Re: Atrivo/Intercage: Now Only 1 Upstream
It exists but not in bgp form - http://www.spamhaus.org/drop/ Dont Route Or Peer srs On Wed, Sep 17, 2008 at 7:01 PM, Gadi Evron [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008, Skywing wrote: Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. We all want a really really bad stuff BGP feed for anyone who wants it, but the Internet is not ready for that.
Re: Atrivo/Intercage: Now Only 1 Upstream
On 17 Sep 2008, at 18:32, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I have a customer that sells online, and is dropping stuff from ec2 today due to abuse. Andy
Re: Atrivo/Intercage: Now Only 1 Upstream
On Sep 17, 2008, at 4:07 PM, David Ulevitch wrote: Patrick W. Gilmore wrote: On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Being big does not guarantee you ability to do Bad Things. I didn't imply that it did. Actually, that is exactly what you did. But the ability to block without causing significant collateral damage becomes more and more difficult as IPs become less tied to the organization using them. True (and rather obvious). Here's another obviously true statement: As more more spam comes from a set of IP addresses, it becomes less less likely you should accept e-mail from that space. That said, you're right that people are doing it now. Consensus from friends running their apps on EC2 is that you can't expect to be able to send any email from EC2 and hope for a high deliverability rate. Not news to anyone who works on anti-spam or e-mail deliverability. Perhaps the collateral damage will force Amazon to get things fixed faster. Or maybe not, but either way I don't see how you can blame someone for not wanting to accept e-mail from EC2. -- TTFN, patrick
Re: Atrivo/Intercage: Now Only 1 Upstream
Looks like PIE got themselves a /22 in spamhaus - http://www.spamhaus.org/sbl/sbl.lasso?query=SBL67906 _quote__ 206.223.144.0/22 is listed on the Spamhaus Block List (SBL) 17-Sep-2008 09:57 GMT | SR04 Pacific Internet Exchange LLC. NT Technology ; nttec.com http://cidr-report.org/cgi-bin/as-report?as=AS32335 Hosted/routed Scott Richter AND Alan Ralsky - now decided to pick up Intercage/Atrivo. Perhaps someone does not read the news? http://news.google.com/news?q=intercage http://www.spamhaus.org/news.lasso?article=636 We hope that's the case and this is not a knowing routing decision. On Wed, Sep 17, 2008 at 6:31 AM, Matthew Moyle-Croft [EMAIL PROTECTED] wrote: On 16/09/2008, at 10:17 PM, *Hobbit* wrote: So in cases like this where the community appears to agree that there's a consistently bad apple, what's preventing everyone from simply nullrouting the netblocks in question and imposing the death penalty? Dunno - but something did occur to me this morning on the drive into work:
Re: Atrivo/Intercage: Now Only 1 Upstream
On Tuesday 16 September 2008 23:36:20 *Hobbit* wrote: you expect them to apply a null route? Well, I *have* been talking somewhat idealistically here and there with this crop of questions, but frankly I thought in the 2 or 3 years I was ignoring the list that the NETWORK OPERATORS ostensibly in custody of the intertubes would have pulled things together a little better and grown enough of a pair to firmly state this crap stops here and now and make it happen. :-) Speaking as an observer only, and not as someone who, other than at my own edge, could make a significant impact on the result. Seems to me getting that IP space on a bogon list could be enough to make a serious dent.
RE: Atrivo/Intercage: Now Only 1 Upstream
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. - S -Original Message- From: Lamar Owen [EMAIL PROTECTED] Sent: Wednesday, September 17, 2008 09:26 To: nanog@nanog.org nanog@nanog.org Subject: Re: Atrivo/Intercage: Now Only 1 Upstream On Tuesday 16 September 2008 23:36:20 *Hobbit* wrote: you expect them to apply a null route? Well, I *have* been talking somewhat idealistically here and there with this crop of questions, but frankly I thought in the 2 or 3 years I was ignoring the list that the NETWORK OPERATORS ostensibly in custody of the intertubes would have pulled things together a little better and grown enough of a pair to firmly state this crap stops here and now and make it happen. :-) Speaking as an observer only, and not as someone who, other than at my own edge, could make a significant impact on the result. Seems to me getting that IP space on a bogon list could be enough to make a serious dent.
RE: Atrivo/Intercage: Now Only 1 Upstream
On Wed, 17 Sep 2008, Skywing wrote: Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. We all want a really really bad stuff BGP feed for anyone who wants it, but the Internet is not ready for that. Gadi. - S -Original Message- From: Lamar Owen [EMAIL PROTECTED] Sent: Wednesday, September 17, 2008 09:26 To: nanog@nanog.org nanog@nanog.org Subject: Re: Atrivo/Intercage: Now Only 1 Upstream On Tuesday 16 September 2008 23:36:20 *Hobbit* wrote: you expect them to apply a null route? Well, I *have* been talking somewhat idealistically here and there with this crop of questions, but frankly I thought in the 2 or 3 years I was ignoring the list that the NETWORK OPERATORS ostensibly in custody of the intertubes would have pulled things together a little better and grown enough of a pair to firmly state this crap stops here and now and make it happen. :-) Speaking as an observer only, and not as someone who, other than at my own edge, could make a significant impact on the result. Seems to me getting that IP space on a bogon list could be enough to make a serious dent.
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008, Skywing wrote: Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. We all want a really really bad stuff BGP feed for anyone who wants it, but the Internet is not ready for that. hrm, so actually there's a lot of supporting infrastructure that is necessary (or could be necessary) to implement something of that sort in any decent sized network. Provided you wanted to sinkhole the trafffic off somewhere to 'do the right thing' not just null0 the traffic, of course. There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from someone else whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens. Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ... How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? -Chris
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wed, Sep 17, 2008 at 1:07 PM, Christopher Morrow [EMAIL PROTECTED] wrote: On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008, Skywing wrote: Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. We all want a really really bad stuff BGP feed for anyone who wants it, but the Internet is not ready for that. hrm, so actually there's a lot of supporting infrastructure that is necessary (or could be necessary) to implement something of that sort in any decent sized network. Provided you wanted to sinkhole the trafffic off somewhere to 'do the right thing' not just null0 the traffic, of course. right on. There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from someone else whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens. and this is the exact reason i will not implement any of these auto-bgp feeds or drop lists in my network. now not only do i have internal operation folks fat fingers to worry about,but what if one of these third parties, as you pointed out, with no money changing hands or formal agreements,has fat fingers one day, and now adds a legitimate allocation to the feed/list? then what? Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ... How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? -Chris Christian
Re: Atrivo/Intercage: Now Only 1 Upstream
Christopher Morrow wrote: How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? Reputation based on src_addr is /so/ 2005. ASN has a few more legs perhaps... but... All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, etc.) makes any system based around IP reputation decidedly less useful. At the end of the day, nobody is going to drop packets for amazon's IP space. -David
Re: Atrivo/Intercage: Now Only 1 Upstream
On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: Christopher Morrow wrote: How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? Reputation based on src_addr is /so/ 2005. ASN has a few more legs perhaps... but... All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, etc.) makes any system based around IP reputation decidedly less useful. At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Being big does not guarantee you ability to do Bad Things. -- TTFN, patrick
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wednesday 17 September 2008 12:55:49 Skywing wrote: Lamar Owen Wrote: Seems to me getting that IP space on a bogon list could be enough to make a serious dent. Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. Seems a similar topic has been here before... hrm... Yep, back around the first of August the subject came up of Is it time to abandon bogon prefix filters? in which thread you (among many others) were a participant. I don't have an archive link, sorry, since I used my personal archive of NANOG to find. Seems there are already trust, DoS, etc issues out there, in spades. But if someone wanted to do a 'badon' list and distribute in a similar fashion nothing is preventing folks for subscribing. The various antispam DNSBL's have multiple feeds of different kinds; some enterprising soul could do the same for routing. Will everyone do that? Of course not; some will choose to not, others will simply not care, and others will just ignore. Perhaps it could be called the wish-they-were-bogons list. Then a I-really-wish-they-were-bogons list for just the more severe block. The point made by Christopher Morrow is well taken: There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from someone else whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens. Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ... Folks who use a DNSBL are already letting people in their network, in the e-mail sense at least (and some firewall interfaces to these lists). Those same people would likely not have a problem with a wish-they-were-bogons list. But, yeah, it's like chasing a weasel with an M134 with someone else aiming while you hold down the trigger. For infrastructure notes, see Team Cymru's description page at http://www.team-cymru.org/Services/Bogons/routeserver.html Seems easy enough to duplicate (of course, the devil is in the details, and nothing is as easy as it seems); and making the 'thing' 'do the right thing' is a matter of what routes are actually served by your route-servers. Perhaps a good use for that old Internet backbone router (or wannabe) that can no longer take a full BGP feed.
