Slyck.com
 
Slyck Chatbox - And More

Trident Media Guard

Discuss any general File-Sharing Topic or Issue

Please use the relevant forum below for non file-sharing issues or questions about a specific program or network.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Trident Media Guard

Postby Bastien » Sun Oct 31, 2010 10:30 am

Hi,

As many of you know, Trident Media Guard is the antipiracy company that monitorizes P2P networks for the HADOPI law in France. They are known to monitorize BitTorrent and eDonkey2000.

Previously this year, a eMule user catched a partial list of what they look for in eDonkey2000 network and a Slyck user was victim of a BitTorrent DDoS by TMG (More on this here and here).

So I'm opening this thread to centralize as many information about Trident Media Guard operations as possible. Here is a start:

IP ranges

IP ranges are owned by Bastien Casalta, co-founder of TMG. These can be queried in the RIPE database

82.138.70.128/26
82.138.74.0/25
91.189.104.0/21
193.105.197.0/24
193.107.240.0/22
195.191.244.0/23

Reports on DDoS against BitTorrent users

viewtopic.php?t=50530
http://forums.phoenixlabs.org/showpost. ... count=1754
http://forums.phoenixlabs.org/showthread.php?t=13528
http://forums.phoenixlabs.org/showthread.php?t=13887
http://groups.google.com/group/uk.legal ... 2eb5d4d3ce
http://forums.phoenixlabs.org/showthread.php?t=16373
http://board.gulli.com/thread/690542-tr ... guardian2/ (German)

Patents

http://www.faqs.org/patents/app/20090210492
http://www.faqs.org/patents/app/20100036935

Analysis of the patents:
http://anar.zone.free.fr/blog.php?n=1367 (French)

Infrastructure

Main website: http://tmg.eu/
Old website: http://mediaguard.info/
Extranet: https://extranet.tmg.eu/
BugTracker: https://btnet.cei.tmg.eu/BugTracker/
SCPP Login: https://cei.tmg.eu/scpp.agent/authentication.php (needs entry in hosts file: 193.105.197.250 cei.tmg.eu)
SPPF Login: https://cei.tmg.eu/sppf.agent/authentication.php (needs entry in hosts file: 193.105.197.250 cei.tmg.eu)
ALPA Login: https://cei.tmg.eu/alpa.agent/authentication.php (needs entry in hosts file: 193.105.197.250 cei.tmg.eu)

Their website is hosted in OVH dedicated servers, while their monitoring infrastructure ISP is Cogent Communications.

What's in their IP ranges?

82.138.70.128/26
  • 82.138.70.128 - Switch - Probably Cisco
  • 82.138.70.132, 82.138.70.133, 82.138.70.136, 82.138.70.146, 82.138.70.173 - ??? - VMware Authentication Daemon 1.10
  • 82.138.70.134 - VMware ESX server (admin interface)
  • 82.138.70.135 - VMware ESX Server 3.0 (admin interface)
  • 82.138.70.137 - VMware Authentication Daemon + interesting IIS server + RealVNC
  • 82.138.70.139 - PostgreSQL
  • 82.138.70.140 - Unknown
  • 82.138.70.144 - http://peerlink.net
  • 82.138.70.145 - Switch - Dell PowerConnect 6248 (admin interface)
  • 82.138.70.147, 82.138.70.149, 82.138.70.150, 82.138.70.151 - Unknown
  • 82.138.70.161 - Switch
  • 82.138.70.167 - Unknown + Apache 2 web server
    ​
  • 82.138.70.168 - Unknown + Apache 2 web server
  • 82.138.70.171, 82.138.70.172 - VMware ESX server (admin interfaces here, here)
  • 82.138.70.174, 82.138.70.177, 82.138.70.181 - Unknown
  • 82.138.70.179 - ftp.peerwatch.net
  • 82.138.70.182 - arrakis.mediaguard.info, fed3
  • 82.138.70.190 - Switch?

193.107.197.0/24
  • 193.105.197.30 - EMC Celerra Network Server 5.6.49 (admin interface)
  • 193.105.197.31, 193.105.197.32 - Storage administration - Navisphere Express (admin interfaces here and here)
  • 193.105.197.33 - Firewall - Cisco ASDM 6.3(1) (admin interface)
  • 193.105.197.34, 193.105.197.35, 193.105.197.38 - XenServer 5.6.0
  • 193.105.197.36 - Unidentified Windows machine
  • ​193.105.197.37 - Unidentified Windows machine
  • 193.105.197.39, 193.105.197.43, 193.105.197.44, 193.105.197.50 - Unknown
  • 193.105.197.250 - cei.tmg.eu, hosts intranet for SPPF, SCPP and ALPA, used to host an Openwall popa3d mail server.

193.107.240.0/22

195.191.244.0/23

Other TMG domains

http://peerlink.net
http://peerwatch.net (accurately measures the availability of pirated files on various P2P networks)
http://elink2.net

LeakFinder ?
Trident Internet Media Secure (TIMS) ?

Other documents

IFTA report from March 24, 2010 where TMG activities are explained

Suggestions

If you can log and properly trace IPs, you can report DDoS to BitTorrent users from their infrastructure to Cogent Communications.

Please, post any extra information you have about this! TMG operations are illegal in a lot of countries and we should uncover them.
Last edited by Bastien on Sun Nov 07, 2010 10:11 am, edited 20 times in total.
Bastien
 
Posts: 5
Joined: Sun Oct 31, 2010 10:10 am

Re: Trident Media Guard

Postby Bastien » Sun Oct 31, 2010 10:33 am

Some people have suggested that TMG is somehow related to Securest Ltd, a dutch company running fake eDonkey servers. However, I'm unable to find any evidence on this. Does anyone know something?
Bastien
 
Posts: 5
Joined: Sun Oct 31, 2010 10:10 am

Re: Trident Media Guard

Postby MrFredPFL » Sun Oct 31, 2010 11:13 am

i would strongly suggest that anyone who is not capable of tracing an IP address themselves refrain from reporting suspected abuse, because unless you know who actually owns the IP address(es) in question, you're going to end up sending a lot of mail to the abuse address about things which have nothing to do with them. the (imo) unavoidable result of such action will be to cause cogentco to not take legitimate complaints as seriously as they should.
MrFredPFL
 
Posts: 14272
Joined: Wed Aug 17, 2005 4:48 pm

Re: Trident Media Guard

Postby Bastien » Sun Oct 31, 2010 11:15 am

MrFredPFL wrote:i would strongly suggest that anyone who is not capable of tracing an IP address themselves refrain from reporting suspected abuse


True. Edited to make that a suggestion for users that know what they are doing ;)
Bastien
 
Posts: 5
Joined: Sun Oct 31, 2010 10:10 am

Re: Trident Media Guard

Postby Bastien » Sun Oct 31, 2010 11:25 am

Something for further investigation: http://uk1.peerlink.net and http://uk2.peerlink.net point to 88.208.236.16, which is http://onefletchergateresource.com/. However, there's no apparent relation.
Bastien
 
Posts: 5
Joined: Sun Oct 31, 2010 10:10 am

Re: Trident Media Guard

Postby Bastien » Sat Nov 06, 2010 5:08 pm

EDIT
Bastien
 
Posts: 5
Joined: Sun Oct 31, 2010 10:10 am


Return to General File-Sharing Discussion

Who is online

Users browsing this forum: No registered users and 3 guests

© 2001-2008 Slyck.com