The 5 second rule: signal analysis for the CIA to chew on

The only thing political about this post is the underlying nature of the strange world we live in. The backdrop is a web server that sends out unique URLs that are tied to the IP requesting them. A recent request for just such a thing showed up in my error logs today:

[Mon Jul 13 04:34:25 2009] [error] [client 221.178.181.196]

For those who can't be bothered to whois that IP, it belongs to China Mobile Communications Corporation. Not particularly suspicious, all things considered. What gets interesting is when a request comes immediately afterwards, to the same URL that only the 221.178.181.196 client should have had:

[Mon Jul 13 04:34:30 2009] [error] [client 195.229.62.157]

Again, whois will tell you that IP belongs to Emirates Telecommunications Corporation. So someone in the Dubai area has a close network tie with someone in the Beijing area. The geek in me thinks it's just a botnet looking for new hosts to spam with, but the paranoid jingoist in me thinks the pattern is troubling.