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wed, 17 Sep 2008, Christopher Morrow wrote: On Wed, Sep 17, 2008 at 1:01 PM, Gadi Evron [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008, Skywing wrote: Putting things in the automated bogon feeds (e.g. Team Cymru) that are not strictly bogons (unallocated addresses) is likely to very quickly erode trust in those services, if that is what you are suggesting. We all want a really really bad stuff BGP feed for anyone who wants it, but the Internet is not ready for that. hrm, so actually there's a lot of supporting infrastructure that is necessary (or could be necessary) to implement something of that sort in any decent sized network. Provided you wanted to sinkhole the trafffic off somewhere to 'do the right thing' not just null0 the traffic, of course. There's the additional issue of allowing a third party to manage/traffic-engineer inside your network which might upset some operations folks. If you can build a list on your own in a reasonable fashion with supporting information and high confidence level that's one story, if this list comes from someone else whom you don't even have a billing-relationship with... it's hard to sell that when something bad happens. Certainly not everyone feels this way (see 'popularity' of the existing RBL/xbl lists) but in a larger network, or one that makes money ... How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? Chris, that does not solve the one issue you did not mention: liability. Gadi. -Chris
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wednesday 17 September 2008 13:34:22 Patrick W. Gilmore wrote: On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Indeed. Google's e-mail servers get on the various DNSBL's frequently. Being big does not guarantee you ability to do Bad Things. Might even provide incentive for the grid computing providers to keep tabs on what their uses are doing. Imagine that! Accountability, using the only 'stick' available.
Re: Atrivo/Intercage: Now Only 1 Upstream
Lamar Owen wrote: On Wednesday 17 September 2008 13:34:22 Patrick W. Gilmore wrote: On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Indeed. Google's e-mail servers get on the various DNSBL's frequently. I occasionally get in to an argument with a customer who is trying to get mail from someone after a spam run came out of a google mail server and landed it on a DNSBL. The argument presented to me always boils down to Google could never do anything wrong or Google is too big to do anything wrong and I should immediately stop recommending any DNSBL that would dare to block Google. ~Seth
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wed, Sep 17, 2008 at 1:32 PM, David Ulevitch [EMAIL PROTECTED] wrote: Christopher Morrow wrote: How about providing some open-source intelligence in a centralized and machine-parsable fashion (perhaps with community input of intel even) which would allow better decsions to be made? Reputation based on src_addr is /so/ 2005. ASN has a few more legs perhaps... but... All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, etc.) makes any system based around IP reputation decidedly less useful. there is more than 'srcip' you can use to judge reputation on... if you have something 'not a router' you can even implement other options... Adding things like ttl's to the entries, sliding the reputation on that as well. It's not just 'src ip'. ASN is a really big hammer At the end of the day, nobody is going to drop packets for amazon's IP space. nope, but amazon can/may-be-able-to do some protections on their side, or individuals could choose to block bits/pieces of amazon, and they have already. -David
RE: Atrivo/Intercage: Now Only 1 Upstream
