Looking for any intel on this operation as I'm seeing quite a bit of roque stuff coming from ChinaCache.
1:46 am on Jul 13, 2012 (gmt 0)
This is what I have for ChinaCache:
126.96.36.199 - 188.8.131.52 184.108.40.206/20
220.127.116.11 - 18.104.22.168 22.214.171.124/20
126.96.36.199 - 188.8.131.52 184.108.40.206/15
These ranges all earned their block through various bad behavior, however I cannot define exactly what the term ChinaCache means. Is it truly a caching service used by valid networks similar to AOL? Or is it an anything goes term more like YahooCache that gets sold to the highest bidder?
1:50 am on Jul 13, 2012 (gmt 0)
Yeowch! I'd only got them down for 69.28.58. The whole 48/20 eh?
I have never had the slightest idea what ChinaCache does. (Does anyone?) I just ban 'em on principle.
2:12 am on Jul 13, 2012 (gmt 0)
Here's another CHINACACHE-2 (NET-209-177-80-0-1) 220.127.116.11 - 18.104.22.168
Believe they are just server farms.
The lower ip of keyplr's frst range is a sub-net to a North American based corp: NeuSky Technologies Inc CNA-LA-NSK-001 (NET-65-255-32-0-2) 22.214.171.124 - 126.96.36.199
I actually had two IP ranges for them, didn't know about the others.
Off to install the Great Firewall of ChinaCache
10:04 pm on Jul 14, 2012 (gmt 0)
Not sure how true this is - there is some indication it may be a panic attack. From memory and checking back on earlier threads hereabouts (see above) I think Huawei is involved with chinacache - they were certainly involved with talktalk.
"...former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations."
IF it is true then we're doomed. Not that the internet isn't a total mess anyway, with almost every phone, web browser, web tool and general computer software full of compromises and loopholes and its very protocol complete exploitable rubbish. Reports that USA-overflying drones will soon be seen and have major exploit holes; even our (UK) electricity meters will soon be internetted and then we're really stuffed. :(
12:26 am on Jul 15, 2012 (gmt 0)
If you really want to be paranoid, think only of what proportion of your home electronics was made in China ;)
Or look for something that was not made in China. That's faster.
7:45 pm on Jul 15, 2012 (gmt 0)
But most of my home electronics was a) built before China became a source for such things and b) only the computers (currently) connect to the internet. :)
3:32 pm on Aug 26, 2012 (gmt 0)
Further to Chinacache:
I noticed a bad hit today on an IP range new to me...
This resolved to ChinaCache in China, declared in DNS in short sub-ranges. It may not be an offensive botrunner, although the actual hit had a bad UA and hit half a dozen times in the past 6 weeks, but I've tagged the full range as "servers" through nostalgia. :)
IP: 223.202.8.nn UA: Mozilla/4.76 [en] (Windows NT 5.0; U) (Netscape on Windows 2000?)
DNS gives: Beijing Blue I.T Technologies Co.,Ltd. Galaxy Building,No.10 jiuxianqiao ,chaoyang District,beijing Please contact (name)@chinacache dot com if you have any Questions regarding this object.
9:15 pm on Aug 26, 2012 (gmt 0)
:: detour to htaccess ::
Ouch! Thanks for that. I thought I'd blocked everything from China sized /16 on up but somehow missed most of 223.
Pity about those blasted Australians, or English-language sites could just block APNIC in merry /8 slabs ;)
8:57 pm on Aug 27, 2012 (gmt 0)
I find there are good and bad chinese ranges. Some give me no trouble, other ranges are continually having IPs blocked.
Best I can come up with at present is by district. Some chinese districts seem - not lawless, perhaps, but at least careless at getting infected.
My response is to block all (known) chinese ranges on some sites but let other sites fend for themselves (obviously depending on various other traps set). If a range gets a high blocked-IP count the /16 or whatever is banned completely.
I do try to be fair. :)
Re: /8 blocking - I think IANA have a lot to answer for. Along with most internet practices and protocols, it's not very clever. Somewhere around the mid-1990s it should all have been scrapped and proper mechanisms, ranges, protocols etc put in place. Bit late, now, although ipv6 may answer a few minor criticisms. Plus ALL DNS registrations should be forced to declare purpose (DLS, server etc) and NO IP range should be registered using hotmail/gmail/yahoo/etc addresses (unless, obviously, the range belongs to those companies). And ALL companies should be compelled to declare their mail server IPs so I can whitelist the darn things. Etc. :(
7:10 pm on Aug 28, 2012 (gmt 0)
Hello from a blasted Australian. :)
Until the late 1990s we had AUNIC with its own delegated super slice of 203 (188.8.131.52 - 184.108.40.206 IIRC), so detecting an Aussie was reasonably easy. There were still a few webmasters that thought blocking 220.127.116.11/8 was the easy answer to getting rid of Chinese IPs, though.
Things are nowhere near as simple these days now that APNIC allocates IPs for members located throughout the entire Asia Pacific region, so blocking Chinese or other unwanted asian IPs needs to be done on a per allocation basis.
FWIW I've been having lots of problems with scrapers from Chinese IPs that present a 'zh' (Chinese) browser language. I set up my auto-blacklist code (which looks for fingerprints such as loads with blank referers, cookies disabled, or a changing user-agent each fetch) to have a much lower threshold in this case.
7:37 pm on Aug 28, 2012 (gmt 0)
Hello from a blasted Australian.
rowan, The task is much simpler if you just bunch the Aussies and Kiwis into the same group, despite their indifference's ;)
In 2002 the major Class A's were (14|144|20|21|61), (with specific sub-classes) which has changed considerably in a decade. These days the numbers are all over the place.
7:33 pm on Dec 1, 2012 (gmt 0)
New ChinaCache range today:
18.104.22.168 - 22.214.171.124 ChinaCache North America, Inc
8:45 pm on Dec 1, 2012 (gmt 0)
Per Wiki: ChinaCache is a content delivery, streaming media, cloud computing service provider in China.
8:57 pm on Dec 1, 2012 (gmt 0)
126.96.36.199 US Los Angeles, California, United States9001534.0396, -118.2661