Re: [botnets] Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd)

Sat, 30 Aug 2008 06:29:39 -0700 

From: Marc Sachs <[EMAIL PROTECTED]>
To: 'Gadi Evron' <[EMAIL PROTECTED]>
Subject: RE: Washington Post: Atrivo/Intercage,
    why are we peering with the American RBN?

Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
good-bye to Atrivo/Intercage), it looks like they are no longer their
upstream:

http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0

Marc
SANS ISC


-----Original Message-----
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, August 29, 2008 4:02 PM
To: [EMAIL PROTECTED]
Subject: Washington Post: Atrivo/Intercage, why are we peering with the
American RBN?

Hi all.

This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as
_major.html

In it, Brian Krebs discusses the SF Bay Area based Atrivo/Intercage, which
has been long named as a bad actor, accused of shuffling abuse reports to
different IP addresses and hosting criminals en masse, compared often to
RBN in maliciousness. "The American RBN", if you like.

1. I realize this is a problematic issue, but when it is clear a network
is so evil (as the story suggests they are), why are we still peering with
them? Who currently provides them with transit? Are they aware of this
news story?

If Lycos' make spam not war, and Blue Security's blue frog were ran out of
hosting continually, this has been done before to some extent. This
network is not in Russia or China, but in the silicon valley.

2. On a different note, why is anyone still accepting their route
announcements? I know some among us re-route RBN traffic to protect users.
Do you see this as a valid solution for your networks?

What ASNs belong to Atrivo, anyway?

Anyone has more details as to the apparent evilness of Atrivo/Intercage,
who can verify these reports? As researched as they are, and my personal
experience aside, I'd like some more data before coming to conclusions.

Hostexploit released a document [PDF] on this very network, just now,
which is helpful:
http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemi
d=15

        Gadi.
_______________________________________________
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to