Author Topic: Illegal Attacks On The Network (Read 4603 times)

GhostShip · « **on:** July 17, 2009, 09:09:26 am »

Folks I have been monitoring an increased effort by our enemies to launch illegal ddos attacks on our primaries, the blocked whittaker range that I believe is a front for media defender are using DOS techiques to cause network destabilisation and this can at times cause some folks to fall from their Primaries, as media defender has no idea if files are being transferred or not and is reckless as to whether data is being destroyed they are clearly breaking the law and complaints should be logged with either the FCC or the FBI regarding their cyber warfare attacks, as I,m not a US citizen its not possible for me to report them effectively but I would be more than grateful if anyone who is operating primary drops them a line asking them to investigate these criminal activities that are a step too far.

The attacks are triggered when anyone grabs a chat room listing so to minimise your exposure try to save and select the rooms you require from "favourites" rather than grab a fresh listing. There is no legal excuse to attack chat groups except to try to crush our community, we will not however give in to criminals so easily.

Whittaker :129.47.160.220-129.47.160.255

White Stripes · « **Reply #1 on:** July 17, 2009, 10:22:42 am »

http://www.p2pon.com/2009/02/17/bittorrent-monitoring-system-from-air-force-engineers/

while im not entirely sure its mediadefender....

http://torrentfreak.com/revision3-sends-fbi-after-mediadefender-080529/

i dont think it would do any good...

~~birdman~~ · « **Reply #2 on:** July 17, 2009, 10:42:42 am »

Ive been watching this attack on my firewall for a coupe of weeks now its non stop not just when opening the chat rooms lists its there all the time if you run primary

wonderer · « **Reply #3 on:** July 17, 2009, 01:07:22 pm »

I have extended the range a bit to 129.47.160.220-129.47.255.255 as they have been using the upper range too on my system a while ago.
They used to be not too clever by requesting from the same IP raising portnumbers by one in a unnatural speed.
The complete Whittaker range is 129.47.0.0-129.47.255.255 btw.

Lagerlout666 · « **Reply #4 on:** July 17, 2009, 01:47:01 pm »

We have never just blocked a full range just because they own it. The list has always been about what is active. An seen as it can be updated in seconds not days like other lists out their their is no need to be so brutal. An gives the block-list team something to hunt for.

Ace · « **Reply #5 on:** July 17, 2009, 04:27:14 pm »

ill say block em as in then min range first

if still ddossing then higher the range

GhostShip · « **Reply #6 on:** July 17, 2009, 05:31:58 pm »

I cant prove 100% this is media defender but I can prove it by the balance of probabilities, media defender used to use a 72 range and a 38 range then they shifted a few months ago to a new 174 range the other ranges disapearing on the exact day as the new one arrived, also a traceroute reveals the last step before the 174 IP was a media defender IP last used to set up a sting video upload site that failed, this then ties the changes and new IP together, the latest IP range to be active is the small whitaker that appears on a few old emule block-lists for anti p2p2 activities, but on our network is a flooder in the main and all the primary dos attacks occur when they finds its floding attempts blocked, the initial trigger is a chat list request but they will as another poster mentioned continue throught your time online to disrupt the primary network.

once again as the whittaker IP is active on the same day the 174 range closed down, this then indicates its media defender and likley the whittaker company whos range is vastly larger, sublets a small portion to media defender or they have a proxy deal as media defender have used such services many times all to hide their original server IP's.

Lets be clear here so no one is confused, the blocklist team will only ever block network attackers and as the network is checked many times a day we do not need to block millions of IP's "just in case", the range thats attacking is being blocked nothing more and nothing less.

Forested665 · « **Reply #7 on:** July 17, 2009, 07:22:08 pm »

Unfortunately the FBI is a higher level of command then most citizens have access to, and FCC doesnt regulate the lines. Best course of action is to trace the IPs and report them to THIER ISP from there it is forwarded to the FBI, additionally you can contact your own ISP to see if they can stop the attacks on the line and not penalize you for the added bandwidth.

Ghostship if you will pm me on how to come under thier radar i will gladly subjectify myself to these attacks and file a report accordingly.

Ace · « **Reply #8 on:** July 17, 2009, 07:58:19 pm »

there are allso spoken about on phoenixlabs and deff are on emule list s
and allso on list.iblocklist.com/ blocklist s

Whois

Details zur IP-Adresse 129.47.160.220

OrgName: Whittaker Corporation
OrgID: WHITTA
Address: 1955 North Surveyor Ave
City: Simi Valley
StateProv: CA
PostalCode: 93063-3386
Country: US

NetRange: 129.47.0.0 - 129.47.255.255
CIDR: 129.47.0.0/16
NetName: WCAIFHLS
NetHandle: NET-129-47-0-0-1
Parent: NET-129-0-0-0-0
NetType: Direct Assignment
Comment:
RegDate: 1987-07-31
Updated: 2007-05-22

are 100% anti p2p even if you google " are Whittaker Corporation anti p2p "
the list is hugh of em being added to blocklist s
which is a subsidiary of penny stock ArtistDirect which allso part of mediadefender
http://finance.yahoo.com/news/ARTISTdirect-Announces-pz-14837970.html