InterCage, Inc. (NOT Atrivo)

[InterCage - Russ]

Hello Everyone,

Good morning. 
Seeing the activity in regards to our company here at NANOG, I believe this is 
the most reasonable and responsible place to respond to the current issues on 
our network. We hope to obtain non-bias opinion's and good honest and truthful 
information from the users here.

Being that there are much larger operators here then us, what kind of insight 
can you give to the issues that have arisen?

We've near completely removed (completion monday 09/08/08) Hostfresh from our 
network. 2 of their /24's have been removed:
58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.

What do you suggest for the next move?

Thank you for your time. Have a great day.

---
Russell M.
InterCage, Inc.

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 7, 2008, at 4:32 AM, InterCage - Russ wrote:

Seeing the activity in regards to our company here at NANOG, I  
believe this is the most reasonable and responsible place to respond  
to the current issues on our network. We hope to obtain non-bias  
opinion's and good honest and truthful information from the users  
here.


Being that there are much larger operators here then us, what kind  
of insight can you give to the issues that have arisen?


We've near completely removed (completion monday 09/08/08) Hostfresh  
from our network. 2 of their /24's have been removed:

58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.

What do you suggest for the next move?


A hearty pat on the back for a job well done.

--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 7, 2008, at 11:58 AM, Patrick W. Gilmore wrote:

On Sep 7, 2008, at 4:32 AM, InterCage - Russ wrote:

Seeing the activity in regards to our company here at NANOG, I  
believe this is the most reasonable and responsible place to  
respond to the current issues on our network. We hope to obtain non- 
bias opinion's and good honest and truthful information from the  
users here.


Being that there are much larger operators here then us, what kind  
of insight can you give to the issues that have arisen?


We've near completely removed (completion monday 09/08/08)  
Hostfresh from our network. 2 of their /24's have been removed:

58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.

What do you suggest for the next move?


A hearty pat on the back for a job well done.


P.S. And removing you from the "will _not_ buy from" list of providers.

--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Sun, 7 Sep 2008, InterCage - Russ wrote:

Hello Everyone,

Good morning.
Seeing the activity in regards to our company here at NANOG, I believe this is 
the most reasonable and responsible place to respond to the current issues on 
our network. We hope to obtain non-bias opinion's and good honest and truthful 
information from the users here.

Being that there are much larger operators here then us, what kind of insight 
can you give to the issues that have arisen?

We've near completely removed (completion monday 09/08/08) Hostfresh from our 
network. 2 of their /24's have been removed:
58.65.238.0/24 dropped
58.65.239.0/24 dropped
The machine's they leased from us have been canceled.


Thank you Russ. That is a great step in the right direction dropping this 
one client. It is appreciated, although it's just one bad apple on a 
big tree.


However, I don't want to pick on you, so let's reframe the subject:


What do you suggest for the next move?


Well, perhaps you can share any information with us on a legitimate client 
you have?




Thank you for your time. Have a great day.

---
Russell M.
InterCage, Inc.

Re: InterCage, Inc. (NOT Atrivo)

[Scott Weeks]

--- [EMAIL PROTECTED] wrote:

Well, perhaps you can share any information with us on a legitimate client 
you have?
--


Now why do you have to go there?  Just to fan the flames for fun and profit?  
:-(

scott

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Mon, 8 Sep 2008, Scott Weeks wrote:



--- [EMAIL PROTECTED] wrote:

Well, perhaps you can share any information with us on a legitimate client
you have?
--


Now why do you have to go there?  Just to fan the flames for fun and profit?  
:-(


I haven't seen any flames, I've seen them claim they cleaned up, instead 
of pointing out all their other bad clients, I am asking for a good one. 
Should be easy enough to manufacture.


I am interesting in you take on this:
I am starting to think of the horror of whoever gets assigned these IP 
addresses next trying to clean them all up so they are usable again. They 
are listed *everywhere* for a long time now.