I occasionally get in to an argument with a customer who is trying to get mail from someone after a spam run came out of a google mail server and landed it on a DNSBL. The argument presented to me always boils down to Google could never do anything wrong or Google is too big to do anything wrong and I should immediately stop recommending any DNSBL that would dare to block Google. ~Seth A more rational version of this argument would be that blocking Google's mail servers will obviously have large amounts of collatarel damage. Any DNSBL that blocks Google's mail servers, other than perhaps in sufficiently serious situations to justify this level of collatarel damage, shouldn't be recommended. You should provide a way for customers to opt out of your blacklists. Many people are perfectly happy to run their own spam filtering software and retain the capability to skim (or analyze) their spam. If you provide a way for your customer to do this, point them to it. If not, that is a failing on your part. (Though of course it's always possible you have cost/benefit arguments that justify not providing that service.) Some people would really like email to be as reliable as possible, even if that means they have to wade through a lot of spam. At least this gives them ability to whitelist sources that are important to them personally. David Schwartz [EMAIL PROTECTED]
Re: Atrivo/Intercage: Now Only 1 Upstream
Patrick W. Gilmore wrote: On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Being big does not guarantee you ability to do Bad Things. I didn't imply that it did. But the ability to block without causing significant collateral damage becomes more and more difficult as IPs become less tied to the organization using them. That said, you're right that people are doing it now. Consensus from friends running their apps on EC2 is that you can't expect to be able to send any email from EC2 and hope for a high deliverability rate.
Re: Atrivo/Intercage: Now Only 1 Upstream
David Schwartz wrote: I occasionally get in to an argument with a customer who is trying to get mail from someone after a spam run came out of a google mail server and landed it on a DNSBL. The argument presented to me always boils down to Google could never do anything wrong or Google is too big to do anything wrong and I should immediately stop recommending any DNSBL that would dare to block Google. ~Seth A more rational version of this argument would be that blocking Google's mail servers will obviously have large amounts of collatarel damage. Any DNSBL that blocks Google's mail servers, other than perhaps in sufficiently serious situations to justify this level of collatarel damage, shouldn't be recommended. You should provide a way for customers to opt out of your blacklists. Many people are perfectly happy to run their own spam filtering software and retain the capability to skim (or analyze) their spam. If you provide a way for your customer to do this, point them to it. If not, that is a failing on your part. (Though of course it's always possible you have cost/benefit arguments that justify not providing that service.) Some people would really like email to be as reliable as possible, even if that means they have to wade through a lot of spam. At least this gives them ability to whitelist sources that are important to them personally. Oh, they can. They have full control of everything hardcore filtering to nothing at all and anything in between. They could prune out the DNSBL they didn't like, turn off DNSBL completely, whitelist the source CIDR range (which I gave them), whitelist the sender's address/domain, etc. There was 15 different ways they could have fixed it, but didn't want to. I can't really say why. All they would say is it's Google. ~Seth
Re: Atrivo/Intercage: Now Only 1 Upstream
Some people would really like email to be as reliable as possible, even if that means they have to wade through a lot of spam. By what twisted logic can a system where desired email is found when they have to wade through a lot of spam? Have you ever inadvertently deleted a desired item in the middle of a delete-yes-delete-yes-delete-yes-delete-yes-delete-yes-delete-yes sequence that went on for a lot of spam? How many times? Did you recover all of the desired items? How do you know that? To me a reliable system is one that delivers what I want and only what I want every time. And having to pick the pepper out of the flysh*t is not my idea of reliable.
