Hello Paul, Those are their IP Blocks. We were simply routing them, as they were our client. They've owned these blocks for quite a while. They seem to have moved that after a day of being down.
I haven't been monitoring their blocks, and made the decision Sunday Night that they were no longer going to be allowed on our network. I believe the blocks your referring to are their 85.255 Blocks? Registered to "InHoster". I believe those prefixes are an entity of their's, though I don't know for sure. Perhaps ask them? Cernel is their own ASN. It's not associated with our company. Thank you for your time. Have a great day. --- Russell Mitchell InterCage, Inc. ----- Original Message ---- From: Paul Ferguson <[EMAIL PROTECTED]> To: Russell Mitchell <[EMAIL PROTECTED]> Cc: nanog@nanog.org Sent: Tuesday, September 23, 2008 9:22:03 PM Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Russ, While I think that is great and everything, can you explain why Cernel is now originating prefixes which were originally originated by Atrivo/Intercage? I'd be curious as to your explanation. Thanks, - - ferg On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <[EMAIL PROTECTED]> wrote: > Apologies, Yahoo was set to "Rich Text" :( > > ----- > > Hello All, > > It seems you all missed the memo.As of about 11PM PST > Last night 09/22/08, Esthost has been ENTIRELY Shutdown. > They no longer have ANY Machine on my network. > > I'm currently starting to monitor some of the public media, such as > google, DroneBL, as well as several Anti-Malware community websites for > abuse. Being that Esthost is now entirely GONE, we should not have any > further issues. In the case that something does arise, such as an > exploited host, we're currently developing a game plan for response to > the issues. > > To make the best effort towards combatting abuse on our network, here's > what I have planned so far for ANY Type of abuse: Step 1, Suspend Power > to the affected machine. > Step 2, Call/Email the client whom the affected machine is leased to. > Step 3, Allow the client the option to investigate the machine further > (Nullroute access via KVM)= Step 4, Verify the reported content, domain, > user, or exploit is patched/eliminated from the machine. Step 5, Remove > the Nullroute. Allow the machine to return to the network. > > Any comments? This is the result of a zero tolerance policy regarding > abuse. > > If it's clear that the server owner is the cause of the abusive material > etc, the client will then be immediately cancelled. No questions. It > seems that this approach will be the best supported by the anti-abuse > communities, so please let me know your input. > > Thank you for your time. Have a great day. > > --- > Russell Mitchell > InterCage, Inc. > > > > > > -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2cBUq1pz9mNUZTMRAtbAAJwKk/H/9Pz4YelIgnYvtuCCDhmuswCfcrfV PTUD/SyPo8+zHpACucRPqk4= =+rwg -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
