Spamhaus under DDOS from AnonOps (Wikileaks.info)

Marshall Eubanks tme at americafree.tv
Sun Dec 19 13:02:00 CST 2010


On Dec 19, 2010, at 8:06 AM, Joe Greco wrote:

>> On 12/18/2010 5:15 PM, Marshall Eubanks wrote:
>>> 
>>> I get nothing from wikileaks.org, although the DNS is active :
>>> 
>> 
>> $ host wikileaks.org
>> wikileaks.org has address 64.64.12.170
> 
> Doesn't it seem vaguely suspicious that whois was just updated?
> 
> Domain ID:D130035267-LROR
> Domain Name:WIKILEAKS.ORG
> Created On:04-Oct-2006 05:54:19 UTC
> Last Updated On:17-Dec-2010 01:57:59 UTC
> Expiration Date:04-Oct-2018 05:54:19 UTC
> 
> It seems like it'd be reasonable to be cautious.

Yes. Now, for me, wikileaks.org does alias to wikileaks.info

wget -r wikileaks.org
--13:49:00--  http://wikileaks.org/
           => `wikileaks.org/index.html'
Resolving wikileaks.org... done.
Connecting to wikileaks.org[64.64.12.170]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://mirror.wikileaks.info/ [following]
--13:49:00--  http://mirror.wikileaks.info/
           => `mirror.wikileaks.info/index.html'
Resolving mirror.wikileaks.info... done.
Connecting to mirror.wikileaks.info[92.241.190.202]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 90,059 [text/html]

Which, according to RIPE is assigned to Russia, but with a contact in Panama

% Information related to '92.241.190.0 - 92.241.190.255'

inetnum:        92.241.190.0 - 92.241.190.255
netname:        HEIHACHI
descr:          Heihachi Ltd
country:        RU
admin-c:        HEI668-RIPE
tech-c:         HEI668-RIPE
status:         ASSIGNED PA
mnt-by:         RU-WEBALTA-MNT
source:         RIPE # Filtered

person:         Andreas Mueller
address:        Bella Vista, Calle 53, Marbella
address:        Ciudad de Panama, Panama
remarks:        Visit us under gigalinknetwork.com
remarks:        ICQ 7979970
remarks:        Dedicated Servers, Webspace, VPS, DDOS protected Webspace
remarks:        Send abuse ONLY to: abuse at gigalinknetwork.com
remarks:        Technical and sales info: support at gigalinknetwork.com
phone:          +5078321458
abuse-mailbox:  abuse at gigalinknetwork.com
nic-hdl:        hei668-RIPE
mnt-by:         WEBALTA-MNT
source:         RIPE # Filtered


neither of which would give me confidence.

Regards
Marshall



> 
> ... JG
> -- 
> Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
> "We call it the 'one bite at the apple' rule. Give me one chance [and] then I
> won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
> With 24 million small businesses in the US alone, that's way too many apples.
> 





More information about the NANOG mailing list