In a recent post, Brian Krebs discussed a technique for disrupting
8chan, a controversial message board. Ron Guilmette, a security
researcher, spotted that N.T. Technology, the hosting company owned by 8chan’s
current operator, no longer has the right to transact business as it is in the
“administrative hold” state. ARIN, the Internet registry N.T. Technology
obtained its IP address allocation from, would be within its rights to
reclaim the IP address space.

Ron Guilmette is an expert in this type of analysis – last year he discovered
the theft of $50 million worth of IP addresses in AFRINIC’s
service region.

However, taking down 8chan is unlikely to be as simple as requesting that ARIN
deallocates its IP adddress space. After deallocation, the IP addresses may
continue to be advertised as fullbogons – netblocks that are used on
the Internet despite not being assigned to an end user. While some Internet
service providers do block fullbogons, this is by no means universal.

Furthermore, 8chan’s main domain name, 8kun.top, is not
currently hosted on N.T. Technology’s infrastructure, so would not be affected
by ARIN deallocating N.T. Technology’s address space. It currently resolves to
203.28.246.1, which belongs to a netblock delegated to
VanwaTech. VanwaTech, also known as OrcaTech, is a hosting company
based in Vancouver, Washington and owned by Nick Lim. Nick Lim
previously served as the CTO of Epik for a short period of time, a hosting
company that briefly hosted 8chan after Cloudflare terminated its
contract with 8chan.

Diagram showing 8chan’s hosting infrastructure

VanwaTech’s netblock is also home to:

VanwaTech operates its own autonomous system (AS398088), whose
only upstream provider is Spartan Host Ltd
(AS201106), a hosting company
registered in Northern Ireland with its origins in Minecraft
server hosting.

Measuring the round-trip time from a RIPE Atlas probe known to be
located in Sabey’s Intergate.Seattle datacentre to 8chan’s IP reveals
that 8chan is hosted just 0.501 milliseconds away – less than 31
miles at the typical speed of light in an optical fibre, and likely to be
significantly closer after taking packet switching delays into account.

Map showing the region 8chan’s IP address is located within

One of Spartan Host’s colocation providers is
Wowrack, which is also based in Sabey’s Seattle datacentre.
Combined with the short round-trip time, it is likely that VanwaTech, and
therefore 8chan, is also located in Sabey’s datacentre.

While Spartan Host has several transit providers, it currently only advertises
VanwaTech’s route to DDoS-Guard (AS57724), a
Russian denial-of-service protection company that also provides service to the
Club2CRD and Joker’s Stash carding sites. Spartan
Host started routing VanwaTech’s traffic via DDoS-Guard after
CNServers terminated its relationship with Spartan Host
upon discovering its links to 8chan.

VanwaTech’s founder, Nick Lim, believes that controversial sites like 8chan
should not be taken down, citing freedom of speech. Similarly,
Spartan Host’s founder, Ryan McCully, confirmed he has no intention of
terminating his relationship with VanwaTech in an interview with Brian
Krebs. Given reported links between Russia and QAnon,
it seems unlikely that DDoS-Guard will come under pressure within Russia for
providing transit to 8chan.

However, it is likely that Spartan Host violates
Wowrack’s acceptable usage policy, which states that the
“transmission […] of content or technology that is illegal, harmful,
offensive, defamatory or abusive is prohibited”. It isn’t clear if Wowrack and
Sabey are aware of Spartan Host’s relationship with 8chan.

Netcraft’s Site Report service can be used to track the hosting
location of all sites as they move around, not just 8chan.

Similar Posts