RE: Atrivo/Intercage

[Tom Sparks (Applied Operations)]

Just to add my $0.02 to this discussion and a disclaimer - I've known 
Emil for years, I've seen his shop and even the controversy.
200 Paul is a small community, and most of the folks in there know
eachother, I've been in there since 2001 or so.

Intercage is not a big shop, there are very few people involved in running
it and I have a very hard time believing the accusations made by some
of the folks around. I also don't believe Intercage was complicit in any
net-crime; Thats not to say it didn't exist, but more along the lines
of they got lost in the noise of running a business. I'd guess that
given the server volume they've got, abuse emails are less than one percent
of all the email they get in a week. From what I've seen, the bulk of their
customer base is webhosters, Unix Shell providers and some video/audio
streamers. Were I to venture a guess on the number of folks reselling
those webservers, its probably on the order of thousands...

Any time I've had an issue with one of Atrivo's customers, it only took
one email to get it dealt with, or I got Emil on IM or on the phone and
it was taken care of. 

My experience with being on the other end of abuse@, I'd say a good
60-75% of the complaints I saw coming in were bogus. Either people
complaining about their ZoneAlarm's going off, people complaining
about bounced emails with spam and a bunch of automated stuff that was
always wrong. The legit complaints were not always easy to deal with
either since a good 20-30% of them were unclear on what was actually wrong
until you spent some time digging.

Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real dedication to
find out whats *actually* going on.

-- 
Tom Sparks
(415) 367-7328x1001

Re: Atrivo/Intercage

[Tom Sparks (Applied Operations)]

On Mon, Sep 22, 2008 at 04:48:16PM -0400, Drew Linsalata wrote:
 I have no dog in this fight, but I would comment on the small shop  
 issue as it relates to handling abuse complaints.
 
 I own a small colo/hosting shop too.  We don't have many employees.   
 If we had to deal with so many abuse complaints that things were  
 getting lost in the noise

Perhaps I should clarify - Abuse complaints being a small percentage
of normal requests for service (IE: I need a new hdd, an OS reinstalled)
I would agree that anyone beseiged in abuse requests should take a
machete to the offending customer's cables :)

-- 
Tom Sparks
(415) 367-7328x1001

Re: Atrivo/Intercage

[Tom Sparks (Applied Operations)]

On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
 So... apparently AS27595 is back on the air, with aspath's like:
 6461 23342 27595
 6539 23342 27595
 8075 23342 27595
 
 23342 == UnitedLayer, Tom isn't that you or is that another 
 Tom I'm remembering?

Yep, same Tom, I was one of the founders of UnitedLayer.
I haven't been there since 2006, so its not my doing.

I also noticed AS paths like this:
*  69.22.162.0/23  701 2914 32335 6461 23342 27595 i

I'm not sure whats going on there, but I'm thinking someone needs some help :)

-- 
Tom Sparks
(415) 367-7328x1001

Re: Atrivo/Intercage

[Tom Sparks (Applied Operations)]

On Mon, Sep 22, 2008 at 05:50:58PM -0400, Christopher Morrow wrote:
 actually, I think PIE sees this route from 6461 and passes it along
 probably because they didn't update the filters on their sessions when
 they dropped the links to 27595 :(

Has anyone actually confirmed that the link is dropped with PIE?

 Also they didn't update the IRR data to remove this set of prefixes.

Looks like they've got all kindsa stuff in there...

-- 
Tom Sparks
(415) 367-7328x1001