SonsOfLiberty
05-25-2009, 11:28 PM
http://img507.imageshack.us/img507/2848/srob.jpg
Disgraced and discredited private eye MediaSentry, fired by former patrons Vivendi Universal, EMI, Warner Music and Sony Music and their RIAA, may be dead and buried in America, but it’s apparently alive and well, resurfacing in Australia where it’s once again plying its trade, probably under new management.
If you’re in Australia, use Peer Guardian to block IP addresses 174.136.* - Suavemente and 189.47.* - TELECOMUNICACOES DE SAO PAULO.
Because from the look of it, MediaSentry in Oz to has bought several class C IPs and has the entire range seeding files as part of the operation which saw a Brisbane student thrown out of his dormitory, with Sony as the bad hat behind the eviction.
They may have moved their storefront to Australia, but that’s about all they’ve moved.
Currently, they’re still using USA hosting for their illegal activity and whereas file sharing is a civil infraction of copyrighted intellectual property, IMO, they’re using outright criminal activities to further their income and the bottom line of the ever- evil (insert big $ here) empire’s corporate bullshit.
I saw this YouTube video today which says more people died from the flu than from drunk driving, and that got me thinking. So I did some statistical research of my own and I couldn’t find one lost job, one store closing, one affected shipment or lost sale due to ‘piracy’.
In other words, while the video is about DWI, or OVI (if you watch the video), I found alot of similiarities in the over-reaction in the USA to something as insidious as drunk driving.
So, in my continuing determination to expose the MAFIAA, check this out:
Firstly, DarkStar Management is currently seeding trojans (as you can see from the entry below) to the BitTorrent world by the millions. But I’ll go into that in another article.
Sun May 24 20
09 09:41:42.848 xxx -Blck- local:0 -> 89.238.155.65:6881 (torr) tcp4
‘xxxxxxxx (15767)’ (Open Hosting/possible DarkStar Management:P2P)
DarkStar Management: UK seeding trojans
person: OHtele Hostmaster
address: PO BOX 2094
address: BOLTON
address: BL6 6WW
address: United Kingdom
abuse-mailbox: [email protected]
phone: +44 (0) 8701 651 351
nic-hdl: OHT-RIPE
changed: [email protected] 20050929
source: RIPE
I was logging onto my favorite anonymity site (xxxx) when PeerGuardian2 blocked a site called DarkStar Management. Not finding anything inherently evil after several searches (Yahoo, Google, Ask.com), I “allowed 78.129.146.44 for 15 minutes” - BIG MISTAKE!. My computer immediately rebooted so I knew I was in “deep doo doo”.
After the reboot, I ran a program called Malwarebytes which showed (and deleted) 14 files infected with the ZLOB Trojan.
And MediaSentry is currrently using:
Sun May 24 2009 09:41:58.835 xxx -Blck- local:0 -> 189.47.25.90:4663
tcp4 ‘xxxxxxxx (15767)’ (TELECOMUNICACOES DE SAO PAULO/
MediaDefender:P2P) : dsl.telesp.net.br
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
Sun May 24 2009 11:41:23.833 xxx -Blck- local:0 ->
174.136.245.48:10409 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P) : fiberconnection.demarc.cogentco.com
Suavemente/174.136.245.47
Suavemente/174.136.245.45
174.136.245.44
174.136.245.48
174.136.245.60
174.136.243.8: fiberconnection.demarc.cogentco.com
TELECOMUNICACOES DE SAO PAULO/189.47.25.90:dsl.telesp.net.br
Suavemente/174.136.243.8
OrgName: Suavemente, INC.
OrgID: SUAVE-1
Address: 8675 Avenida Costa Norte Suite A
City: San Diego
StateProv: CA
PostalCode: 92154
Country: US
Sun May 24 2009 11:41:35.332 xxx -Blck- local:20956 ->
92.227.217.34:28813 udp4 ‘xxxxxxxx (15767)’ (HanseNet
Telekommunikation/MediaSentry:P2P) : so-7-1-0-0.cr01.dus.de.hansenet.net
role: HanseNet IP Coordination
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: Germany
phone: +49 40 23726 0
fax-no: +49 40 23726 193996
e-mail: [email protected]
What’s interesting is lookups only worked for the USA Suavemente, mainly because the NETNIC requires your A-NAME record be accessible. The other countries, Uraguay and Germany, don’t call for this.