Re: Atrivo/Intercage: Now Only 1 Upstream
On Wed, 17 Sep 2008, David Ulevitch wrote: Reputation based on src_addr is /so/ 2005. ASN has a few more legs perhaps... but... All the growth in Internet-connected compute clouds (EC2, AppNexus, GoGrid, etc.) makes any system based around IP reputation decidedly less useful. At the end of the day, nobody is going to drop packets for amazon's IP space. While I can't speak for the others on your list, we have been putting a fair amount of thought into abuse detection and mitigation at GoGrid. We are well aware of the problems we would have if our address space were to end up with a bad reputation. If stuff does get through that shouldn't, please contact [EMAIL PROTECTED] and we'll take care of it. -Steve
RE: Atrivo/Intercage: Now Only 1 Upstream
Welcome the Internet version of Too big to fail. I like the corollary: If it's too big to fail, it's too big, and needs to be broken up. Otherwise, we get an oligarchy, -Original Message- From: Seth Mattinen [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2008 11:27 AM To: nanog@nanog.org Subject: Re: Atrivo/Intercage: Now Only 1 Upstream Lamar Owen wrote: On Wednesday 17 September 2008 13:34:22 Patrick W. Gilmore wrote: On Sep 17, 2008, at 1:32 PM, David Ulevitch wrote: At the end of the day, nobody is going to drop packets for amazon's IP space. I'm afraid reality disagrees with you - there already are networks doing it. Indeed. Google's e-mail servers get on the various DNSBL's frequently. I occasionally get in to an argument with a customer who is trying to get mail from someone after a spam run came out of a google mail server and landed it on a DNSBL. The argument presented to me always boils down to Google could never do anything wrong or Google is too big to do anything wrong and I should immediately stop recommending any DNSBL that would dare to block Google. ~Seth
Re: Atrivo/Intercage: Now Only 1 Upstream
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Paul Wall [EMAIL PROTECTED] wrote: Cogent is keeping tabs of the Intercage/Atrivo situation in ticket HD000789038. Be sure to e-mail or call them referencing that number with any information you may have to share. AboveNet's ticket auto-responder is broken. I don't have time to pass along intelligence to Cogent, and if I did feel so inclined, somehow I get the feeling that I would largely be ignored since I'm not a direct customer. I'm more inclined to pass along the intelligence to law enforcement, as many of us have been doing for a couple of years now. In any event, the badness is still there. Lots of it. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIzz/jq1pz9mNUZTMRAoykAKDT0Z9j7zw8RHpO0fSjBIYdbUCTiACg3koi F2OWk5qP+5ZsXdBbBcg6cB4= =Mfgg -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Atrivo/Intercage: Now Only 1 Upstream
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Paul Wall [EMAIL PROTECTED] wrote: Cogent is keeping tabs of the Intercage/Atrivo situation in ticket HD000789038. Be sure to e-mail or call them referencing that number with any information you may have to share. AboveNet's ticket auto-responder is broken. By the way, a lot of folks are watching all domains registered within Atrivo/Intercage IP address space every day. Here's a few for you to decide -- and they have been registered only in the past few days: undaground.biz pillshere.net ukrnic.info (originally registered in Intercage IP space, now in UkrTelecom) This is only a fraction of a percentage of the activities. We are watching. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIz0ozq1pz9mNUZTMRAnHeAJ4ntfwfiQaQxhTXfs89uo2I3cTJMgCfb41s M7q+r1sgTSmGL1+vszyHYb0= =c6jO -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Atrivo/Intercage: Now Only 1 Upstream
On Tue, 16 Sep 2008, Paul Ferguson wrote: In any event, the badness is still there. Lots of it. Not according to this: http://www.domainnews.com/en/general/estdomains-denies-links-to-malware-distribution.html The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance. You really need to read the entire posting and not end up ROTFL. -Hank
Re: Atrivo/Intercage: Now Only 1 Upstream
On Sep 16, 2008, at 1:55 AM, Paul Ferguson wrote: By the way, a lot of folks are watching all domains registered within Atrivo/Intercage IP address space every day. Here's a few for you to decide -- and they have been registered only in the past few days: undaground.biz pillshere.net ukrnic.info (originally registered in Intercage IP space, now in UkrTelecom) This is only a fraction of a percentage of the activities. We are watching. Not closely enough. It seems some people in San Francisco are selling Intercage outbound only capacity. (I.e. Letting them send packets and not announcing their ASN/prefixes to hide the fact Atrivo is a customer.) If you find packets from Atrivo coming into your network from a network where you do not see a reverse path, please let the rest of us know so we can take appropriate action. -- TTFN, patrick
