All,
While it could be said that there are operational tidbits in some of
the messages regarding InterCage and Atrivo, the discussion has veered
off into various conversations including legalities and the Internet
death penalty.
While many of these topics are valid discussion points, they are not
Anyone have a measurement so that we can see the impact and give
Intercage some credit and set a baseline, regardless of how they got
there, and move on?
-M<
[EMAIL PROTECTED] writes:
> It could also be argued that pushing this activity into multiple
> legal jurisdictions just makes it darn near impossible for law
> enforcement to take any action.
and you'd be able to measure this exactly how? instead of two
prosecutions a year that lead to plea barg
> It could be argued (since _is_ the North American Network
> Operators Group) that pushing this sort of criminal activity
> _out_ of North America is a good First Step to be able to
> better manage the situation.
It could also be argued that pushing this activity into multiple
legal jurisd
Hi,
On Wed, 2008-09-24 at 19:39 -0700, Scott Weeks wrote:
>
> --- [EMAIL PROTECTED] wrote:
> From: William Pitcock <[EMAIL PROTECTED]>
>
> > I didn't whine.
>
> No, but others have, and it isn't helpful towards resolving this
> problem.
>
>
>
> I also
--- [EMAIL PROTECTED] wrote:
From: William Pitcock <[EMAIL PROTECTED]>
> I didn't whine.
No, but others have, and it isn't helpful towards resolving this
problem.
I also wrote you that in private, but you decided to make it public without
asking me.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 7:02 PM, Laurence F. Sheldon, Jr.
<[EMAIL PROTECTED]> wrote:
>
> Apprehending criminals is the Law's job.
>
> My job is making sure they don't deal that sh*t in MY parkinglot.
>
Exactly.
It could be argued (since _is_ the Nor
On Wed, Sep 24, 2008 at 07:12:31PM -0500, William Pitcock wrote:
> That said, they should have dropped Esthost before it got that big, but
> they didn't.
Didn't you notice that the quoted material was from *three years ago*?
And this problem didn't begin three years ago, either. For example:
>
On Wed, 24 Sep 2008, William Pitcock wrote:
No, but others have, and it isn't helpful towards resolving this
problem.
Ultimately, neither is forcing them off the internet. Well, in
actuality, that resolves part of the problem, but I suspect that a lot
of the affected cybercrime has moved to othe
Christopher Morrow wrote:
On Wed, Sep 24, 2008 at 9:50 PM, William Pitcock
<[EMAIL PROTECTED]> wrote:
The solution here is to go after the *people* who make this crap. They
*are* breaking the law and we have the proof.
agreed... but keep in mind 'breaking the law' is relative... So, CP is
ill
On Wed, Sep 24, 2008 at 9:50 PM, William Pitcock
<[EMAIL PROTECTED]> wrote:
> The solution here is to go after the *people* who make this crap. They
> *are* breaking the law and we have the proof.
agreed... but keep in mind 'breaking the law' is relative... So, CP is
illegal in the US, but maybe
Hi,
On Wed, 2008-09-24 at 17:54 -0700, Scott Weeks wrote:
>
> --- [EMAIL PROTECTED] wrote:
> I have also noticed that most of the people doing the whining aren't
> even the people who are tracking the problem. Again, a case of the NANOG
> story verses the real story...
> -
internet:
>
> ---
> > If I had the ability... I would cut Esthost as a
> > client... But, in doing so, it causes nearly a
> > quarter if not half of the company's monthly
> > revenue to be cut. That is not too good of a move
>
Paul Wall wrote:
You're not very good at this are you? For future reference, when
you're trying to pretend like you've cleaned up your act and someone
asks you why your second largest cyber criminal customer is no longer
on your network, you say "we kicked them off for abuse too", not "they
left
On Wed, Sep 24, 2008 at 12:13 AM, Russell Mitchell <[EMAIL PROTECTED]> wrote:
> Hello Paul,
>
> Those are their IP Blocks. We were simply routing them, as they were our
> client.