Gadi.



scott

Re: InterCage, Inc. (NOT Atrivo)

[Scott Weeks]

--- [EMAIL PROTECTED] wrote:
On Mon, 8 Sep 2008, Scott Weeks wrote:
>
> --- [EMAIL PROTECTED] wrote:
>
> Well, perhaps you can share any information with us on a legitimate client
> you have?
> --
>
> Now why do you have to go there?  Just to fan the flames for fun and profit?  
> :-(


I haven't seen any flames, I've seen them claim they cleaned up, instead 
of pointing out all their other bad clients, I am asking for a good one. 
Should be easy enough to manufacture.
-

Stop.  Please.

scott

Re: InterCage, Inc. (NOT Atrivo)

[James Pleger]

On Mon, Sep 8, 2008 at 10:59 AM, Scott Weeks <[EMAIL PROTECTED]> wrote:
>
>
> --- [EMAIL PROTECTED] wrote:
>
> Well, perhaps you can share any information with us on a legitimate client
> you have?
> --
>
>
> Now why do you have to go there?  Just to fan the flames for fun and profit?  
> :-(
>
> scott

Scott, I am unsure how it is fun or profitable to ask this question
which has been on everyones mind. I haven't personally seen anything
worth noting that wasn't malicious from Intercage or Hostfresh.

I can tell you the only thing that was even remotely legitimate from a
report of all Hostfresh/Intercage traffic from my network was a couple
porn sites. Everything else was malicious communication.

I am sure if I looked into it more I could find some exploits related
to the sites.

Thanks,
James

>
>

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Mon, 8 Sep 2008, Scott Weeks wrote:



--- [EMAIL PROTECTED] wrote:
On Mon, 8 Sep 2008, Scott Weeks wrote:


--- [EMAIL PROTECTED] wrote:

Well, perhaps you can share any information with us on a legitimate client
you have?
--

Now why do you have to go there?  Just to fan the flames for fun and profit?  
:-(



I haven't seen any flames, I've seen them claim they cleaned up, instead
of pointing out all their other bad clients, I am asking for a good one.
Should be easy enough to manufacture.
-

Stop.  Please.



Scott, second attempt to get a relavnt remark out of you flame-baiting:

Do you feel future peers of Atrivo / Intercage should be making some sort 
of abuse due dilligence? How does such a process get done? Relying on 
black lists doesn't seem too reliable as a solution.


Obviously host lost some money now after buying a provider with a big 
client that was just depeered, so it is now a financial concern.


Gadi.


scott

Re: InterCage, Inc. (NOT Atrivo)

[Scott Weeks]

--- [EMAIL PROTECTED] wrote:
I am sure if I looked into it more I could find some exploits related
to the sites.
-


"Why software piracy might actually be good for companies."

Folks should clean their own house before pointing fingers at others...

scott

Re: InterCage, Inc. (NOT Atrivo)

[Matthew Petach]

On 9/8/08, Gadi Evron <[EMAIL PROTECTED]> wrote:
> On Sun, 7 Sep 2008, InterCage - Russ wrote:
>  Thank you Russ. That is a great step in the right direction dropping this
> one client. It is appreciated, although it's just one bad apple on a big
> tree.
>
>  However, I don't want to pick on you, so let's reframe the subject:
>
> > What do you suggest for the next move?
> >
>
>  Well, perhaps you can share any information with us on a legitimate client
> you have?

I do not think it is appropriate for ISPs to have to prove or demonstrate the
legitimacy of their customer base.  As a legitimate customer of an ISP, I
would be *highly* incensed if my privacy were to be violated simply to
provide "proof" that the ISP had legitimate clients.

