[EMAIL PROTECTED] writes:
It could also be argued that pushing this activity into multiple
legal jurisdictions just makes it darn near impossible for law
enforcement to take any action.
and you'd be able to measure this exactly how? instead of two
prosecutions a year that lead to plea
It could be argued (since _is_ the North American Network
Operators Group) that pushing this sort of criminal activity
_out_ of North America is a good First Step to be able to
better manage the situation.
It could also be argued that pushing this activity into multiple
legal
NANOG:
Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
INTERCAGE
-- you are effectively aiding and abetting the enemy.
Intercage/Atrivo hosts the malware cc botnets that DDoS your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson [EMAIL PROTECTED]
wrote:
On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I believe the blocks your referring to are their 85.255 Blocks?
Registered to InHoster. I
On Sep 23, 2008, at 8:12 PM, Joe Greco wrote:
Which is not acceptable. You answer your abuse complaints, you shut
down your spammers. Period, end of subject.
That's a bit '90's. I'll settle for s/answer/handle/, because I don't
think that most sites are willing to actually discuss abuse
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:11:39 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:52 PM, Paul Ferguson [EMAIL PROTECTED]
wrote:
On Tue, Sep 23, 2008
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
Sorry I didn't make this clear enough in the previous responses.
The prefixes that are registered to Inhoster belong to Esthost.
I'm not sure how or why you think those
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM, Paul Ferguson [EMAIL PROTECTED]wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 11:28 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
Sorry I didn't make this clear enough in the previous
Greco [EMAIL
PROTECTED]
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
NANOG:
Look, the people posting here who are trashing Intercage are pure security
analysts -- they
know and understand the evil that is Intercage. STOP TRYING TO ASSIST
.
- Original Message
From: Pedram M [EMAIL PROTECTED]
To: nanog@nanog.org
Sent: Tuesday, September 23, 2008 11:38:54 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Wow, this topic has really gotten old.
On Tue, Sep 23, 2008 at 11:31 PM, Paul Ferguson [EMAIL PROTECTED]wrote:
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:12 AM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I hope soon, people will realise and accept the truth that we are a
LEGITIMATE Company that DOES Operate in the USA. We are NOT directly or
in-directly related to any
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Wednesday, September 24, 2008 12:20:59 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:12 AM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I hope
PROTECTED]
Cc: Christopher Morrow [EMAIL PROTECTED]; nanog@nanog.org; Joe Greco
[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 11:08:21 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
NANOG:
Look, the people posting here who are trashing Intercage are pure security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 12:27 AM, Mark Foo [EMAIL PROTECTED] wrote:
Answer Ferg's question -- Why are you moving to CERNAL? Do you think this
is going to work? That's just another of Emil's networks.
Actually, I was not being coy.
Okay, maybe I
12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just being coy -- what you don't understand is there are about 3 other
security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law
Enforcement might not take action against you (but appear
]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: Bruce Williams [EMAIL PROTECTED]; Christopher Morrow [EMAIL
PROTECTED]; nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 12:27:50 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Ferg was just
Russell,
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
Why are you only now shutting them down?
Thank you for proving that our research was not for naught, and that
Atrivo/Intercage is a black hat operation which needs
From: Mark Foo [EMAIL PROTECTED]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: Bruce Williams [EMAIL PROTECTED]; Christopher Morrow [EMAIL PROTECTED];
nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream
Hi!
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
[EMAIL PROTECTED] ~]# dig estdomains.com
; DiG 9.5.0-P2 estdomains.com
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id:
, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't consider playing both sides of the fence
-- with your
knowledge of who's who in the cyber crime field, you could
PROTECTED]; Christopher Morrow
[EMAIL PROTECTED]; nanog@nanog.org; Joe Greco
[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't
It is clear to me -- at least -- that this entire criminal
operation is being operated out of Eastern Europe, and their
foothold in the U.S. is the major issue here.
If you believe that this is a criminal operation then you
should keep this discussion OFF THE LIST and discourage
anyone from
, Inc.
- Original Message
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: nanog@nanog.org
Sent: Wednesday, September 24, 2008 2:23:01 AM
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
It is clear to me -- at least -- that this entire criminal
operation is being operated out
PROTECTED]; Christopher Morrow [EMAIL PROTECTED];
nanog@nanog.org; Joe Greco [EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 1:14:01 AM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Russell:
Oh I got the memo, you'll be getting served one soon too.
I just wonder why you don't
Hello Joe,
If we can't power down the machine, due to evidence loss. We
can't nullroute the IP, as stated, some malware will delete
itself or alter itself when Net Access is lost.
Now we can filter a single port, in the case of spam, phishing, etc?
You can do whatever you need to, of
Very well said.
James
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 5:23 AM
To: nanog@nanog.org
Subject: RE: YAY! Re: Atrivo/Intercage: NO Upstream depeer
It is clear to me -- at least -- that this entire criminal
operation
) for the refusal to shut them down.
From [EMAIL PROTECTED] Sun Sep 4 13:58:23 EDT 2005
Newsgroups: news.admin.net-abuse.blocklisting
From: [EMAIL PROTECTED]
Subject: Re: Atrivo/InterCage Abuse
Approved: NANAB Moderators [EMAIL PROTECTED]
Injection-Info: f14g2000cwb.googlegroups.com; posting
Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real dedication to
find out whats *actually* going on.
We did, and now we're solving the problem.
Andrew
--- [EMAIL PROTECTED] wrote:
From: Andrew D Kirch [EMAIL PROTECTED]
Basically is what it boils down to for me - its
easy to blame an NSP/ISP/Hoster for what their
clients do, it takes real dedication to find out
whats *actually* going on.
: We did, and now we're solving the problem.
On Wed, Sep 24, 2008 at 12:13 AM, Russell Mitchell [EMAIL PROTECTED] wrote:
Hello Paul,
Those are their IP Blocks. We were simply routing them, as they were our
client.
They've owned these blocks for quite a while. They seem to have moved that
after a day of being down.
You're not very
Hi,
On Wed, 2008-09-24 at 07:06 -0700, Scott Weeks wrote:
--- [EMAIL PROTECTED] wrote:
From: Andrew D Kirch [EMAIL PROTECTED]
Basically is what it boils down to for me - its
easy to blame an NSP/ISP/Hoster for what their
clients do, it takes real dedication to find out
whats
Hi,
On Wed, 2008-09-24 at 17:54 -0700, Scott Weeks wrote:
--- [EMAIL PROTECTED] wrote:
I have also noticed that most of the people doing the whining aren't
even the people who are tracking the problem. Again, a case of the NANOG
story verses the real story...
On Wed, Sep 24, 2008 at 9:50 PM, William Pitcock
[EMAIL PROTECTED] wrote:
The solution here is to go after the *people* who make this crap. They
*are* breaking the law and we have the proof.
agreed... but keep in mind 'breaking the law' is relative... So, CP is
illegal in the US, but maybe not
On Wed, 24 Sep 2008, William Pitcock wrote:
No, but others have, and it isn't helpful towards resolving this
problem.
Ultimately, neither is forcing them off the internet. Well, in
actuality, that resolves part of the problem, but I suspect that a lot
of the affected cybercrime has moved to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Sep 24, 2008 at 7:02 PM, Laurence F. Sheldon, Jr.
[EMAIL PROTECTED] wrote:
Apprehending criminals is the Law's job.
My job is making sure they don't deal that sh*t in MY parkinglot.
Exactly.
It could be argued (since _is_ the North
--- [EMAIL PROTECTED] wrote:
From: William Pitcock [EMAIL PROTECTED]
I didn't whine.
No, but others have, and it isn't helpful towards resolving this
problem.
I also wrote you that in private, but you decided to make it public without
asking me.
Hi,
On Wed, 2008-09-24 at 19:39 -0700, Scott Weeks wrote:
--- [EMAIL PROTECTED] wrote:
From: William Pitcock [EMAIL PROTECTED]
I didn't whine.
No, but others have, and it isn't helpful towards resolving this
problem.
I also wrote you
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in
running it
I have no dog in this fight, but I would comment on the small shop
issue as it relates to handling abuse complaints.
I own a small
http://www.giantitp.com/comics/oots0595.html
I think that sums up this thread.
On Tue, 23 Sep 2008, Joe Greco wrote:
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in
running it
I have no dog in this
Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
I'd contact them, only they seem to change CTOs every month or two,
does anybody know who's currently in charge?
Thank you, and Drive Slow,
Paul Wall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, their management team is listed here:
http://www.unitedlayer.com/team.html
- - ferg
On Tue, Sep 23, 2008 at 5:46 PM, Paul Wall [EMAIL PROTECTED] wrote:
Hold the rejoicing, Atrivo is back, this time on UnitedLayer.
I'd contact them, only
On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
I also don't believe Intercage was complicit in any
net-crime; Thats not to say it didn't exist, but more along the lines
of they got lost in the noise of running a business.
Which is not acceptable. You answer your abuse
Mitchell=0A=0AInterCage, Inc.=0A=0A=
=0A=0A- Original Message =0AFrom: Paul Wall [EMAIL PROTECTED]=
=0ATo: Mark Foo [EMAIL PROTECTED]=0ACc: [EMAIL PROTECTED]: Tues=
day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo
On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
I also don't believe Intercage was complicit in any
net-crime; Thats not to say it didn't exist, but more along the lines
of they got lost in the noise of running a business.
Which is not acceptable. You answer your
5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
UnitedLayer.=0A=0AI'd contact them, only they seem to change CTOs every mon=
th or two,=0Adoes anybody know who's currently in charge?=0A=0AThank you, a=
nd Drive
Wall [EMAIL PROTECTED]=
=0ATo: Mark Foo [EMAIL PROTECTED]=0ACc: [EMAIL PROTECTED]: Tues=
day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
: NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
UnitedLayer.=0A=0AI'd contact them, only they seem
On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco [EMAIL PROTECTED] wrote:
I would suggest a different Step 1. Instead of killing power, simply
isolate the affected machine. This might be as simple as putting up a
firewall rule or two, if it is simply sending outgoing SMTP spam, or
it's probably
using bolt cutters on cables has a certain satisfaction...
On Tue, Sep 23, 2008 at 8:23 PM, Christopher Morrow
[EMAIL PROTECTED] wrote:
On Tue, Sep 23, 2008 at 11:20 PM, Joe Greco [EMAIL PROTECTED] wrote:
I would suggest a different Step 1. Instead of killing power, simply
isolate the
Apologies, Yahoo was set to Rich Text :(
-
Hello All,
It seems you all missed the memo.As of about 11PM PST
Last night 09/22/08, Esthost has been ENTIRELY Shutdown.
They no longer have ANY Machine on my network.
I'm currently starting to monitor some of the public media, such as google,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Russ,
While I think that is great and everything, can you explain why Cernel is
now originating prefixes which were originally originated by
Atrivo/Intercage?
I'd be curious as to your explanation.
Thanks,
- - ferg
On Tue, Sep 23, 2008 at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It may be true that Estdomains has moved a couple of the external-facing a
hosting hosts into the a Netherlands hosting provider in conjunction with
this whole situation -- folks are watching very carefully.
estdomains.com A 94.102.49.3
for your time. Have a great day.
---
Russell Mitchell
InterCage, Inc.
- Original Message
From: Paul Ferguson [EMAIL PROTECTED]
To: Russell Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 9:22:03 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream
Mitchell [EMAIL PROTECTED]
Cc: nanog@nanog.org
Sent: Tuesday, September 23, 2008 8:20:18 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Hello All,=0A=A0=0AIt seems you all missed the memo.=0AAs of about 11PM PST=
Last night 09/22/08, Esthost has been ENTIRELY Shutdown
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Sep 23, 2008 at 10:13 PM, Russell Mitchell [EMAIL PROTECTED]
wrote:
I believe the blocks your referring to are their 85.255 Blocks?
Registered to InHoster. I believe those prefixes are an entity of
their's, though I don't know for sure.
Emil,
If you've actually shut off the RBN, you should have no problem
finding some new transit to turn up, right?
We're in a buyer's market, and there are dozens of vendors on-net at
200 Paul who'd love a piece of your business.
Drive Slow,
Paul Wall
On Sun, Sep 21, 2008 at 3:20 PM, Emil
Just to add my $0.02 to this discussion and a disclaimer - I've known
Emil for years, I've seen his shop and even the controversy.
200 Paul is a small community, and most of the folks in there know
eachother, I've been in there since 2001 or so.
Intercage is not a big shop, there are very few
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in
running
it
I have no dog in this fight, but I would comment on the small shop
issue as it relates to handling abuse complaints.
I own a small
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real
dedication to
find out whats *actually* going on.
Tom,
Atrivo is not just a spammer, and Intercage
On Mon, Sep 22, 2008 at 04:48:16PM -0400, Drew Linsalata wrote:
I have no dog in this fight, but I would comment on the small shop
issue as it relates to handling abuse complaints.
I own a small colo/hosting shop too. We don't have many employees.
If we had to deal with so many abuse
So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595
6539 23342 27595
8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?
-Chris
On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595
6539 23342 27595
8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another
Tom I'm remembering?
Yep, same Tom, I was
On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations)
[EMAIL PROTECTED] wrote:
On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595
6539 23342 27595
8075 23342 27595
23342 ==
On Mon, Sep 22, 2008 at 5:48 PM, Christopher Morrow
[EMAIL PROTECTED] wrote:
On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations)
[EMAIL PROTECTED] wrote:
I also noticed AS paths like this:
* 69.22.162.0/23 701 2914 32335 6461 23342 27595 i
I'm not sure whats going on there,
On Mon, Sep 22, 2008 at 05:50:58PM -0400, Christopher Morrow wrote:
actually, I think PIE sees this route from 6461 and passes it along
probably because they didn't update the filters on their sessions when
they dropped the links to 27595 :(
Has anyone actually confirmed that the link is
On Sun, Sep 21, 2008 at 12:46:54PM -0700, Emil Kacperski wrote:
Hey James,
That's the worst part in all this, so many been with me for years!? I just
put my fate into companies I shouldn't have.
Emil:
Yes, they have been with you for years -- it's quite unfortunate, such great
customers.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- James Thomas [EMAIL PROTECTED] wrote:
Hmmm Seems Pacific bit the bullett around 2:25 est all annoucements were
dropped.
http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0
While this is 'good' news, don't be foooled -- many of
Hello,
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a few weeks now. The
only thing I believe is that NTT gave lots of pressure to PIE. For some
unknown reason when I tried to reach out to the security guy at
: Emil Kacperski [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 21, 2008 3:20 PM
To: nanog@nanog.org
Subject: Re: Atrivo/Intercage: NO Upstream depeer
Hello,
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a few weeks
Emil Kacperski wrote:
It's true that David from PIE disconnected our link approx 9pm or so
yesterday. Things were going perfect, no complaints for a few weeks
now. The only thing I believe is that NTT gave lots of pressure to
PIE. For some unknown reason when I tried to reach out to the
Hey James,
That's the worst part in all this, so many been with me for years! I just put
my fate into companies I shouldn't have. NLayer was bought and Liteup held
control of the SF pop, who is fully at the mercy of NLayer / ServerCentral.
WVFiber was bought by Host.NET and Randy simply
Had you responded to the hundreds of abuse complaints over the years
this would not have happened.
Sorry, no sympathy for you or the customers not smart enough to move
over the last few years of very overt negative news about you.
Matt
Emil Kacperski wrote:
Hey James,
That's the worst part
Matt,
Don't believe everything you read. I have unfortunately been a target over the
years
because I rented machines to Esthost. But the stories made up are way out
there.
It's all very easy a dedicated server / customer relationship - nothing more.
Never did I ignore anymore from the abuse
On Sep 21, 2008, at 4:21 PM, Emil Kacperski wrote:
Don't believe everything you read.
Most excellent advice.
[SNIP]
--
TTFN,
patrick
Considering the years of abuse, DNSBL listings, ROKSO listings, further
abuse, and silence at the abuse switch, I _CERTAINLY_ would not send
Atrivo abuse reports, I would send them to the upstreams instead.
Considering the almost 40 page white paper produced last month on the
abuse from
Greetings,
I can further vouch for this... an unusually large amount of botnets
reported to DroneBL have command and control servers on Atrivo's
network.
With the amount of listings and reports I get, it is obvious that Atrivo
does not care about the abuse@ inbox... which is unfortunate.
Emil Kacperski wrote:
Don't believe everything you read. I have unfortunately been a target over
the years
because I rented machines to Esthost. But the stories made up are way out
there.
It's all very easy a dedicated server / customer relationship - nothing more.
I don't have to
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all of
the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.
-
In Spamhaus' article, they did a history of more then ?350? SBL Listings for
On Sun, 21 Sep 2008, Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- James Thomas [EMAIL PROTECTED] wrote:
Hmmm Seems Pacific bit the bullett around 2:25 est all annoucements were
dropped.
http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0
While this is
William:
To date, I have never heard of the DroneBL. I have NEVER received any report
from any entity referring to that. The last report for a bot on our network was
an EggDrop bot a week or so ago. The report was from the IRC Network Operator,
and asked to have it removed from his network
: Russell Mitchell [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 21, 2008 5:54 PM
To: nanog@nanog.org
Subject: Re: Atrivo/Intercage: NO Upstream depeer
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all
of the SBL Listings, all of the DNSBL Listings
On Sun, 21 Sep 2008, Russell Mitchell wrote:
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk about all of
the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.
Don't kick someone when they are down.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Gadi Evron [EMAIL PROTECTED] wrote:
http://cidr-report.org/cgi-bin/as-report?as=AS27595v=4view=2.0
While this is 'good' news, don't be foooled -- many of these prefixes
have been migrated elsewhere, much the same way criminal activity
was
Gadi Evron wrote:
On Sun, 21 Sep 2008, Russell Mitchell wrote:
Hello all,
Andrew:
It is truly enlightening, to say the least, that you want to talk
about all of the SBL Listings, all of the DNSBL Listings, and all of
the abuse on our network has never had action taken.