> They've owned these blocks for quite a while. They seem to have moved that
> after a day of being down.
You're not
es nearly a
> quarter if not half of the company's monthly
> revenue to be cut. That is not too good of a move
> nor reasonably possible ;)
>
> People consider Atrivo/InterCage to be some abuse
> supporting company...
>
> If only any of you knew what the position
Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real dedication to
find out whats *actually* going on.
We did, and now we're solving the problem.
Andrew
ars". And do note the rationale
(below) for the refusal to shut them down.
> From [EMAIL PROTECTED] Sun Sep 4 13:58:23 EDT 2005
> Newsgroups: news.admin.net-abuse.blocklisting
> From: [EMAIL PROTECTED]
> Subject: Re: Atrivo/InterCage Abuse
> Approved: N
Very well said.
James
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 5:23 AM
To: nanog@nanog.org
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
> It is clear to me -- at least -- that this entire crimi
> Hello Joe,
>
> If we can't power down the machine, due to evidence loss. We
> can't nullroute the IP, as stated, some malware will delete
> itself or alter itself when Net Access is lost.
> Now we can filter a single port, in the case of spam, phishing, etc?
You can do whatever you need to, o
TECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow <[EMAIL PROTECTED]>;
nanog@nanog.org; Joe Greco <[EMAIL PROTECTED]>
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upst
rCage, Inc.
- Original Message
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: nanog@nanog.org
Sent: Wednesday, September 24, 2008 2:23:01 AM
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
> It is clear to me -- at least -- that this entire criminal
>
> It is clear to me -- at least -- that this entire criminal
> operation is being operated out of Eastern Europe, and their
> foothold in the U.S. is the major issue here.
If you believe that this is a criminal operation then you
should keep this discussion OFF THE LIST and discourage
anyone fro
From what I see now from the claims your making, that day may not
>> come soon.
>>
>> Thank you for your time. Have a great day.
>> ---
>> Russell Mitchell
>>
>> InterCage, Inc.
>>
>> - Original Message
>> From: Mark Foo <[EMA
t; To: Russell Mitchell <[EMAIL PROTECTED]>
> Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow <
> [EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco <
> [EMAIL PROTECTED]>
> Sent: Wednesday, September 24, 2008 1:14:01 AM
> Subject: Re: YAY! Re: Atriv
Hi!
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
[EMAIL PROTECTED] ~]# dig estdomains.com
; <<>> DiG 9.5.0-P2 <<>> estdomains.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOE
Mitchell
InterCage, Inc.
- Original Message
From: Mark Foo <[EMAIL PROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow <[EMAIL PROTECTED]>;
nanog@nanog.org; Joe Greco <[EMAIL PROTECTED]>
Sent: Wed
Russell,
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
Why are you only now shutting them down?
Thank you for proving that our research was not for naught, and that
Atrivo/Intercage is a black hat operation which
se explain this:
http://www.spamhaus.org/news.lasso?article=636
Without exception, all of the major security organizations on the
Internet agree that the 'Home' of cybercrime in the western world is a
firm known as Atrivo/Intercage, based in California. We ourselves have
not come t
eco <[EMAIL PROTECTED]>
Sent: Wednesday, September 24, 2008 12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just being coy -- what you don't understand is there are about 3 other
security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:27 AM, Mark Foo <[EMAIL PROTECTED]> wrote:
> Answer Ferg's question -- Why are you moving to CERNAL? Do you think this
> is going to work? That's just another of Emil's networks.
>
Actually, I was not being coy.
Okay, mayb
; We're on a rocky road right now. But it IS starting to smooth out.
>
> Thank you for your time. Have a great day.
> ---
> Russell Mitchell
>
> InterCage, Inc.
>
>
>
> - Original Message ----
> From: Mark Foo <[EMAIL PROTECTED]>
> To: Bruce Will
ROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: nanog@nanog.org
Sent: Wednesday, September 24, 2008 12:20:59 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:12 AM, Russell Mitchell <[EMAIL PROTE
you
> will understand it IS the truth.