The notion of "innocent until proven guilty" I think is a much better model for
us to work with.  If you find clear miscreants, and have data to back it up,
then a call for cleaning up the miscreants is somewhat acceptable, though
I worry that we may descend into a witch hunt if this is taken too far to the
extreme.  However, a call to "prove your innocence" is entirely uncalled for,
and opens ISPs up to being caught on the horns of a very nasty dillemma;
either to maintain their customer's privacy, and be labelled as an evil, nasty,
non-cooperative provider that must therefore be guilty, by their very dint of
failure to prove their innocence; or, reveal their law-abiding,
legitimate client
information, and and then quickly lose those clients when they realize their
records are no longer considered private at that ISP.

If you have proof of clients engaging in illegal practices, then it is
appropriate
to go after those clients.  But leave the legitimate clients alone.

*putting down his pitchfork and torch, and walking away from the mob*

Matt

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Mon, 8 Sep 2008, Scott Weeks wrote:



--- [EMAIL PROTECTED] wrote:
I am sure if I looked into it more I could find some exploits related
to the sites.
-


"Why software piracy might actually be good for companies."

Folks should clean their own house before pointing fingers at others...


My house may not be clean right now, but the cleaner is coming tomorrow. 
However, filth from their house is making my house smell. I am very happy 
they are willing to clean up, but it still smells for some reason.


Enough with analogies, you are making this discussion into a hostile 
environment for them to reply in.


What are you afraid of, anyway? Are you running a bullet-proof hosting 
farm?




scott

Re: InterCage, Inc. (NOT Atrivo)

[Scott Weeks]

My apologies everyone, I shouldn't have said that.  I'm done.

scott


--- [EMAIL PROTECTED] wrote:
--- [EMAIL PROTECTED] wrote:
I am sure if I looked into it more I could find some exploits related
to the sites.
-


"Why software piracy might actually be good for companies."

Folks should clean their own house before pointing fingers at others...
--

RE: InterCage, Inc. (NOT Atrivo)

[Randy Epstein]

>Obviously host lost some money now after buying a provider with a big 
>client that was just depeered, so it is now a financial concern.

>   Gadi.

On the floor ..  dying here.

Re: InterCage, Inc. (NOT Atrivo)

[James Pleger]

When I worked at an ISP I can say that my house was very clean.
Takedowns were done in hours and we had a very large customer base. I
will take on the clean house topic any time... I have done hundreds if
not thousands of takedowns while I have worked at hosting companies,
it isn't that hard to keep the house clean.

However, what you have said in this topic has not been useful or
brought anything that might be interesting to light at all. Please
come back when you have something useful or productive to say.

Thanks,
James


On Mon, Sep 8, 2008 at 11:20 AM, Scott Weeks <[EMAIL PROTECTED]> wrote:
>
>
> --- [EMAIL PROTECTED] wrote:
> I am sure if I looked into it more I could find some exploits related
> to the sites.
> -
>
>
> "Why software piracy might actually be good for companies."
>
> Folks should clean their own house before pointing fingers at others...
>
> scott
>
>

RE: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Mon, 8 Sep 2008, Randy Epstein wrote:

Obviously host lost some money now after buying a provider with a big
client that was just depeered, so it is now a financial concern.



Gadi.


On the floor ..  dying here.


:) :)

Re: InterCage, Inc. (NOT Atrivo)

[John C. A. Bambenek]

"> I do not think it is appropriate for ISPs to have to prove or demonstrate the
> legitimacy of their customer base"

Here is the exact point of contention and the point where I think
people disagree.  ISPs are the **first** line of defense against
malware and badware.  They are the ones closest to the customer and
best able to "whack-a-mole".  For those ISPs that do cater to a high
proportion of bad actors, I quite rightly want them to demonstrate
their legitimacy.  By peering with them, there is a trust relationship
formed... if there is a question that goes right to the heart of that
trust, they ought to answer it, otherwise they ought to be de-peered
as well.

