The 5 second rule: signal analysis for the CIA to chew on
The only thing political about this post is the underlying nature of the strange world we live in. The backdrop is a web server that sends out unique URLs that are tied to the IP requesting them. A recent request for just such a thing showed up in my error logs today:
[Mon Jul 13 04:34:25 2009] [error] [client 126.96.36.199]
For those who can't be bothered to whois that IP, it belongs to China Mobile Communications Corporation. Not particularly suspicious, all things considered. What gets interesting is when a request comes immediately afterwards, to the same URL that only the 188.8.131.52 client should have had:
[Mon Jul 13 04:34:30 2009] [error] [client 184.108.40.206]
Again, whois will tell you that IP belongs to Emirates Telecommunications Corporation. So someone in the Dubai area has a close network tie with someone in the Beijing area. The geek in me thinks it's just a botnet looking for new hosts to spam with, but the paranoid jingoist in me thinks the pattern is troubling.