Re: Atrivo/Intercage: Now Only 1 Upstream
So in cases like this where the community appears to agree that there's a consistently bad apple, what's preventing everyone from simply nullrouting the netblocks in question and imposing the death penalty? Sorry if this seems naive, but if no legitimate purpose is shown it seems like the obvious thing to do. Maybe they could still *send* packets, but nothing would ever get back to them. _H*
Re: Atrivo/Intercage: Now Only 1 Upstream
[EMAIL PROTECTED] (*Hobbit*) writes: So in cases like this where the community appears to agree that there's a consistently bad apple, what's preventing everyone from simply nullrouting the netblocks in question and imposing the death penalty? http://www.spamhaus.org/drop/ seems to have atrivo on it. Sorry if this seems naive, but if no legitimate purpose is shown it seems like the obvious thing to do. Maybe they could still *send* packets, but nothing would ever get back to them. legitimacy is in the mind of the beholder of course. -- Paul Vixie
Re: Atrivo/Intercage: Now Only 1 Upstream
On Tue, 16 Sep 2008 12:47:26 -, *Hobbit* said: So in cases like this where the community appears to agree that there's a consistently bad apple, what's preventing everyone from simply what's preventing everyone? Geez Hobbit, I *know* you've been around long enough to know better than that :) We can't get a clear majority of providers to do BCP38, you expect them to apply a null route? And then to know to *remove* it once the problem withers up? ;) pgpoJMzfeFvF3.pgp Description: PGP signature
Re: Atrivo/Intercage: Now Only 1 Upstream
you expect them to apply a null route? Well, I *have* been talking somewhat idealistically here and there with this crop of questions, but frankly I thought in the 2 or 3 years I was ignoring the list that the NETWORK OPERATORS ostensibly in custody of the intertubes would have pulled things together a little better and grown enough of a pair to firmly state this crap stops here and now and make it happen. I do see pockets of good progress and research here and there and have gotten a lot of good feedback from people, but the big picture [as I watch my logs roll by] is pretty grim. Especially when the big players don't play at all. I've been around long enough to have a good idea of what *can* be done, but totally lost sight of any sensible reason why it *isn't*. Besides quarterly revenue, which is pretty short-sighted. Fortunately, I still have the luxury of being able to have my mailsystems tell cpe-*.rr.com and pool-*.verizon.net and c-24-*.comcast.net, along with large swaths of offshore IP space, to take a powder. Hundreds of times a day. But it's still their trash flying onto my tiny little lawn, and shouldn't be my job to sweep up. I mentally extend that picture to the millions of recipients who possibly aren't able to implement unusual and/or draconian filtering, and wonder how anybody ever gets any productive work done. _H*
Re: Atrivo/Intercage: Now Only 1 Upstream
On 16/09/2008, at 10:17 PM, *Hobbit* wrote: So in cases like this where the community appears to agree that there's a consistently bad apple, what's preventing everyone from simply nullrouting the netblocks in question and imposing the death penalty? Dunno - but something did occur to me this morning on the drive into work: Maybe there's another approach to this problem. Maybe, rather than having the antispam/virus vendors do non-real world lab tests we could get them all to donate some kit to whomever is the unlucky transit- provider du jour and see how well it works providing a nice clean feed and who's better at it? ;-) MMC -- Matthew Moyle-Croft Internode/Agile Peering and Core Networks
Atrivo/Intercage: Now Only 1 Upstream
Looks like WVFiber removed them as a customer: http://www.cidr-report.org/cgi-bin/as-report?as=as27595 Now only AS32335 [PACIFICINTERNETEXCHANGE-NET] remains. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Atrivo/Intercage: Now Only 1 Upstream
Paul, Cogent is keeping tabs of the Intercage/Atrivo situation in ticket HD000789038. Be sure to e-mail or call them referencing that number with any information you may have to share. AboveNet's ticket auto-responder is broken. I've been unable to get a response out of NTT (AS 2914). Drive Slow, Paul Wall