Slashdot Mirror

← Back to Stories (view on slashdot.org)

CloudFlare Puts Pirate Sites on New IP Addresses, Avoids Cogent Blockade (torrentfreak.com)

Posted by msmash on from the fighting-back dept.

Earlier this month, several users worldwide reported that they were unable to access pirate websites including the Pirate Bay. It was because the internet backbone network of Cogent Communications had blackholed the CloudFlare IP-address of pirate websites. Less than a week later, CloudFlare is fighting back. From a report on TorrentFreak: The Pirate Bay and dozens of other pirate sites that were blocked by Cogent's Internet backbone are now accessible again. CloudFlare appears to have moved the sites in question to a new pair of IP-addresses, effectively bypassing Cogent's blackhole. [...] As of yesterday, the sites in question have been assigned the IP-addresses 104.31.16.3 and 104.31.17.3, still grouped together. Most, if not all of the sites, are blocked by court order in the UK so this is presumably done to prevent ISP overblocking of 'regular' CloudFlare subscribers.

31 of 88 comments (clear)

  1. All they have to do by HalAtWork · · Score: 1

    But all Cogent has to do is resolve the names and update their block to reflect it, this could be automated

    --
    Twinstiq, game news
    1. Re:All they have to do by DontBeAMoran · · Score: 4, Funny

      Then all CloudFlare has to do is verify if the new addresses are blocked and change them if necessary, this could be automated.

      --
      #DeleteFacebook
    2. Re:All they have to do by Anonymous Coward · · Score: 1

      And so on, and so on, until the entire internet is just one big block. I figure it could take less than 20 minutes once it starts.

    3. Re:All they have to do by Anonymous Coward · · Score: 5, Funny

      Well that's one way to force IPv6 deployment.

    4. Re:All they have to do by bobbied · · Score: 1

      Yea, until somebody figures out that it's not that hard to fake an authoritative DNS server... Oh Wait.... Hasn't that been done?

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    5. Re:All they have to do by viperidaenz · · Score: 1

      yeah, adding a reverse DNS lookup for every packet on a backbone... ouch. Which still wouldn't work anyway, as 104.31.16.3 has no PTR record pointing to it

    6. Re:All they have to do by guruevi · · Score: 1

      Then all they would have to do is:
      www.thepiratebay.org A 86400 0.0.0.0

      You really think they're going to trust a 3rd party (the same party they're trying to block) to give them the accurate addresses?

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    7. Re:All they have to do by Revek · · Score: 1

      This is exactly how I pictured it all ending. I better run out and buy all the bread and milk I can find.

    8. Re:All they have to do by wonkey_monkey · · Score: 1

      I thought they already did that.

      The IP block is presumably there now because people are just putting the IP addresses in to get around the DNS black hole.

      --
      systemd is Roko's Basilisk.
    9. Re:All they have to do by Neuronwelder · · Score: 2

      It makes me wonder if this "control thing" gets so bad, that people use and share line of site transmitters with each other to make their own nets.

    10. Re:All they have to do by mysidia · · Score: 2

      Blacklist 0.0.0.0/32? Feh.... I have an even better idea...:

      www.thepiratebay.org A 120 38.100.128.10

      www.thepiratebay.org A 120 38.119.116.148

      www.thepiratebay.org A 120 81.2.129.253

      www.thepiratebay.org A 120 66.28.0.14

      www.thepiratebay.org A 120 66.28.0.30

      www.thepiratebay.org A 120 66.28.3.10

      www.thepiratebay.org A 120 80.245.32.74

      www.thepiratebay.org A 120 80.91.64.50

      www.thepiratebay.org AAAA 120 2001:550:1:a::d

      www.thepiratebay.org AAAA 120 2001:550:1:b::d

      www.thepiratebay.org AAAA 120 2001:550:1:c::d

      www.thepiratebay.org AAAA 120 2001:978:1:b::d

      www.thepiratebay.org A 120 207.46.163.138

      www.thepiratebay.org A 120 207.46.163.247

      www.thepiratebay.org A 120 207.46.163.215

    11. Re:All they have to do by catprog · · Score: 1

      And watch as every single ISP drops Cogent so that their customers can access the internet. Their are so many sites on Cloudflare that if they were blocked, Customers would move from any ISP that would not let them access their sites.

      No Discord, Udacity , Stackoverflow for starters,

      --
      My Transformation Website
      Kindle Books http://www.catprog.org/rev
      Interactive CYOA http://www.catprog.org/st
  2. For their next trick... by Anonymous Coward · · Score: 2, Funny

    They need to identify UK government websites that are using cloudflare, and put them on the blackholed IP's.

    1. Re:For their next trick... by DontBeAMoran · · Score: 4, Insightful

      Redirect all UK government websites to this address instead.

      --
      #DeleteFacebook
    2. Re:For their next trick... by DontBeAMoran · · Score: 1

      Also redirect all requests made from UK government computers to that address.

      --
      #DeleteFacebook
    3. Re:For their next trick... by CaptainDork · · Score: 1

      URLs resolve to __ _________. (hint:IP addresses)

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:For their next trick... by gnick · · Score: 2

      That's not an IP address, it is a URI

      He called it an address, not an IP address. "URL" is close enough to being synonymous with "web address."

