Anyone else having trouble reaching thepiratebay.se? AS39138

Javier J javier at advancedmachines.us
Fri Nov 28 05:10:47 UTC 2014


Thanks Phil. I guess the confusion is that during the outages, it was
reachable from everywhere except Comcast, Verizon and ATT-U-verse all at
the same time.

Every proxy, vpn etc tested worked fine. Also the fact that the traces
dropped immediately and not far off on a far network. In addition to that.
Other users on other ISP in the local area (cable-vision / optimum, NYC)
had no problem.

obviously not all providers are using the same routes to the same
destination. Just that when a controversial site becomes inaccessible,
questions start to be raised. I think it was also mentioned somewhere on
some site that as far as the pirate bay was concerned, everything on their
end was operating normally.

On Thu, Nov 27, 2014 at 3:30 PM, Phil Bedard <bedard.phil at gmail.com> wrote:

> It looks like they use different upstream providers for each prefix,
> probably hosted in different locations.
>
> The 194.71.107.0/24 prefix on my network was withdrawn by Ataro, and is
> now reachable via this path:
>
> 194.71.107.0/24    *[BGP/170] 00:04:34
>                       AS path: 3356 3320 3320 24961 24961 24961 24961
> 39138 22351 131279 51040 I, validation-state: unverified
>
> The 4 minutes isn't really a good thing.
>
> This is the other prefix, via RETN who we also peer with.
>
> 194.14.56.0/24     *[BGP/170] 1d 07:15:42, MED 0
>                       AS path: 9002 197595 51040 I
>
> AS 24961 is myLoc.de who could be their hosting provider and may have had
> issues with Atrato, who is now Hibernia.   Who knows it looks like normal
> BGP/Internet issues to me, if you are looking for some kind of conspiracy
> nothing is going on.
>
>
> Phil
>
> From: Javier J <javier at advancedmachines.us>
> Date: Thursday, November 27, 2014 at 2:16 PM
> To: Phil B <bedard.phil at gmail.com>
> Cc: Courtney Smith <courtneysmith at comcast.net>, "nanog at nanog.org" <
> nanog at nanog.org>
> Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138
>
> It was working for me a few hours ago, and now dead at hop 3 on FIOS again.
>
> If they have 2 prefixes being advertised from AS51040
> http://bgp.he.net/AS51040#_prefixes  Why can I traceroute to 1 but not
> the other?
>
> [root at tor-proxy network-scripts]# mtr --report -c 5 194.14.56.1
> HOST: tor-proxy.home              Loss%   Snt   Last   Avg  Best  Wrst
> StDev
>   1. pfsense.home                  0.0%     5    0.5   1.0   0.4   2.7
> 1.0
>   2. L100.NWRKNJ-VFTTP-134.verizo  0.0%     5    1.3   6.0   1.3  20.6
> 8.3
>   3. G0-5-3-4.NWRKNJ-LCR-22.veriz  0.0%     5    3.2   4.6   3.2   6.7
> 1.4
>   4. ae0-0.NWRK-BB-RTR2.verizon-g  0.0%     5    5.9   8.4   4.9  20.7
> 6.8
>   5. ???                          100.0     5    0.0   0.0   0.0   0.0
> 0.0
>   6. 0.ae2.BR3.NYC4.ALTER.NET      0.0%     5    6.8   6.7   6.6   6.9
> 0.1
>   7. 204.255.169.234               0.0%     5    5.4   5.7   5.2   7.1
> 0.8
>   8. ae-2.r23.nycmny01.us.bb.gin.  0.0%     5    6.2   7.1   5.9  11.0
> 2.2
>   9. ae-6.r21.frnkge03.de.bb.gin. 60.0%     5   94.5  92.6  90.7  94.5
> 2.7
>  10. ae-1.r02.frnkge03.de.bb.gin.  0.0%     5   95.2  94.3  93.1  95.6
> 1.1
>  11. 213.198.77.214                0.0%     5   92.7  93.4  92.7  94.1
> 0.5
>  12. et030-4.RT.TC1.STO.SE.retn.n  0.0%     5  109.2 109.4 109.0 110.9
> 0.8
>  13. GW-ObeNetwork.retn.net        0.0%     5  116.0 190.0 111.1 341.8
> 100.4
>  14. moria-cr-3.piratpartiet.se   20.0%     5  110.1 111.6 109.9 116.1
> 2.9
>
>
> [root at tor-proxy network-scripts]# mtr --report -c 5 194.71.107.27
> HOST: tor-proxy.home              Loss%   Snt   Last   Avg  Best  Wrst
> StDev
>   1. pfsense.home                  0.0%     5    0.6   0.4   0.3   0.6
> 0.1
>   2. L100.NWRKNJ-VFTTP-134.verizo  0.0%     5    1.4   7.1   1.4  29.1
>  12.3
>   3. ???                          100.0     5    0.0   0.0   0.0   0.0
> 0.0
>
>
> The site works 100 % fine over vpn or proxy. So I don't think this is
> related to any DDOS attack.
>
>
>
>
> On Thu, Nov 27, 2014 at 2:06 PM, Phil Bedard <bedard.phil at gmail.com>
> wrote:
>
>> In the post you quoted it says:
>>
>> "In my last post I pointed out the do not announce to peers
>> community AS5580 was sending to Cogent, Level3 and who knows who else. So
>> any ASN that is not a customer of Cogent or Level3 wont learn the 5580
>> path
>> from them."
>>
>> Verizon, ATT, and the rest of those networks are Tier-1 networks meaning
>> if 5580 was tagging the route with do-not-advertise to their transit
>> providers (Level3 & Cogent) the other Tier-1s wouldn't have another route
>> to it.  Looking at routing updates there were a lot of them yesterday for
>> that prefix, for whatever reason.  The lack of reachability was completely
>> due to Atrato, had nothing to do with the ISPs in the US.
>>
>> It was reachable for me yesterday on our network, but we peer directly
>> with Atrato.
>>
>> It's possible they did it to stop a DDoS, some other kind of attack, or
>> any number of reasons.
>>
>> Phil
>>
>>
>>
>>
>>
>>
>> On 11/27/14, 2:47 PM, "Javier J" <javier at advancedmachines.us> wrote:
>>
>> >Looks like its working now (on FIOS anyway)
>> >
>> >Curious to know why the major networks stopped seeing it yesterday as
>> >well.
>> >
>> >On Thu, Nov 27, 2014 at 12:45 AM, Courtney Smith
>> ><courtneysmith at comcast.net>
>> >wrote:
>> >
>> >>
>> >> > No problem here in Los Angeles either, but seeing a lone route
>> through
>> >> Atrato only.
>> >> >
>> >> > flags destination          gateway          lpref   med aspath origin
>> >> > *>    194.71.107.0/24      <>     100     0 3491 5580 39138 22351
>> >>2.207
>> >> 51040 i
>> >> > *     194.71.107.0/24      <>       100     0 174 5580 39138 22351
>> >> 2.207 51040 i
>> >> >
>> >> >
>> >> > On 11/27/2014 午前 11:24, Tony Wicks wrote:
>> >> >>
>> >> >> No problem here in New Zealand
>> >> >>
>> >> >> tonyw at vrhost1-w> show route 194.71.107.0/24
>> >> >>
>> >> >> icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active,
>> >>14
>> >> >> holddown, 0 hidden)
>> >> >> + = Active Route, - = Last Active, * = Both
>> >> >>
>> >> >> 194.71.107.0/24    *[BGP/170] 10:25:44, MED 0, localpref 90
>> >> >>                        AS path: 4826 5580 39138 22351 131279 51040
>> I,
>> >> >> validation-state: unverified
>> >> >>                      > to 175.45.102.9 via ae1.526
>> >> >>
>> >>
>> >> Hopefully the body cones thru this time.  The issue isn't city or
>> >>country
>> >> based.  In my last post I pointed out the do not announce to peers
>> >> community AS5580 was sending to Cogent, Level3 and who knows who else.
>> >> So
>> >> any ASN that is not a customer of Cogent or Level3 wont learn the 5580
>> >>path
>> >> from them.
>> >>
>> >> When I checked a few hours ago, Comcast, Centurylink, AT&T, TATA, and
>> >> possibly Sprint were not seeing the /24 based on their public looking
>> >> glasses or route servers.  Have not had time to run bgplay  to see if
>> >> routeviews data shows how they previously saw the /24 in past 30 days.
>> >> Finding the ASN(s) they used to see from would shed light on why they
>> >> stopped seeing.   Checking bgplay and contacting AS51040 to reach out
>> to
>> >> their upstreams is my suggestion.
>>
>>
>



More information about the NANOG mailing list