Your Ad Here Your Ad Here
Results 1 to 1 of 1

Thread: MediaSentry, Sony: nailed in Australia

  1. #1
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Capital Wasteland

    Disgraced and discredited private eye MediaSentry, fired by former patrons Vivendi Universal, EMI, Warner Music and Sony Music and their RIAA, may be dead and buried in America, but it’s apparently alive and well, resurfacing in Australia where it’s once again plying its trade, probably under new management.

    If you’re in Australia, use Peer Guardian to block IP addresses 174.136.* - Suavemente and 189.47.* - TELECOMUNICACOES DE SAO PAULO.

    Because from the look of it, MediaSentry in Oz to has bought several class C IPs and has the entire range seeding files as part of the operation which saw a Brisbane student thrown out of his dormitory, with Sony as the bad hat behind the eviction.

    They may have moved their storefront to Australia, but that’s about all they’ve moved.

    Currently, they’re still using USA hosting for their illegal activity and whereas file sharing is a civil infraction of copyrighted intellectual property, IMO, they’re using outright criminal activities to further their income and the bottom line of the ever- evil (insert big $ here) empire’s corporate bullshit.

    I saw this YouTube video today which says more people died from the flu than from drunk driving, and that got me thinking. So I did some statistical research of my own and I couldn’t find one lost job, one store closing, one affected shipment or lost sale due to ‘piracy’.

    In other words, while the video is about DWI, or OVI (if you watch the video), I found alot of similiarities in the over-reaction in the USA to something as insidious as drunk driving.

    So, in my continuing determination to expose the MAFIAA, check this out:

    Firstly, DarkStar Management is currently seeding trojans (as you can see from the entry below) to the BitTorrent world by the millions. But I’ll go into that in another article.

    Sun May 24 20
    09 09:41:42.848 xxx -Blck- local:0 -> (torr) tcp4
    ‘xxxxxxxx (15767)’ (Open Hosting/possible DarkStar Management2P)

    DarkStar Management: UK seeding trojans

    person: OHtele Hostmaster
    address: PO BOX 2094
    address: BOLTON
    address: BL6 6WW
    address: United Kingdom
    phone: +44 (0) 8701 651 351
    nic-hdl: OHT-RIPE
    changed: 20050929
    source: RIPE

    I was logging onto my favorite anonymity site (xxxx) when PeerGuardian2 blocked a site called DarkStar Management. Not finding anything inherently evil after several searches (Yahoo, Google,, I “allowed for 15 minutes” - BIG MISTAKE!. My computer immediately rebooted so I knew I was in “deep doo doo”.

    After the reboot, I ran a program called Malwarebytes which showed (and deleted) 14 files infected with the ZLOB Trojan.

    And MediaSentry is currrently using:
    Sun May 24 2009 09:41:58.835 xxx -Blck- local:0 ->
    tcp4 ‘xxxxxxxx (15767)’ (TELECOMUNICACOES DE SAO PAULO/
    MediaDefender2P) :

    OrgName: Latin American and Caribbean IP address Regional Registry
    Address: Rambla Republica de Mexico 6125
    City: Montevideo
    PostalCode: 11400
    Country: UY

    Sun May 24 2009 11:41:23.833 xxx -Blck- local:0 -> tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
    MediaDefender2P) :


    OrgName: Suavemente, INC.
    OrgID: SUAVE-1
    Address: 8675 Avenida Costa Norte Suite A
    City: San Diego
    StateProv: CA
    PostalCode: 92154
    Country: US

    Sun May 24 2009 11:41:35.332 xxx -Blck- local:20956 -> udp4 ‘xxxxxxxx (15767)’ (HanseNet
    Telekommunikation/MediaSentry2P) :

    role: HanseNet IP Coordination
    address: HanseNet Telekommunikation GmbH
    address: Ueberseering 33 A
    address: D-22297 Hamburg
    address: Germany
    phone: +49 40 23726 0
    fax-no: +49 40 23726 193996

    What’s interesting is lookups only worked for the USA Suavemente, mainly because the NETNIC requires your A-NAME record be accessible. The other countries, Uraguay and Germany, don’t call for this.

    This meant when I backtraced to find out who owned that IP address, I was blocked by the MAFIAA firewall in the countries that don’t require the ISP to provide this ability.

    But what really caught my eye is below:

    Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 -> udp4 ‘xxxxxxxx (15767)’ (Suavemente/
    Sun May 24 2009 10:05:40.820 xxx -Blck- local:20956 -> udp4 ‘xxxxxxxx (15767)’ (Suavemente/
    Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 -> udp4 ‘xxxxxxxx (15767)’ (Suavemente/
    Sun May 24 2009 10:05:40.821 xxx -Blck- local:20956 -> udp4 ‘xxxxxxxx (15767)’ (Suavemente/
    Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 -> tcp4 ‘xxxxxxxx (15767)’ (Suavemente/
    Sun May 24 2009 10:05:40.821 xxx -Blck- local:0 -> tcp4 ‘xxxxxxxx (15767)’ (Suavemente/

    This tells me they tried UDP access to my IP address first.

    UDP is more or less a handshake saying, Yes, I’m online using something Bittorrent can see. Blocking the UDP call is kind of an indirect answer saying ‘Yes, I have what you’re looking for, but No you can’t have it.’ This is ambiguous of content or packet, this is only a\handshake.’ (That’s the best it gets for non-techies out there, sorry).

    Directly after the UDP block, MediaDefender tried to GET the file that UDP said I possessed, but couldn’t have.

    This is an automated attempt, switching from a UDP request to a TCP request. This shows me, without a doubt, they’re running a Bittorrent client and probably using PeerGuardian to log IP addresses. It’s fairly simple to do.

    I have access to the list of EVERY SINGLE IP address that downloaded content from my IP address using a Bittorrent client — albiet modifiedfor safety, but not to the extent it affected the engineering of the experiment.

    With this information, I could easily have done what the MAFIAA is doing —- send out infringement notices ad hoc.

    So much for ’super secret squirrel’ technology.

    Source: P2P Net Part 1 | P2P Net Part 2 |P2P Net Part 3
    Last edited by SonsOfLiberty; 05-26-2009 at 12:18 AM.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts