
> > >
> > > When I checked a few hours ago, Comcast, Centurylink, AT&T, TATA, and
> > > possibly Sprint were not seeing the /24 based on their public looking
> > > glasses or route servers.  Have not had time to run bgplay  to see if
> > > routeviews data shows how they previously saw the /24 in past 30 days.
> > > Finding the ASN(s) they used to see from would shed light on why they
> > > stopped seeing.   Checking bgplay and contacting AS51040 to reach out to
> > > their upstreams is my suggestion.