This meant when I backtraced to find out who owned that IP address, I was blocked by the MAFIAA firewall in the countries that don’t require the ISP to provide this ability.
But what really caught my eye is below:
Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 ->
174.136.245.47:10261 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 ->
174.136.245.45:10159 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 ->
174.136.245.47:10261 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 ->
174.136.245.45:10159 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 ->
174.136.245.45:10159 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 ->
174.136.245.47:10261 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
This tells me they tried UDP access to my IP address first.
UDP is more or less a handshake saying, Yes, I’m online using something Bittorrent can see. Blocking the UDP call is kind of an indirect answer saying ‘Yes, I have what you’re looking for, but No you can’t have it.’ This is ambiguous of content or packet, this is only a\handshake.’ (That’s the best it gets for non-techies out there, sorry).
Directly after the UDP block, MediaDefender tried to GET the file that UDP said I possessed, but couldn’t have.
This is an automated attempt, switching from a UDP request to a TCP request. This shows me, without a doubt, they’re running a Bittorrent client and probably using PeerGuardian to log IP addresses. It’s fairly simple to do.
I have access to the list of EVERY SINGLE IP address that downloaded content from my IP address using a Bittorrent client — albiet modifiedfor safety, but not to the extent it affected the engineering of the experiment.
With this information, I could easily have done what the MAFIAA is doing —- send out infringement notices ad hoc.
So much for ’super secret squirrel’ technology.
:source: Source: P2P Net Part 1 (http://www.p2pnet.net/story/22129) | P2P Net Part 2 (http://www.p2pnet.net/story/22233) |P2P Net Part 3 (http://www.p2pnet.net/story/22143)
Disgraced and discredited private eye MediaSentry, fired by former patrons Vivendi Universal, EMI, Warner Music and Sony Music and their RIAA, may be dead and buried in America, but it’s apparently alive and well, resurfacing in Australia where it’s once again plying its trade, probably under new management.
If you’re in Australia, use Peer Guardian to block IP addresses 174.136.* - Suavemente and 189.47.* - TELECOMUNICACOES DE SAO PAULO.
Because from the look of it, MediaSentry in Oz to has bought several class C IPs and has the entire range seeding files as part of the operation which saw a Brisbane student thrown out of his dormitory, with Sony as the bad hat behind the eviction.
They may have moved their storefront to Australia, but that’s about all they’ve moved.
Currently, they’re still using USA hosting for their illegal activity and whereas file sharing is a civil infraction of copyrighted intellectual property, IMO, they’re using outright criminal activities to further their income and the bottom line of the ever- evil (insert big $ here) empire’s corporate bullshit.
I saw this YouTube video today which says more people died from the flu than from drunk driving, and that got me thinking. So I did some statistical research of my own and I couldn’t find one lost job, one store closing, one affected shipment or lost sale due to ‘piracy’.
In other words, while the video is about DWI, or OVI (if you watch the video), I found alot of similiarities in the over-reaction in the USA to something as insidious as drunk driving.
So, in my continuing determination to expose the MAFIAA, check this out:
Firstly, DarkStar Management is currently seeding trojans (as you can see from the entry below) to the BitTorrent world by the millions. But I’ll go into that in another article.
Sun May 24 20
09 09:41:42.848 xxx -Blck- local:0 -> 89.238.155.65:6881 (torr) tcp4
‘xxxxxxxx (15767)’ (Open Hosting/possible DarkStar Management:P2P)
DarkStar Management: UK seeding trojans
person: OHtele Hostmaster
address: PO BOX 2094
address: BOLTON
address: BL6 6WW
address: United Kingdom
abuse-mailbox: [email protected]
phone: +44 (0) 8701 651 351
nic-hdl: OHT-RIPE
changed: [email protected] 20050929
source: RIPE
I was logging onto my favorite anonymity site (xxxx) when PeerGuardian2 blocked a site called DarkStar Management. Not finding anything inherently evil after several searches (Yahoo, Google, Ask.com), I “allowed 78.129.146.44 for 15 minutes” - BIG MISTAKE!. My computer immediately rebooted so I knew I was in “deep doo doo”.
After the reboot, I ran a program called Malwarebytes which showed (and deleted) 14 files infected with the ZLOB Trojan.
And MediaSentry is currrently using:
Sun May 24 2009 09:41:58.835 xxx -Blck- local:0 -> 189.47.25.90:4663
tcp4 ‘xxxxxxxx (15767)’ (TELECOMUNICACOES DE SAO PAULO/
MediaDefender:P2P) : dsl.telesp.net.br
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
Sun May 24 2009 11:41:23.833 xxx -Blck- local:0 ->
174.136.245.48:10409 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P) : fiberconnection.demarc.cogentco.com
Suavemente/174.136.245.47
Suavemente/174.136.245.45
174.136.245.44
174.136.245.48
174.136.245.60
174.136.243.8: fiberconnection.demarc.cogentco.com
TELECOMUNICACOES DE SAO PAULO/189.47.25.90:dsl.telesp.net.br
Suavemente/174.136.243.8
OrgName: Suavemente, INC.
OrgID: SUAVE-1
Address: 8675 Avenida Costa Norte Suite A
City: San Diego
StateProv: CA
PostalCode: 92154
Country: US
Sun May 24 2009 11:41:35.332 xxx -Blck- local:20956 ->
92.227.217.34:28813 udp4 ‘xxxxxxxx (15767)’ (HanseNet
Telekommunikation/MediaSentry:P2P) : so-7-1-0-0.cr01.dus.de.hansenet.net
role: HanseNet IP Coordination
address: HanseNet Telekommunikation GmbH
address: Ueberseering 33 A
address: D-22297 Hamburg
address: Germany
phone: +49 40 23726 0
fax-no: +49 40 23726 193996
e-mail: [email protected]
What’s interesting is lookups only worked for the USA Suavemente, mainly because the NETNIC requires your A-NAME record be accessible. The other countries, Uraguay and Germany, don’t call for this.
This meant when I backtraced to find out who owned that IP address, I was blocked by the MAFIAA firewall in the countries that don’t require the ISP to provide this ability.
But what really caught my eye is below:
Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 ->
174.136.245.47:10261 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 ->
174.136.245.45:10159 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 ->
174.136.245.47:10261 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 ->
174.136.245.45:10159 udp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 ->
174.136.245.45:10159 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 ->
174.136.245.47:10261 tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
MediaDefender:P2P)
This tells me they tried UDP access to my IP address first.
UDP is more or less a handshake saying, Yes, I’m online using something Bittorrent can see. Blocking the UDP call is kind of an indirect answer saying ‘Yes, I have what you’re looking for, but No you can’t have it.’ This is ambiguous of content or packet, this is only a\handshake.’ (That’s the best it gets for non-techies out there, sorry).
Directly after the UDP block, MediaDefender tried to GET the file that UDP said I possessed, but couldn’t have.
This is an automated attempt, switching from a UDP request to a TCP request. This shows me, without a doubt, they’re running a Bittorrent client and probably using PeerGuardian to log IP addresses. It’s fairly simple to do.
I have access to the list of EVERY SINGLE IP address that downloaded content from my IP address using a Bittorrent client — albiet modifiedfor safety, but not to the extent it affected the engineering of the experiment.
With this information, I could easily have done what the MAFIAA is doing —- send out infringement notices ad hoc.
So much for ’super secret squirrel’ technology.
:source: Source: P2P Net Part 1 (http://www.p2pnet.net/story/22129) | P2P Net Part 2 (http://www.p2pnet.net/story/22233) |P2P Net Part 3 (http://www.p2pnet.net/story/22143)