This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html
I have some thoughts relating more to network operations, but some of you
may be interested in following up on this.
In the story, Brian Krebs discusses the SF Bay Area based
Atrivo/Intercage, which has been long named as a bad actor, accused of
shuffling abuse reports to different IP addresses and hosting criminals
en masse, compared often to RBN in maliciousness. "The American RBN", if
you like.
1. I realize this is a problematic issue, but when it is clear a network is so
evil (as the story suggests they are), why are we still peering with them? Who
currently provides them with transit? Are they aware of this news story?
If Lycos' make spam not war, and Blue Security's blue frog were ran out of
hosting continually, this has been done before to some extent. This network is
not in Russia or China, but in the silicon valley.
2. On a different note, why is anyone still accepting their route
announcements? I know some among us re-route RBN traffic to protect users. Do
you see this as a valid solution for your networks?
What ASNs belong to Atrivo, anyway?
Anyone has more details as to the apparent evilness of Atrivo/Intercage, who
can verify these reports? As researched as they are, and my personal experience
aside, I'd like some more data before coming to conclusions.
Hostexploit released a document [PDF] on this very network, just now, which is
helpful:
http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemid=15
Gadi.
_______________________________________________
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets