It's fake but his analysis is wrong. TPB is still somewhere in Europe. Otherwise you couldn't have 50ms RTT to thepiratebay.se TCP port 80 from within Europe.
I explained here how they do it http://news.ycombinator.com/item?id=5319720
Yes, the speed of light dictates how long it takes data to travel. But that isn't definitive proof that TPB's servers are hosted that close.
The easiest thing to do is to put up caching reverse proxies on big providers that respond immediately and only slow down on "dynamic" content, which we all assume to be slower anyway.
A more non-conventional approach would be to break the embedded OS of an intermediate router or network device (can you count how many transparent filtering network devices there are between you and a random website?) and have it return false data or provide static NAT to establish connections before they actually reach the destination.
The spoofed packets seems the most likely explanation. It's just not the only possibility :-)
> The real tragedy is the people excusing NK so they can have their way.
I've read this sentence a few times, left, come back, and re-read it a few times, and I still can't really make heads or tails of it.
Are you saying that people doing this (pretending their website is hosted in North Korea) makes light of the suffering of people who live in North Korea? I don't understand how you can conclude that: The whole point is that, as bad as North Korea is, it still doesn't go after torrent sites. It wouldn't work if North Korea were replaced with a country that actually has a lot of freedoms.
Are you implying that people should be working to end what's going on in North Korea? Well, what can anyone do? Any serious attempt to force change would simply lead to a massive, destructive war, killing most of the people that the outside world wants to help.
>The whole point is that, as bad as North Korea is, it still doesn't go after torrent sites
My assumption was that they'd picked NK as their joke destination because TPB would be seen as a glorious anti-capitalist organisation there, undermining the evil Hollywood fascists. Or maybe I read too much into it...
One thing a lot of people don't realize is that a good deal of how the internet routes traffic is simply determined by trust. Yes there are complicated legal agreements between AS's but when ti comes down to it any AS can advertise any route they want. Most edge routes are configured to simply trust routes as they come in. If they didn't we wouldn't have such a redundant infrastructure.
Very true, but where is the core? I've setup many BGP peering sessions, and yes all of those direct edge connections into tier 1 providers is generally filtering prefixes longer than /24. These are where the big propagation problems happen. Whoops, I just advertised my internal network (including a bunch of /31 and /32s) to the Internet either clobbering route tables (capacity problem) or stomping routes.
This is why my comment posted in the recent CloudFlare post mortem talks about good network engineers and the misunderstanding of many 'technical savvy' folks that know enough to do some really dumb things architecturally.
This lends credence to the fact that, this is well understood if you've spun up peering sessions more than once. I find it slightly embarrassing most people don't realize how fragile a framework BGP really is. But it definitely comes to light reading through forums like HN that lean towards the developer side of readership.
It's not hard to "do things right". We filter our customers advertisements to us (requiring them to register their routes in a routing registry and then manually verifying them before allowing the prefixes to be accepted) as well as filtering what we advertise upstream (and our upstream performs filtering on our advertisements as well).
If you advertise /31s and /32s, well, you shouldn't be redistributing into BGP and, of course, your upstream should be filtering those prefixes and throwing them away. Problem solved.
Perhaps the majority of people here on HN don't understand BGP. Then again, most of them probably don't need to.
I think this comment on the article is worth reading:
blumentopf am 04. March 2013 um 22:06:
"Note that 175.45.176.0/22 is visible behind China Unicom in the global routing table (shortest AS path ends with 4837 131279), whereas 194.71.107.0/24 is only visible behind Intelsat (22351 131279 51040). It should therefore not come as a surprise that you see a different route when you’re doing a traceroute directly to 175.45.177.217.
While you could be right it’s also conceivable that there’s a link between Cambodia and North Korea and that the next hop behind 202.72.96.6 is indeed 175.45.177.217 (in North Korea, not just a transit net for BGP handoff). So I don’t see this as conclusive evidence that it’s a fake."
This is the reason why I read HN and not some regular news media. Here you can't write bullshit, there will be a repost within a short amount of time, describing what really happened.
Now it seems they have also added fake lag to TCP port 80.
hlds@machine:~$ tcptraceroute -f 128 -m 128 thepiratebay.se 80
Selected device venet0, address 5.9.249.8, port 41774 for outgoing packets
Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max
128 thepiratebay.org (194.71.107.15) [open] 751.198 ms 735.700 ms 767.937 ms
This wasn't the case an hour ago. I was able to get 50ms RTT from TCP port 80 but now they probably added fake lag with tc(linux traffic shaping tool)
How is it possible to fake the ip of a server? I don't get it. If the A record resolves to the Korean IP, but the server isn't there, how does it reply?
WHOIS tells you where an IP is supposed to be located, but BGP determines where the IP is actually located. They don't have to agree and both can be hacked/spoofed.
Hmm, isn't the Korean subnet allocation fixed? If an IP falls in that range, doesn't it belong to the Korean ISP? How can someone be assigned that IP by someone other than the ISP who owns it?
To tell anybody ‘I AM ISP A’ you will have to connect physically to some ISP C. C will then (hopefully) check you and if you go ‘I AM ISP A’ he’ll ignore you and don’t tell anyone unless you’re really ISP A and he determined you to be this guy.
There are rather obvious limits, however, for example you will likely have to believe your ISP C if he says ‘I AM ISP B NOW, TOO’. If you then connect to another ISP D, and tell him ‘I KNOW ISP B’, D will have to decide whether to trust you (likely if you are a large telecom company) or not (if you just happen to have two 10 MBit/s lines to C and D each).
It is, but apparently the upstream provider doesn't filter the ICMP reply packets (with SRC IP of the Korean ISP), which are sent by thepiratebay servers.
Well, okay. Don't touch it. It ain't broken.
I don't think there's anything wrong with showing people who are not network experts how easy it is to (believably) route things into nirvana. I guess the effects of fake routes being propagated could have been a lot worse than this. Why not promote some discussion and thought around BGP and friends? Maybe we can come up with something more resistant.
This guy should not go around publicly dissecting fake routes if he does such a shit job of it. Why would you write a blog post about a route without even looking at it from a second location? It's hysterical that he brags about his skills that allowed him to decipher that they were hosting a high traffic website over a sat link in the middle of nowhere.
hmm? The TPB announcement, didn't say that they have taken up the offer made to them by NK(it clearly says, they are invited), and I'm sure, its not a easy and quick march to NK. They are hosted in perhaps, in Spain & Norway, as they say so.
