[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
zum vorgehen von netPD aka mp3police, Metallicas Service zur
Identifizierung von Napsterusern
auf der mal wirklich gruendlichen diskussion auf http://slashdot.org
That's a lure for script kiddies (Score:2)
by anticypher (firstname.lastname@example.org) on Monday May 08, @08:15PM EDT (#282)
(User Info) http://127.210.19.3/index.html
All the probes are coming out of a cable system in the UK. Look on
whois.ripe.net for the real source
inetnum: 220.127.116.11 - 18.104.22.168
descr: Internet applications for the music industry.
person: Bruse Ward
address: 1st Floor,Godolphin House
address: 2 The Avenue
address: Newmarket Suffolk. CB8 9AA
phone: +44 1633 670000
changed: email@example.com 19991221
but can't find the registry contact for mp3police.co.uk, it seems to be
hosted at Xara.net.
According to logs, mp3police.co.uk were actively scanning http, ftp, and
napster style connections starting in mid-april. Machines were under
occasional cyber-attack by groups of 5 machines, each taking turns probing
different services and trying to walk ftp trees on a few anonymous-login
servers, and ignored robots.txt on the web servers. Couldn't tell from the
logs what they were looking for, but since they didn't try to rattle any
exploits, the rogue bots were ignored for more immediate threats.
It should be noted that for a while they were attempting napster type
connections on whole banks of IP addresses, whether or not the nodes were
running napster. It shows up kind of funny in the security logs when
routers are probed by a rogue napster client.
So their scanning pre-dates the lawsuit, or else there were preparations
for the suit going on for a long time.
I think mp3police or netpd have been getting ready to sell their services
to the first lawsuit to come along. They've collected tons of logs over a
period of months, and then when metallica hit the news their marketing guy
contacted the lawyers. I wonder what their business plan looks like :-)