Tracking the RIAA Source
James B. DiGriz
jbdigriz at dragonsweb.org
Thu Oct 11 12:06:14 PDT 2001
John Young wrote:
>>From 14 users of Safeweb scattered around the US and
> several overseas, the same range of IP addresses
> were used. Which makes sense if all users logged into
> the same Safeweb home page and from there logged
> onto Cryptome. A few users logged in from their own
> addresses just before or after using Safeweb for
> comparison.
>
> No triangulation with that method.
>
> One thing my co-cpunk found by pinging Safeweb is that
> the last couple of hops were in the NYC area:
>
> 13 lga1-ord2-oc48-2.lga1.above.net (208.185.156.158) 112.562 ms 111.984
> ms 112.53 ms
> 14 core2-lga1-oc192.lga2.above.net (208.184.232.198) 114.423 ms 113.431
> ms 112.688 ms
> 15 main1colo45-core2-oc48.lga2.above.net (216.200.127.174) 113.138 ms
> 113.855 ms 111.581 ms
> 16 208.184.48.189.safeweb.com (208.184.48.189) 113.78 ms 115.876 ms
> 113.534 ms
> 17 64.124.150.130.safeweb.com (64.124.150.130) 112.797 ms 112.937 ms
> 112.228 ms
>
> This is on the assumption that "lga2" refers to "La Guardia,"
> but that is not certain for the tag may have nothing to do with
> physical location. However other above.net hops used airport
> tags.
>
> If you would like to ping Safeweb we would appreciate getting
> the logs for comparison. Just be alert to this being a scam to snarf
> your true identity, so leave off the first hop if you like, or just send in
> the
> last four or five hops leading up to Safeweb.
>
> The IP addresses of 64.124.150.130 et seq. is what we are tracking, but
> note the other Safeweb address in the ping log. So we would like to get any
> fresh safeweb addresses in ping logs beyond this range and altogether
> different domains:
>
> 64.124.150.130 - 64.124.150.144
>
> Thanks.
>
>
>
I get the same thing here once you hit the above.net edge router.
jbdigriz
More information about the cypherpunks-legacy
mailing list