On Mon, Sep 8, 2008 at 1:25 PM, Matthew Petach <[EMAIL PROTECTED]> wrote:
> On 9/8/08, Gadi Evron <[EMAIL PROTECTED]> wrote:
>> On Sun, 7 Sep 2008, InterCage - Russ wrote:
>>  Thank you Russ. That is a great step in the right direction dropping this
>> one client. It is appreciated, although it's just one bad apple on a big
>> tree.
>>
>>  However, I don't want to pick on you, so let's reframe the subject:
>>
>> > What do you suggest for the next move?
>> >
>>
>>  Well, perhaps you can share any information with us on a legitimate client
>> you have?
>
> I do not think it is appropriate for ISPs to have to prove or demonstrate the
> legitimacy of their customer base.  As a legitimate customer of an ISP, I
> would be *highly* incensed if my privacy were to be violated simply to
> provide "proof" that the ISP had legitimate clients.
>
> The notion of "innocent until proven guilty" I think is a much better model 
> for
> us to work with.  If you find clear miscreants, and have data to back it up,
> then a call for cleaning up the miscreants is somewhat acceptable, though
> I worry that we may descend into a witch hunt if this is taken too far to the
> extreme.  However, a call to "prove your innocence" is entirely uncalled for,
> and opens ISPs up to being caught on the horns of a very nasty dillemma;
> either to maintain their customer's privacy, and be labelled as an evil, 
> nasty,
> non-cooperative provider that must therefore be guilty, by their very dint of
> failure to prove their innocence; or, reveal their law-abiding,
> legitimate client
> information, and and then quickly lose those clients when they realize their
> records are no longer considered private at that ISP.
>
> If you have proof of clients engaging in illegal practices, then it is
> appropriate
> to go after those clients.  But leave the legitimate clients alone.
>
> *putting down his pitchfork and torch, and walking away from the mob*
>
> Matt
>
>

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Mon, 8 Sep 2008, Matthew Petach wrote:

On 9/8/08, Gadi Evron <[EMAIL PROTECTED]> wrote:

On Sun, 7 Sep 2008, InterCage - Russ wrote:
 Thank you Russ. That is a great step in the right direction dropping this
one client. It is appreciated, although it's just one bad apple on a big
tree.

 However, I don't want to pick on you, so let's reframe the subject:


What do you suggest for the next move?



 Well, perhaps you can share any information with us on a legitimate client
you have?


I do not think it is appropriate for ISPs to have to prove or demonstrate the
legitimacy of their customer base.  As a legitimate customer of an ISP, I
would be *highly* incensed if my privacy were to be violated simply to
provide "proof" that the ISP had legitimate clients.


What you say in this email makes a lot of sense. Thanks for pointing that 
out.


Not being a lawyer, I think this also makes sense legally (as far as 
the Britain-like systems go).


As to this particular case, I'd be satisfied if I see even just all the 
fake DNS traffic stop heading their way, anyway.


Gadi.


The notion of "innocent until proven guilty" I think is a much better model for
us to work with.  If you find clear miscreants, and have data to back it up,
then a call for cleaning up the miscreants is somewhat acceptable, though
I worry that we may descend into a witch hunt if this is taken too far to the
extreme.  However, a call to "prove your innocence" is entirely uncalled for,
and opens ISPs up to being caught on the horns of a very nasty dillemma;
either to maintain their customer's privacy, and be labelled as an evil, nasty,
non-cooperative provider that must therefore be guilty, by their very dint of
failure to prove their innocence; or, reveal their law-abiding,
legitimate client
information, and and then quickly lose those clients when they realize their
records are no longer considered private at that ISP.

If you have proof of clients engaging in illegal practices, then it is
appropriate
to go after those clients.  But leave the legitimate clients alone.

*putting down his pitchfork and torch, and walking away from the mob*

Matt

Re: InterCage, Inc. (NOT Atrivo)

[Jay R. Ashworth]

On Mon, Sep 08, 2008 at 11:09:09AM -0700, Scott Weeks wrote:
> --- [EMAIL PROTECTED] wrote:
> On Mon, 8 Sep 2008, Scott Weeks wrote:
> >
> > --- [EMAIL PROTECTED] wrote:
> >
> > Well, perhaps you can share any information with us on a legitimate client
> > you have?
> > --
> >
> > Now why do you have to go there?  Just to fan the flames for fun and 
> > profit?  :-(
> 
> 
> I haven't seen any flames, I've seen them claim they cleaned up, instead 
> of pointing out all their other bad clients, I am asking for a good one. 
> Should be easy enough to manufacture.
> -
> 
> Stop.  Please.

No, Scott.

You stop.

"Do you *have any legitimate clients* at all, or should we all be turning
our firehoses on *you* instead?" seems to be a perfectly valid question
in a circumstance like this; are you asserting otherwise?

Just because you don't like Gadi much does not mean that he doesn't ask
cogent questions... occasionally.  ;-)

Cheers,
-- jra
-- 
Jay R. Ashworth   Baylink  [EMAIL PROTECTED]
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274

 Those who cast the vote decide nothing.
 Those who count the vote decide everything.
   -- (Josef Stalin)

Re: InterCage, Inc. (NOT Atrivo)

[Jay R. Ashworth]

On Mon, Sep 08, 2008 at 11:30:49AM -0700, James Pleger wrote:
> However, what you have said in this topic has not been useful or
> brought anything that might be interesting to light at all. Please
> come back when you have something useful or productive to say.

And, again, yes he has.  Absent any evidence that the hoster in question
*has* lots of white customers as your employer does/did, then the
question is still on the table, as far as I can see.

Cheers,
-- jra
-- 
Jay R. Ashworth   Baylink  [EMAIL PROTECTED]
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274

 Those who cast the vote decide nothing.
 Those who count the vote decide everything.
   -- (Josef Stalin)

Re: InterCage, Inc. (NOT Atrivo)

[Eugeniu Patrascu]

Gadi Evron wrote:

On Mon, 8 Sep 2008, Scott Weeks wrote:



--- [EMAIL PROTECTED] wrote:
I am sure if I looked into it more I could find some exploits related
to the sites.
-


"Why software piracy might actually be good for companies."

Folks should clean their own house before pointing fingers at others...


My house may not be clean right now, but the cleaner is coming 
tomorrow. However, filth from their house is making my house smell. I 
am very happy they are willing to clean up, but it still smells for 
some reason.


Enough with analogies, you are making this discussion into a hostile 
environment for them to reply in.


What are you afraid of, anyway? Are you running a bullet-proof hosting 
farm?
Why should an ISP provide proof of the good behavior of their clients ? 
Or in your conuntry you're considered guilty until proven otherwise ?

Re: InterCage, Inc. (NOT Atrivo)

[list-nanog]

> Why should an ISP provide proof of the good behavior of their clients ? 
> Or in your conuntry you're considered guilty until proven otherwise ?

This is not a court. In court, if you are determined guilty a large punishment 
may be exacted (note: it's innocent until determined to be very likely guilty 
in criminal cases, innocent until probably guilty in civil cases); here, that 
is not the case.

They have a history of abuse; it's fair to be suspicious of them (why did they 
let the abuse last so long?) and ask for an example of a legitimate client. If 
they have a few, it should be easy to find one willing to be used as an example.

Re: InterCage, Inc. (NOT Atrivo)

[Tim Franklin]

On Thu, September 11, 2008 10:58 am, Eugeniu Patrascu wrote:

> Why should an ISP provide proof of the good behavior of their clients ?
> Or in your conuntry you're considered guilty until proven otherwise ?

Conversely, and sticking close to the 'clean house' metaphor, if someone
has a history of tramping mud into your carpets every previous time
they've visited, is it unreasonable to ask them to present clean shoes
before letting them into your house again?

Regards,
Tim.

Re: InterCage, Inc. (NOT Atrivo)

[Lamar Owen]

On Thursday 11 September 2008 06:23:29 [EMAIL PROTECTED] wrote:
> This is not a court. In court, if you are determined guilty a large
> punishment may be exacted

Depeering is not a large punishment?