      --
      He's getting rather old, but he's a good mouse.
    5. Re: For their next trick... by gnick · · Score: 3, Insightful

      You did say URI. You could have said URL. It was, after all, a URL. This page gives a good description of the difference as well as a guide for responding to the statement, "Actually, that’s called a URI, not a URL"

      The response to this correction can range from quietly thinking this person needs to get out more, to agreeing indifferently via shoulder shrug, to removing the safety clasp on a Katana.

      --
      He's getting rather old, but he's a good mouse.
    6. Re:For their next trick... by DontBeAMoran · · Score: 1

      The 80's rocked.

      --
      #DeleteFacebook
    7. Re:For their next trick... by Highdude702 · · Score: 1

      Hell yea cause that's where i came from. It had to rock.

  3. Cogent is shit by Anonymous Coward · · Score: 1

    Level3 should have nuked it when they were caught hot-potato routing in violation of peering agreements

  4. Funny by viperidaenz · · Score: 5, Interesting

    Surely there are some MPAA/RIAA members who use Cloudfare.

    Cloudfare should switch their sites to the previously blocked IP addresses.

  5. The solution is unfortunately national segregation by Baron_Yam · · Score: 4, Interesting

    We already have nations cutting off Internet during times of unrest, and applying massive filtering and spying efforts against communications to and from their populations regardless.

    If you're going to apply national laws to an international system, that system is going to need to be chopped up into pieces that fit the political borders.

    That really sucks if your nation is surrounded by nations who disagree on what should be passed through their borders, so ultimately there needs to be some kind of Internet Treaty, where it is agreed that traffic is only to be interfered with if one of the end points is domestic, or by agreement with one of the governments with authority over an end point.

    Let governments be responsible for the border filters (and, presumably, spying), and then private companies like Cogent will have no interest in taking actions like IP block blacklisting.

  6. Re:The solution is unfortunately national segregat by Baron_Yam · · Score: 1

    You can limit the bandwidth severely, and if you control the chokepoints for the trunks you can choose to only let through what you can scan and approve.

    Yes, people can pass messages through steganography, or sneakernet, or radio links... but that's trivial to make illegal and while you can't easily enforce such laws they can be enforced well enough to reduce state-prohibited communications significantly.

    So yes, the Internet can route around it... but when 'around it' means around the 'around the area containing the destination' that's not really a solution.

  7. Someone Revoke Cogent's Common Carrier Status by Anonymous Coward · · Score: 1, Insightful

    Fuck those greedy nI-ggers

  8. Show of hands .. by CaptainDork · · Score: 1

    ... who didn't see this coming?

    --
    It little behooves the best of us to comment on the rest of us.
  9. Re:The solution is unfortunately national segregat by torkus · · Score: 4, Insightful

    Not true.

    It's a game of diminishing returns but there's never an absolute winner.

    You can make it nearly impossible to circumvent, and then someone can build a complex circumvention...and so on. Remember when 'hacking' was dumping the plaintext password database after booting off a floppy?

    You can make censorship difficult enough to circumvent that people will find something else to do...but the cost (implementation and maint) in that is very high.

    --
    You can get rich if you own a politician, but you have to be rich to buy one in the first place.
  10. Re:The solution is unfortunately national segregat by Baron_Yam · · Score: 1

    Your memory is embarrassingly short, since it's not been that long since we've actually seen governments kill their Internet.

    You can indulge in your 'information wants to be free' fantasies all you want, but the only thing stopping governments from effectively controlling their Internet is the cost of the required infrastructure and the negative effect it would bring to their economy.

    Reducing the 'Information Superhighway' to a pedestrian path with a guard at the border crossing isn't impossible.

  11. TPB on TOR by DrYak · · Score: 1

    Meanwhile, The Pirate Bay has .onion address on TOR, and that one was still running during the whole situation.

    (It can't technically be blocked that easily.)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  12. Re:The solution is unfortunately national segregat by Baron_Yam · · Score: 1

    Well, at least you're smart enough to post your stupidity as AC so it doesn't stick to you.

  13. Re:Addendum: You're already being downmodded by mmell · · Score: 1
    I'm fairly certain that I've been downmodded for giving your software a fair shot (and, in fact, posting an overall favorable impression of it), rather than the content of that informal review.

    Your software is just fine - well written, functional. Your claims that it's practically the cure for all the internet's woes are over-the-top and make you seem rather like the current POTUS. Your bellicose and acerbic posts, combined with your repeatedly posting straight binspam have given you a reputation here which even a calm, reasonable analysis cannot overcome. Your own reaction to this thread are a prime example.

    I've long known that host files can solve certain problems - and nowadays, those problems are becoming more and more common. Your Host File Engine does make the task of managing a local host file on one Windows desktop easier - but that's all it does and your attitude and your bellicose, fanatical posts make it impossible to determine or even say that here. You've successfully increased the signal/noise ratio beyond the tolerance of nearly everyone here.

    I'm going to continue using the Host File Engine. Have fun languishing in your self-imposed obscurity. Nearly all Slashdot users know who you are and won't even give a second thought to anything you write, suggest or say. I have, and now I'm paying the price for it. Downmod away, mods! I've said what is required and been heard by the intended recipient of my message.