>
> Prove me wrong, PLEASE.
AS27595, and all prefixes which you advertise, will be ultra-scrutinized.
You can be sure that you, and many others, will know if & when criminal
activity re-appears inside prefixes hosted by Atrivo/Intercage.
T
-
Russell Mitchell
InterCage, Inc.
- Original Message
From: Pedram M <[EMAIL PROTECTED]>
To: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:38:54 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM
t;
Cc: Christopher Morrow <[EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco <[EMAIL
PROTECTED]>
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
NANOG:
Look, the people posting here who are trashing Intercage are pure security
an
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM, Paul Ferguson <[EMAIL PROTECTED]>wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell <[EMAIL PROTECTED]>
> wrote:
>
>
> > Sorry I didn't make this clear enough in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell <[EMAIL PROTECTED]>
wrote:
> Sorry I didn't make this clear enough in the previous responses.
>
> The prefixes that are registered to Inhoster belong to Esthost.
> I'm not sure how or why you think t
ROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:11:39 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson <[EMAIL PROTECTED]&
On Sep 23, 2008, at 8:12 PM, Joe Greco wrote:
Which is not acceptable. You answer your abuse complaints, you shut
down your spammers. Period, end of subject.
That's a bit '90's. I'll settle for s/answer/handle/, because I don't
think that most sites are willing to actually discuss abuse issu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson <[EMAIL PROTECTED]>
wrote:
> On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell <[EMAIL PROTECTED]>
> wrote:
>
>> I believe the blocks your referring to are their 85.255 Blocks?
>> Registered to "InHoste
NANOG:
Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
INTERCAGE
-- you are effectively aiding and abetting the enemy.
Intercage/Atrivo hosts the malware c&c botnets that DDoS your sy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell <[EMAIL PROTECTED]>
wrote:
> I believe the blocks your referring to are their 85.255 Blocks?
> Registered to "InHoster". I believe those prefixes are an entity of
> their's, though I don't know for su
co <[EMAIL PROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 8:20:18 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
> Hello All,=0A=A0=0AIt seems you all missed the memo.=0AAs of about 11PM PST=
> Last night 09/22/0
associated with our company.
Thank you for your time. Have a great day.
---
Russell Mitchell
InterCage, Inc.
- Original Message
From: Paul Ferguson <[EMAIL PROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 9:22:0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It may be true that Estdomains has moved a couple of the external-facing a
hosting hosts into the a Netherlands hosting provider in conjunction with
this whole situation -- folks are watching very carefully.
estdomains.com A 94.102.49.3
storefront.est
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Russ,
While I think that is great and everything, can you explain why Cernel is
now originating prefixes which were originally originated by
Atrivo/Intercage?
I'd be curious as to your explanation.
Thanks,
- - ferg
On Tue, Sep 23, 2008
Apologies, Yahoo was set to "Rich Text" :(
-
Hello All,
It seems you all missed the memo.As of about 11PM PST
Last night 09/22/08, Esthost has been ENTIRELY Shutdown.
They no longer have ANY Machine on my network.
I'm currently starting to monitor some of the public media, such as google,
using bolt cutters on cables has a certain satisfaction...
On Tue, Sep 23, 2008 at 8:23 PM, Christopher Morrow
<[EMAIL PROTECTED]> wrote:
> On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco <[EMAIL PROTECTED]> wrote:
>
>> I would suggest a different Step 1. Instead of killing power, simply
>> isolate t
On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco <[EMAIL PROTECTED]> wrote:
> I would suggest a different Step 1. Instead of killing power, simply
> isolate the affected machine. This might be as simple as putting up a
> firewall rule or two, if it is simply sending outgoing SMTP spam, or
it's proba
=0A=0AThank you for your tim=
> e. Have a great day.=0A=A0---=0ARussell Mitchell=0A=0AInterCage, Inc.=0A=0A=
> =0A=0A- Original Message =0AFrom: Paul Wall <[EMAIL PROTECTED]>=
> =0ATo: Mark Foo <[EMAIL PROTECTED]>=0ACc: [EMAIL PROTECTED]: Tues=
> day, September 23, 2008 5:46
Wall <[EMAIL PROTECTED]>=
> =0ATo: Mark Foo <[EMAIL PROTECTED]>=0ACc: [EMAIL PROTECTED]: Tues=
> day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
> : NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
> UnitedLayer.=0A=0AI'
> On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
> > I also don't believe Intercage was complicit in any
> > net-crime; Thats not to say it didn't exist, but more along the lines
> > of they got lost in the noise of running a business.