In the internet world, mass depeering / de-transitting like we've see in this 
instance is akin to capital punishment.  By vigilantes.  The US Old West 
redux.

But even in a court of law in a criminal case a defense must be made, 
otherwise the least sort of evidence of culpability can produce conviction; 
the defendant must at least put on a defense to invalidate the culpatory 
evidence.  So when culpatory evidence is presented in these cases, requesting 
exculpatory evidence is very reasonable.

Lack of a defense in a civil case will virtually guarantee a favorable 
judgment for the plaintiff, however.

Re: InterCage, Inc. (NOT Atrivo)

[Colin Alston]

Lamar Owen wrote:
> Lack of a defense in a civil case will virtually guarantee a favorable 
> judgment for the plaintiff, however.
> 

Networks (at least in most countries) are 100% private entities who can
de-peer whoever they want for whatever reason they want.

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 11, 2008, at 8:50 AM, Lamar Owen wrote:

On Thursday 11 September 2008 06:23:29 [EMAIL PROTECTED] wrote:

This is not a court. In court, if you are determined guilty a large
punishment may be exacted


Depeering is not a large punishment?

In the internet world, mass depeering / de-transitting like we've  
see in this
instance is akin to capital punishment.  By vigilantes.  The US Old  
West

redux.


You are confused.

Connecting to my network is a PRIVILEGE, not a right.  You lose a  
criminal case, you lose rights (e.g. freedom to walk outside).   
Disconnecting you from my network is not denying any of your rights.


There is no law or even custom stopping me from asking you to prove  
you are worthy to connect to my network.  You don't want to prove it,  
that's your right, just as it is my right to not connect to you.


Mind if I ask why you think you have any right to connect to my  
network if I do not want you to do so?  For _any_ reason, including  
not showing me "legit" customers, political affiliation, or even the  
color of your hat?


--
TTFN,
patrick



But even in a court of law in a criminal case a defense must be made,
otherwise the least sort of evidence of culpability can produce  
conviction;
the defendant must at least put on a defense to invalidate the  
culpatory
evidence.  So when culpatory evidence is presented in these cases,  
requesting

exculpatory evidence is very reasonable.

Lack of a defense in a civil case will virtually guarantee a favorable
judgment for the plaintiff, however.

Re: InterCage, Inc. (NOT Atrivo)

[Randy Bush]

>> In the internet world, mass depeering / de-transitting like we've
>> see in this instance is akin to capital punishment.  By vigilantes.
>> The US Old West redux.
> Connecting to my network is a PRIVILEGE, not a right.  You lose a 
> criminal case, you lose rights (e.g. freedom to walk outside). 
> Disconnecting you from my network is not denying any of your rights.
> 
> There is no law or even custom stopping me from asking you to prove
> you are worthy to connect to my network.  You don't want to prove it,
> that's your right, just as it is my right to not connect to you.
> 
> Mind if I ask why you think you have any right to connect to my
> network if I do not want you to do so?  For _any_ reason, including
> not showing me "legit" customers, political affiliation, or even the
> color of your hat?

amidst all this high flyin' political theory discussion of rights, there
is an elephant in the room.  as conditions to merger/purchase, there
were legal restrictions placed on one or more significant operators
regarding [de-]peering (i.e. your statement above is significantly
incorrect).  my altzheimer's device tells me that those restrictions end
2008.12.31.  expect change.

randy

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 11, 2008, at 6:52 PM, Randy Bush wrote:


In the internet world, mass depeering / de-transitting like we've
see in this instance is akin to capital punishment.  By vigilantes.
The US Old West redux.

Connecting to my network is a PRIVILEGE, not a right.  You lose a
criminal case, you lose rights (e.g. freedom to walk outside).
Disconnecting you from my network is not denying any of your rights.

