[133866] in North American Network Operators' Group
Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)
daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Sun Dec 19 14:02:08 2010
From: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <201012191306.oBJD6EDM064647@aurora.sol.net>
Date: Sun, 19 Dec 2010 14:02:00 -0500
To: Joe Greco <jgreco@ns.sol.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 19, 2010, at 8:06 AM, Joe Greco wrote:
>> On 12/18/2010 5:15 PM, Marshall Eubanks wrote:
>>>=20
>>> I get nothing from wikileaks.org, although the DNS is active :
>>>=20
>>=20
>> $ host wikileaks.org
>> wikileaks.org has address 64.64.12.170
>=20
> Doesn't it seem vaguely suspicious that whois was just updated?
>=20
> Domain ID:D130035267-LROR
> Domain Name:WIKILEAKS.ORG
> Created On:04-Oct-2006 05:54:19 UTC
> Last Updated On:17-Dec-2010 01:57:59 UTC
> Expiration Date:04-Oct-2018 05:54:19 UTC
>=20
> It seems like it'd be reasonable to be cautious.
Yes. Now, for me, wikileaks.org does alias to wikileaks.info
wget -r wikileaks.org
--13:49:00-- http://wikileaks.org/
=3D> `wikileaks.org/index.html'
Resolving wikileaks.org... done.
Connecting to wikileaks.org[64.64.12.170]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://mirror.wikileaks.info/ [following]
--13:49:00-- http://mirror.wikileaks.info/
=3D> `mirror.wikileaks.info/index.html'
Resolving mirror.wikileaks.info... done.
Connecting to mirror.wikileaks.info[92.241.190.202]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 90,059 [text/html]
Which, according to RIPE is assigned to Russia, but with a contact in =
Panama
% Information related to '92.241.190.0 - 92.241.190.255'
inetnum: 92.241.190.0 - 92.241.190.255
netname: HEIHACHI
descr: Heihachi Ltd
country: RU
admin-c: HEI668-RIPE
tech-c: HEI668-RIPE
status: ASSIGNED PA
mnt-by: RU-WEBALTA-MNT
source: RIPE # Filtered
person: Andreas Mueller
address: Bella Vista, Calle 53, Marbella
address: Ciudad de Panama, Panama
remarks: Visit us under gigalinknetwork.com
remarks: ICQ 7979970
remarks: Dedicated Servers, Webspace, VPS, DDOS protected =
Webspace
remarks: Send abuse ONLY to: abuse@gigalinknetwork.com
remarks: Technical and sales info: support@gigalinknetwork.com
phone: +5078321458
abuse-mailbox: abuse@gigalinknetwork.com
nic-hdl: hei668-RIPE
mnt-by: WEBALTA-MNT
source: RIPE # Filtered
neither of which would give me confidence.
Regards
Marshall
>=20
> ... JG
> --=20
> Joe Greco - sol.net Network Services - Milwaukee, WI - =
http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] =
then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail =
spam(CNN)
> With 24 million small businesses in the US alone, that's way too many =
apples.
>=20