>
> Which is not acceptable. You answer
great day.=0A=A0---=0ARussell Mitchell=0A=0AInterCage, Inc.=0A=0A=
=0A=0A- Original Message =0AFrom: Paul Wall <[EMAIL PROTECTED]>=
=0ATo: Mark Foo <[EMAIL PROTECTED]>=0ACc: [EMAIL PROTECTED]: Tues=
day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
:
On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
I also don't believe Intercage was complicit in any
net-crime; Thats not to say it didn't exist, but more along the lines
of they got lost in the noise of running a business.
Which is not acceptable. You answer your abuse comp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, their management team is listed here:
http://www.unitedlayer.com/team.html
- - ferg
On Tue, Sep 23, 2008 at 5:46 PM, Paul Wall <[EMAIL PROTECTED]> wrote:
> Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
>
> I'd contact them, onl
Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
I'd contact them, only they seem to change CTOs every month or two,
does anybody know who's currently in charge?
Thank you, and Drive Slow,
Paul Wall
http://www.giantitp.com/comics/oots0595.html
I think that sums up this thread.
On Tue, 23 Sep 2008, Joe Greco wrote:
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in
running it
I have no dog in this fight
> On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
> > Intercage is not a big shop, there are very few people involved in
> > running it
>
> I have no dog in this fight, but I would comment on the "small shop"
> issue as it relates to handling abuse complaints.
>
> I own a
On Sun, Sep 21, 2008 at 12:46:54PM -0700, Emil Kacperski wrote:
> Hey James,
>
> That's the worst part in all this, so many been with me for years!? I just
put my fate into companies I shouldn't have.
Emil:
Yes, they have been with you for years -- it's quite unfortunate, such great
customers.
T
On Mon, Sep 22, 2008 at 05:50:58PM -0400, Christopher Morrow wrote:
> actually, I think PIE sees this route from 6461 and passes it along
> probably because they didn't update the filters on their sessions when
> they dropped the links to 27595 :(
Has anyone actually confirmed that the link is dro
On Mon, Sep 22, 2008 at 5:48 PM, Christopher Morrow
<[EMAIL PROTECTED]> wrote:
> On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations)
> <[EMAIL PROTECTED]> wrote:
>> I also noticed AS paths like this:
>> * 69.22.162.0/23 701 2914 32335 6461 23342 27595 i
>>
>> I'm not sure whats going
On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations)
<[EMAIL PROTECTED]> wrote:
> On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
>> So... apparently AS27595 is back on the air, with aspath's like:
>> 6461 23342 27595
>> 6539 23342 27595
>> 8075 23342 27595
>>
>> 233
On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
> So... apparently AS27595 is back on the air, with aspath's like:
> 6461 23342 27595
> 6539 23342 27595
> 8075 23342 27595
>
> 23342 == UnitedLayer, Tom isn't that you or is that another
> Tom I'm remembering?
Yep, same Tom, I
On Mon, Sep 22, 2008 at 5:17 PM, Christopher Morrow
<[EMAIL PROTECTED]> wrote:
> So... apparently AS27595 is back on the air, with aspath's like:
>
> 6461 23342 27595
> 6539 23342 27595
> 8075 23342 27595
>
> 23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm
> remembering?
ah! s
So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595
6539 23342 27595
8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?
-Chris
On Mon, Sep 22, 2008 at 04:48:16PM -0400, Drew Linsalata wrote:
> I have no dog in this fight, but I would comment on the "small shop"
> issue as it relates to handling abuse complaints.
