A traceroute to thepiratebay.se is kind of amusing.
From my home (Sweden), the packets seem to go to Frankfurt, then New York, take a link via an ip which reverses to intelsatone.net to a cambodgian ip (500ms latency right here), then reach the ip 175.45.177.217, assigned to Star Joint Venture Co Ltd. Who seem to be a legitimate North Korea internet provider (or, well, as legitimate as it gets, coming from North Korea). The rest of the traceroute doesn't ping back (edit: 6 hops, which could stay in NK, or lead you back anywhere in the world).
I wouldn't be surprised if some of the ICMP responses are forged - It seems disadvantageous for the site to have such a long path, since each hop has the potential for attack.
Furthermore, a round trip time less than about 60 ms between Europe and North Korea is impossible, assuming the data is traveling at the speed of light. And we measured much less than that.
I don't believe forging will help them much - they are doing this to avoid international law enforcement, and international law enforcement can easily check through a simple bluff like that.
Altering routing companies sending traffic through in bulk from Germany-NY-Satellite is far more difficult, but we may see them do this anyway. Time will tell.
Apart from that /24, STAR JOINT VENTURE only advertises 175.45.176.0/22 (albeit as four /24, idiotically enough). What's kind of interesting is that this /22 is visible with a much shorter AS path:
The question is: Is is deliberate that the Chinese don't allow transit of the Pirate Bay /24 through their network? (As opposed to Intelsat, a Washington-based American company.)
I see two prefixes advertised by 51040, with very different paths:
cr1.ipls# sh ip bgp regexp 51040$
BGP table version is 210945139, local router ID is 8.30.x.255
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 194.14.56.0 4.69.180.161 0 0 3356 5580 3.987 51040 i
*> 194.71.107.0 4.69.180.161 0 0 3356 2914 39138 22351 2.207 51040 i
I don't know what, if anything, they use 194.14.56/24 for, but both appear to belong to the same organization (although the registrant records differ just a bit).
EDIT: I'm gonna dig into my database and see what the path looked like a day or two ago.
EDIT: 2 days ago: the .107/24 path: 3356 3549 16150 51040
16150 is "Availo Networks AB" and they do appear to do heavy prefix filtering -- as they should -- but I see no import policy for 51040:
$ whois -h whois.ripe.net AS16150
...
It's possible and plausible that TPB is using one or more VPNs to hide the true route traffic is taking (who knows what they're really doing, though).
BGP is the border gateway protocol- you can think of large infrastructure providers as being huge networks that are connected through 'border nodes'. BGP is the protocol it uses to negotiate routes into each other's networks, each provider advertises to the other provider what routes it has available. A common way to make a country go dark is by simply removing the BGP routes advertised for that country.
Anyone can make their machine emit any packets they want it to. That's the fundamental principle in play here.
How it works is simple: ICMP ping, which is what most traceroute implementations work on, just works based on computers sending packets with their address information in response to a ping request.
If a computer that's really at IP address 10.0.5.23, for example, sends ping responses saying they're from IP address 10.2.0.93, a traceroute program will keep pinging that computer until it either gets a reply that says it's from the correct IP address or it decides the trace is futile.
A computer can lie as many times as it wants and create an arbitrarily long path that has no basis whatsoever in reality. Anyone who wants to do a good job of the lie would simply look at the Internet's routing information, which is (by definition) publicly available, and figure out which sequence of IP addresses they'd have to fake replies from. That's what's been done here, and almost a full month before April Fool's Day, no less.
Doing a better job would involve programming the computer to handle all network traffic with varying speeds, to fake the increased travel time the laws of physics would impose on the progressively longer paths it's faking. The Pirate Bay people apparently didn't bother with this part.
AS = Autonomous System, a network of one or more (usually more) computers that looks like one entity to the outside Internet. It's 'autonomous' in that it can route traffic within itself without help from any outside source. The Internet is, at a high level, a collection of ASes that all pass data among each other. Every AS has a globally unique number, usually represented as AS15169 for AS number 15169.
BGP = Border Gateway Protocol, a specific Exterior Gateway Protocol that allows ASes to figure out what other ASes are close by and to which of their neighbors they should route traffic destined for a specific IP address. This basically works by each AS advertising which groups of IP addresses (represented by prefixes) they know how to reach. A prefix is something like 10.0.0.0/24, which represents all addresses from 10.0.0.0 to 10.0.0.255; in a prefix, the number after the slash is how many bits of the IP address are fixed. In a /24, 24 bits, or three eight-bit bytes, are fixed, so the last eight bits can vary freely. Larger numbers indicate smaller blocks of addresses, unintuitively enough. For example, AS15169 advertises that it contains 173.194.0.0/16, or the range 173.194.0.0 - 173.194.255.255. Route advertisements contain cost information, which is primarily due to how long the path is; as an example, if I'm AS1 and I contain the range 10.0.0.0/24, I'll advertise that with a very low cost. If I hear from my neighbor AS3 that she contains 192.5.0.0/16, I'll advertise that with a higher cost, since I'll have to hand it off to a different AS.
This seems reasonably legit. AS131279 (Star Joint Venture Co Ltd) has (or had) a peering with the Piratpartie Norge (pirate party norway): http://bgp.he.net/AS131279#_peers
It could be bad labelling too. I'm not sure about the details of how it happened, but I used an ISP in UK who was assigning ranges officially located in Italy.
(BTW: that really broke google for a long time. google will revert your language to the automatically discovered one, even after you use their magic url that should prevent this)
The IP addresses allocated to the ISP I work for are "officially located" (according to my ARIN POC records) in the city I live in (specifically, at my PO Box). We ($ISP) don't even provide service in that city.
You're confusing how internet routing with how some internet services assign geographical locations to ip address (GeoIP). The path your traffic takes through the internet has nothing to do with geoip.
No, I meant both. I got an IP which was identified as belonging to an Italian ISP by ripe. On top of that geoip results were obviously wrong/right depending on how you look at it.
I don't see any open ports on that host, do you? Even if it's just a load balancer, the connection would need to terminate on a routable IP somewhere...
A traceroute to thepiratebay.se is kind of amusing.
From my home (Sweden), the packets seem to go to Frankfurt, then New York, take a link via an ip which reverses to intelsatone.net to a cambodgian ip (500ms latency right here), then reach the ip 175.45.177.217, assigned to Star Joint Venture Co Ltd. Who seem to be a legitimate North Korea internet provider (or, well, as legitimate as it gets, coming from North Korea). The rest of the traceroute doesn't ping back (edit: 6 hops, which could stay in NK, or lead you back anywhere in the world).
If it's a joke, it's a very elaborate one.