As many of you know, Trident Media Guard is the antipiracy company that monitorizes P2P networks for the HADOPI law in France. They are known to monitorize BitTorrent and eDonkey2000.
Previously this year, a eMule user catched a partial list of what they look for in eDonkey2000 network and a Slyck user was victim of a BitTorrent DDoS by TMG (More on this here and here).
So I'm opening this thread to centralize as many information about Trident Media Guard operations as possible. Here is a start:
IP ranges are owned by Bastien Casalta, co-founder of TMG. These can be queried in the RIPE database
Reports on DDoS against BitTorrent users
http://forums.phoenixlabs.org/showpost. ... count=1754
http://groups.google.com/group/uk.legal ... 2eb5d4d3ce
http://board.gulli.com/thread/690542-tr ... guardian2/ (German)
Analysis of the patents:
Main website: http://tmg.eu/
Old website: http://mediaguard.info/
SCPP Login: https://cei.tmg.eu/scpp.agent/authentication.php (needs entry in hosts file: 18.104.22.168 cei.tmg.eu)
SPPF Login: https://cei.tmg.eu/sppf.agent/authentication.php (needs entry in hosts file: 22.214.171.124 cei.tmg.eu)
ALPA Login: https://cei.tmg.eu/alpa.agent/authentication.php (needs entry in hosts file: 126.96.36.199 cei.tmg.eu)
Their website is hosted in OVH dedicated servers, while their monitoring infrastructure ISP is Cogent Communications.
What's in their IP ranges?
- 188.8.131.52 - Switch - Probably Cisco
- 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199 - ??? - VMware Authentication Daemon 1.10
- 188.8.131.52 - VMware ESX server (admin interface)
- 184.108.40.206 - VMware ESX Server 3.0 (admin interface)
- 220.127.116.11 - VMware Authentication Daemon + interesting IIS server + RealVNC
- 18.104.22.168 - PostgreSQL
- 22.214.171.124 - Unknown
- 126.96.36.199 - http://peerlink.net
- 188.8.131.52 - Switch - Dell PowerConnect 6248 (admin interface)
- 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 - Unknown
- 126.96.36.199 - Switch
- 188.8.131.52 - Unknown + Apache 2 web server
- 184.108.40.206 - Unknown + Apache 2 web server
- 220.127.116.11, 18.104.22.168 - VMware ESX server (admin interfaces here, here)
- 22.214.171.124, 126.96.36.199, 188.8.131.52 - Unknown
- 184.108.40.206 - ftp.peerwatch.net
- 220.127.116.11 - arrakis.mediaguard.info, fed3
- 18.104.22.168 - Switch?
- 22.214.171.124 - EMC Celerra Network Server 5.6.49 (admin interface)
- 126.96.36.199, 188.8.131.52 - Storage administration - Navisphere Express (admin interfaces here and here)
- 184.108.40.206 - Firewall - Cisco ASDM 6.3(1) (admin interface)
- 220.127.116.11, 18.104.22.168, 22.214.171.124 - XenServer 5.6.0
- 126.96.36.199 - Unidentified Windows machine
- â€‹188.8.131.52 - Unidentified Windows machine
- 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 - Unknown
- 126.96.36.199 - cei.tmg.eu, hosts intranet for SPPF, SCPP and ALPA, used to host an Openwall popa3d mail server.
- 188.8.131.52 (http://btnet.cei.tmg.eu)
- 184.108.40.206 - Switch - Dell PowerConnect 6248 (admin interface)
- 220.127.116.11 (FlexLM server)
Other TMG domains
http://peerwatch.net (accurately measures the availability of pirated files on various P2P networks)
Trident Internet Media Secure (TIMS) ?
IFTA report from March 24, 2010 where TMG activities are explained
If you can log and properly trace IPs, you can report DDoS to BitTorrent users from their infrastructure to Cogent Communications.
Please, post any extra information you have about this! TMG operations are illegal in a lot of countries and we should uncover them.