| Block | Start | End | CustName: | Description: |
| 65.222.202.0/28 | 65.222.202.0 | 65.222.202.15 | Science Applications Int | SAIC (US Defense contractor) |
| 65.222.202.16/28 | 65.222.202.16 | 65.222.202.31 | Old Dominion Internet | Possibly dormant VA corporation |
| 65.222.202.32/28 | 65.222.202.32 | 65.222.202.47 | FTS2001/US Government | Federal Technology Service |
| 65.222.202.48/29 | 65.222.202.48 | 65.222.202.55 | Unknown | "Torsploit" block |
| 65.222.202.56/29 | 65.222.202.56 | 65.222.202.63 | Universal Machine Co of Pottsdown Inc | Universal Machines (www.umc-oscar.com) |
| 65.222.202.64/28 | 65.222.202.64 | 65.222.202.79 | Kitron | Electronic Manufacturing Service |
| 65.222.202.80/29 | 65.222.202.80 | 65.222.202.87 | Morningside Sports Farm | Horse Training Farm in VA |
| 65.222.202.88/29 | 65.222.202.88 | 65.222.202.95 | MetTel, Inc | Telecommunications Service Provider |
| 65.222.202.96/29 | 65.222.202.96 | 65.222.202.103 | Guidestar | NPO Information Service |
| 65.222.202.104/29 | 65.222.202.104 | 65.222.202.111 | Walt Disney Company | Mickey Mouse outfit |
| 65.222.202.112/28 | 65.222.202.112 | 65.222.202.127 | Dental Concepts | Dentistry |
| 65.222.202.128/29 | 65.222.202.128 | 65.222.202.135 | GARP Research & Securities | Financial Analysts |
| 65.222.202.136/29 | 65.222.202.136 | 65.222.202.143 | Assured Packaging Inc | Metal boxes |
| 65.222.202.144/28 | 65.222.202.145 | 65.222.202.159 | Unknown | |
| 66.222.202.160/28 | 66.222.202.161 | 66.222.202.174 | Unknown | |
| 65.222.202.176/29 | 65.222.202.176 | 65.222.202.183 | Butler Medical Transport | Patient Transport Services |
| 65.222.202.184/29 | 65.222.202.184 | 65.222.202.191 | Federated IT | Government IT contractor |
| 65.222.202.192/28 | 65.222.202.192 | 65.222.202.207 | Old Dominion Internet | Possibly dormant VA corporation |
| 65.222.202.208/29 | 65.222.202.208 | 65.222.202.215 | Pharmceuticals International, Inc | Healthcare |
| 65.222.202.216/29 | 65.222.202.216 | 65.222.202.223 | Unknown | |
| 65.222.202.224/29 | 65.222.202.224 | 65.222.202.231 | Unknown | |
| 65.222.202.232/29 | 65.222.202.232 | 65.222.202.239 | Live Nation | Events Company, CA |
| 65.222.202.240/28 | 65.222.202.240 | 65.222.202.255 | Georgetown Dat School | Washington DC school |
Sponsored by..
Showing posts with label Tor. Show all posts
Showing posts with label Tor. Show all posts
Tuesday, 6 August 2013
What is 65.222.202.0/24?
A breakdown of the suballocations of the Verizon Business 65.222.202.0/24 block, mentioned in connection with Torsploit:
Monday, 5 August 2013
Torsploit: is 65.222.202.53 the NSA?
What gets interesting is that some of these Tor services were infected with an injection script that attempted to reveal the real IP address of the the visitor through a security flaw in the version of Firefox in the Tor Bundle. There's an interesting analysis of the script here and the long and the short of it is that the injected code attempt to call back to 65.222.202.53, in order to track the Tor users involved.
So.. who is 65.222.202.53? Well, it seems to be a Verizon Business IP (part of a "ghost block" of 65.222.202.48/29) in the Washington DC area. You know.. the home of several government agencies or branches thereof. But now the Internet is awash with rumours that this IP address belongs to the NSA. But what evidence is there?
A lot of the fuss seems to have happened because of this tweet from Baneki Privacy Labs.
So, does SAIC (listed here as SCIENCE APPLICATIONS INT) own the whole /24? No. Verizon has simply allocated the first /28 in that block to SAIC, and it appears the DomainTools is misinterpreting that data.
NetRange: 65.222.202.0 - 65.222.202.15
CIDR: 65.222.202.0/28
OriginAS:
NetName: UU-65-222-202-D4
NetHandle: NET-65-222-202-0-1
Parent: NET-65-192-0-0-1
NetType: Reassigned
Comment: Addresses within this block are non-portable.
RegDate: 2006-09-14
Updated: 2006-09-14
Ref: http://whois.arin.net/rest/net/NET-65-222-202-0-1
CustName: SCIENCE APPLICATIONS INT
Address: 47332 EAGAN MCALLISTER LN
Address: RM 1112 1st fl
City: LEXINGTON PARK
StateProv: MD
PostalCode: 20653-2461
Country: US
RegDate: 2006-09-14
Updated: 2011-03-19
Ref: http://whois.arin.net/rest/customer/C01446299
Other suballocations is that block do include government agencies, but just a couple of IPs away from the mystery IP is 65.222.202.56/29 which belongs to an industrial supply company called Universal Machines. Whoever uses 65.222.202.53 is very likely to be a corporate or government entity, but really that's pretty much all you can tell from the Verizon Business IP. DomainTools is great but as with any automated tool.. sometimes you need to double-check what it reports back.
But then Baneki make another claim.. that obviously 65.222.202.53 belongs to the NSA, because the NSA controls the entire 65.192.0.0/11 range (65.192.0.1 to 65.223.255.254) which is about 2 million IPs.
It may surprise you to learn that law enforcement officers and intelligence agencies are not normally complete fucking idiots when it comes to guarding their IP addresses. They do not (for example) sign up to Silk Road with their @fbi.gov email addresses or poke around the underweb from an NSA IP address range. Well, not normally..
I am not saying that the injection wasn't the work of the NSA. Or the CIA, FBI, DOD, IRS or another other Alphabet Soup Agency. But let's see some real evidence first, eh?
UPDATE: I had a closer look at the users of the /24 here. It's a mix of businesses and government organisations and contractors, not surprising given the physical location of the /24.
Subscribe to:
Posts (Atom)