Don't kick someone
Russell Mitchell wrote:
-
Matt:
It's very sad that your PROUD of you contribution to the supposed white
paper on our company. I'd like to know, was any of your contribution to
the report altered, or mis-represented, or are you truly unaware of how false
the information you provided
Russell Mitchell wrote:
Andrew:
If you have seen how Spamhaus handles our resolved SBL Listings, you
would know.
Those 6 listings have been resolved for a week now. John Reid and
his goons only provide swift LISTINGS, _NOT_ delistings.
Possibly why they're so widely used.
In the past 12
PROTECTED]
Cc: nanog@nanog.org
Sent: Sunday, September 21, 2008 4:02:15 PM
Subject: Re: Atrivo/Intercage: NO Upstream depeer
Russell Mitchell wrote:
-
Matt:
It's very sad that your PROUD of you contribution to the supposed white
paper on our company. I'd like to know, was any of your
It exists but not in bgp form - http://www.spamhaus.org/drop/
Dont Route Or Peer
srs
On Wed, Sep 17, 2008 at 7:01 PM, Gadi Evron [EMAIL PROTECTED] wrote:
On Wed, 17 Sep 2008, Skywing wrote:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons
On 17 Sep 2008, at 18:32, David Ulevitch wrote:
At the end of the day, nobody is going to drop packets for amazon's
IP space.
I have a customer that sells online, and is dropping stuff from ec2
today due to abuse.
Andy
On Sep 17, 2008, at 4:07 PM, David Ulevitch wrote:
Patrick W. Gilmore wrote:
On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote:
At the end of the day, nobody is going to drop packets for
amazon's IP space.
I'm afraid reality disagrees with you - there already are networks
doing it.
Being
Looks like PIE got themselves a /22 in spamhaus -
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL67906
_quote__
206.223.144.0/22 is listed on the Spamhaus Block List (SBL)
17-Sep-2008 09:57 GMT | SR04
Pacific Internet Exchange LLC. NT Technology ; nttec.com
On Tuesday 16 September 2008 23:36:20 *Hobbit* wrote:
you expect them to apply a null route?
Well, I *have* been talking somewhat idealistically here and
there with this crop of questions, but frankly I thought in the
2 or 3 years I was ignoring the list that the NETWORK OPERATORS
, September 17, 2008 09:26
To: nanog@nanog.org nanog@nanog.org
Subject: Re: Atrivo/Intercage: Now Only 1 Upstream
On Tuesday 16 September 2008 23:36:20 *Hobbit* wrote:
you expect them to apply a null route?
Well, I *have* been talking somewhat idealistically here and
there with this crop
for anyone who wants it,
but the Internet is not ready for that.
Gadi.
- S
-Original Message-
From: Lamar Owen [EMAIL PROTECTED]
Sent: Wednesday, September 17, 2008 09:26
To: nanog@nanog.org nanog@nanog.org
Subject: Re: Atrivo/Intercage: Now Only 1 Upstream
On Tuesday 16
On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote:
On Wed, 17 Sep 2008, Skywing wrote:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons (unallocated addresses) is likely to very quickly erode
trust in those services, if that is what
On Wed, Sep 17, 2008 at 1:07 PM, Christopher Morrow
[EMAIL PROTECTED] wrote:
On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote:
On Wed, 17 Sep 2008, Skywing wrote:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons (unallocated
Christopher Morrow wrote:
How about providing some open-source intelligence in a centralized and
machine-parsable fashion (perhaps with community input of intel even)
which would allow better decsions to be made?
Reputation based on src_addr is /so/ 2005. ASN has a few more legs
perhaps...
On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote:
Christopher Morrow wrote:
How about providing some open-source intelligence in a centralized
and
machine-parsable fashion (perhaps with community input of intel even)
which would allow better decsions to be made?
Reputation based on
On Wednesday 17 September 2008 12:55:49 Skywing wrote:
Lamar Owen Wrote:
Seems to me getting that IP space on a bogon list could be enough to make a
serious dent.
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons (unallocated addresses) is likely to
On Wed, 17 Sep 2008, Christopher Morrow wrote:
On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote:
On Wed, 17 Sep 2008, Skywing wrote:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons (unallocated addresses) is likely to very quickly
On Wednesday 17 September 2008 13:34:22 Patrick W. Gilmore wrote:
On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote:
At the end of the day, nobody is going to drop packets for amazon's
IP space.
I'm afraid reality disagrees with you - there already are networks
doing it.
Indeed. Google's
1 - 100 of 118 matches
Mail list logo