>
> I own a small colo/hosting shop too. We don't have many employees.
> If we had to deal with so many a
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real
dedication to
find out whats *actually* going on.
Tom,
Atrivo is not just a spammer, and Intercage ha
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in
running
it
I have no dog in this fight, but I would comment on the "small shop"
issue as it relates to handling abuse complaints.
I own a small colo
Just to add my $0.02 to this discussion and a disclaimer - I've known
Emil for years, I've seen his shop and even the controversy.
200 Paul is a small community, and most of the folks in there know
eachother, I've been in there since 2001 or so.
Intercage is not a big shop, there are very few peo
Emil,
If you've actually shut off the RBN, you should have no problem
finding some new transit to turn up, right?
We're in a buyer's market, and there are dozens of vendors on-net at
200 Paul who'd love a piece of your business.
Drive Slow,
Paul Wall
On Sun, Sep 21, 2008 at 3:20 PM, Emil Kacper
; Russell Mitchell
> InterCage, Inc.
>
> P.S. I just realized all my responses to earlier people like Gadi and
> them were direct and not cc to NANOG. Will "Reply to all" now :)
>
> - Original Message ----
> From: Matt Jonkman <[EMAIL PROTECTED]>
> To: Ru
From: Matt Jonkman <[EMAIL PROTECTED]>
To: Russell Mitchell <[EMAIL PROTECTED]>
Cc: nanog@nanog.org
Sent: Sunday, September 21, 2008 4:02:15 PM
Subject: Re: Atrivo/Intercage: NO Upstream depeer
Russell Mitchell wrote:
> -
>
> Matt:
> It's very sad that your PR
ti-abuse community
that smelling fresh air. If you knew where you head was, and where it
should be, maybe this conversation and the happenings in the recent
week would have actually gave benefit to the internet in whole.
Atrivo/Intercage is off the Internet. That sounds like Mission
Accomplished to me.
I'm done now, there's clearly nothing I can do to impart a clue here.
Andrew
Russell Mitchell wrote:
> -
>
> Matt:
> It's very sad that your PROUD of you contribution to the supposed "white
> paper" on our company. I'd like to know, was any of your "contribution" to
> the report altered, or mis-represented, or are you truly unaware of how false
> the information you
Gadi Evron wrote:
On Sun, 21 Sep 2008, Russell Mitchell wrote:
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk
about all of the SBL Listings, all of the DNSBL Listings, and all of
the abuse on our network has never had action taken.
"Don't kick someone w
Russell Mitchell wrote:
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all of
the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.
-
In Spamhaus' article, they did a history of more then ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Gadi Evron <[EMAIL PROTECTED]> wrote:
>>>
>>> http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
>>>
>>
>> While this is 'good' news, don't be foooled -- many of these prefixes
>> have been migrated elsewhere, much the same way crim
On Sun, 21 Sep 2008, Russell Mitchell wrote:
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all of
the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.
"Don't kick someone when they are down".
Russell,
I really think Atrivo/Intercage has been doing great after reports
and community public action. I'm still puzzled as to the why they are still
targetting you? I have a few friends who have machines with you so and they
run legitimate companies with over 4 machines.
William:
To date, I have never heard of the "DroneBL". I have NEVER received any report
from any entity referring to that. The last report for a bot on our network was
an EggDrop bot a week or so ago. The report was from the IRC Network Operator,
and asked to have it removed from his network bec
On Sun, 21 Sep 2008, Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "James Thomas" <[EMAIL PROTECTED]> wrote:
Hmmm Seems Pacific bit the bullett around 2:25 est all annoucements were
dropped.
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
While th
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all of
the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.
-
In Spamhaus' article, they did a history of more then ?350? SBL Listings for
our
Emil Kacperski wrote:
> Don't believe everything you read. I have unfortunately been a target over
> the years
> because I rented machines to Esthost. But the stories made up are way out
> there.
> It's all very easy a dedicated server / customer relationship - nothing more.
I don't have to be
Greetings,
I can further vouch for this... an unusually large amount of botnets
reported to DroneBL have command and control servers on Atrivo's
network.
With the amount of listings and reports I get, it is obvious that Atrivo
does not care about the abuse@ inbox... which is unfortunate.
William
Considering the years of abuse, DNSBL listings, ROKSO listings, further
abuse, and silence at the abuse switch, I _CERTAINLY_ would not send
Atrivo abuse reports, I would send them to the upstreams instead.
Considering the almost 40 page white paper produced last month on the
abuse from Atrivo
On Sep 21, 2008, at 4:21 PM, Emil Kacperski wrote:
Don't believe everything you read.
Most excellent advice.
[SNIP]
--
TTFN,
patrick
Matt,
Don't believe everything you read. I have unfortunately been a target over the
years
because I rented machines to Esthost. But the stories made up are way out
there.
It's all very easy a dedicated server / customer relationship - nothing more.
Never did I ignore anymore from the abuse c
Had you responded to the hundreds of abuse complaints over the years
this would not have happened.
Sorry, no sympathy for you or the customers not smart enough to move
over the last few years of very overt negative news about you.
Matt
Emil Kacperski wrote:
> Hey James,
>
> That's the worst par
Hey James,
That's the worst part in all this, so many been with me for years! I just put
my fate into companies I shouldn't have. NLayer was bought and Liteup held
control of the SF pop, who is fully at the mercy of NLayer / ServerCentral.
WVFiber was bought by Host.NET and Randy simply made
Emil Kacperski wrote:
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a few weeks
now. The only thing I believe is that NTT gave lots of pressure to
PIE. For some unknown reason when I tried to reach out to the
secur
From: Emil Kacperski [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 21, 2008 3:20 PM
To: nanog@nanog.org
Subject: Re: Atrivo/Intercage: NO Upstream depeer
Hello,
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a
Hello,
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a few weeks now. The
only thing I believe is that NTT gave lots of pressure to PIE. For some
unknown reason when I tried to reach out to the security guy at NTT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "James Thomas" <[EMAIL PROTECTED]> wrote:
>Hmmm Seems Pacific bit the bullett around 2:25 est all annoucements were
>dropped.
>
>http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
>
While this is 'good' news, don't be foooled -- ma
Hmmm Seems Pacific bit the bullett around 2:25 est all annoucements were
dropped.
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
I would ask for comment by Intercage staff but they don't have email. Emil
is unresponsive via phone,
James
On Sep 17, 2008, at 4:07 PM, David Ulevitch wrote:
Patrick W. Gilmore wrote:
On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote:
At the end of the day, nobody is going to drop packets for
amazon's IP space.
I'm afraid reality disagrees with you - there already are networks
doing it.
Being
On 17 Sep 2008, at 18:32, David Ulevitch wrote:
At the end of the day, nobody is going to drop packets for amazon's
IP space.
I have a customer that sells online, and is dropping stuff from ec2
today due to abuse.
Andy
It exists but not in bgp form - http://www.spamhaus.org/drop/
Dont Route Or Peer
srs
On Wed, Sep 17, 2008 at 7:01 PM, Gadi Evron <[EMAIL PROTECTED]> wrote:
> On Wed, 17 Sep 2008, Skywing wrote:
>>
>> Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
>> strictly bogons (
day, September 17, 2008 11:27 AM
> To: nanog@nanog.org
> Subject: Re: Atrivo/Intercage: Now Only 1 Upstream
>
> Lamar Owen wrote:
> > On Wednesday 17 September 2008 13:34:22 Patrick W. Gilmore wrote:
> >> On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote:
> >&g
On Wed, 17 Sep 2008, David Ulevitch wrote:
Reputation based on src_addr is /so/ 2005. ASN has a few more legs
perhaps... but...
All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid,
etc.) makes any system based around IP reputation decidedly less useful.
At the end of
1 - 100 of 154 matches
Mail list logo