There is no law or even custom stopping me from asking you to prove
you are worthy to connect to my network.  You don't want to prove it,
that's your right, just as it is my right to not connect to you.

Mind if I ask why you think you have any right to connect to my
network if I do not want you to do so?  For _any_ reason, including
not showing me "legit" customers, political affiliation, or even the
color of your hat?


amidst all this high flyin' political theory discussion of rights,  
there

is an elephant in the room.  as conditions to merger/purchase, there
were legal restrictions placed on one or more significant operators
regarding [de-]peering (i.e. your statement above is significantly
incorrect).  my altzheimer's device tells me that those restrictions  
end

2008.12.31.  expect change.


The fact there is a temporary exception to the rule for two providers  
in the US who agreed to the exception for reasons other than peering /  
transit does not mean the rule is invalid.


As for (some of?) the exceptions expiring at the end of this calendar  
year, I'm not at all certain it will be a sea change.  Contrary to  
popular belief, the US is not the center of the Internet any more.   
And even if it were, those providers - even the two combined - are not  
the center of the US Internet.  Besides, wouldn't that just prove the  
rule anyway? :)


The 'Net has become much more egalitarian.  I would think that you of  
all people Randy would applaud the internationalization and flattening  
of the Internet.


--
TTFN,
patrick

RE: InterCage, Inc. (NOT Atrivo)

[Randy Epstein]

>amidst all this high flyin' political theory discussion of rights, there
>is an elephant in the room.  as conditions to merger/purchase, there
>were legal restrictions placed on one or more significant operators
>regarding [de-]peering (i.e. your statement above is significantly
>incorrect).  my altzheimer's device tells me that those restrictions end
>2008.12.31.  expect change.
>
>randy

SBC end-date is 2009-Dec-31.

Randy

Re: InterCage, Inc. (NOT Atrivo)

[Randy Bush]

>> amidst all this high flyin' political theory discussion of rights, there
>> is an elephant in the room.  as conditions to merger/purchase, there
>> were legal restrictions placed on one or more significant operators
>> regarding [de-]peering (i.e. your statement above is significantly
>> incorrect).  my altzheimer's device tells me that those restrictions end
>> 2008.12.31.  expect change.
> The fact there is a temporary exception to the rule for two providers in
> the US who agreed to the exception for reasons other than peering /
> transit does not mean the rule is invalid.

so sorry to have interrupted a deep discussion of political theory on
rights and unwritten rules with operational reality :)

randy

Re: InterCage, Inc. (NOT Atrivo)

[Lamar Owen]

On Thursday 11 September 2008 18:37:59 Patrick W. Gilmore wrote:
> On Sep 11, 2008, at 8:50 AM, Lamar Owen wrote:
> > On Thursday 11 September 2008 06:23:29 [EMAIL PROTECTED] wrote:
> >> This is not a court. In court, if you are determined guilty a large
> >> punishment may be exacted
> >
> > Depeering is not a large punishment?
> >
> > In the internet world, mass depeering / de-transitting like we've
> > see in this
> > instance is akin to capital punishment.  By vigilantes.  The US Old
> > West
> > redux.
>
> You are confused.

No, I'm not, actually.  As you say, it's every man (peer) for himself; is this 
not a digital analog to the dynamic of the Old West?

If I have either a peering agreement or a transit arrangement with a written 
contract, then that contract supports my 'rights' under that contract 
persuant to my responsibilities being fulfilled.  

But here on NANOG it sure looked like the gunfight at the OK Corral earlier as 
the posse went after the bad guys.  And, well, yes, the alleged 'bad guys' 
might have deserved the penalty.  But it was sure an interesting dynamic to 
watch.  Go back and read the whole thread; it is very enlightening.

But you don't have to get all defensive about it.

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 11, 2008, at 7:10 PM, Randy Bush wrote:

amidst all this high flyin' political theory discussion of rights,  
there

is an elephant in the room.  as conditions to merger/purchase, there
were legal restrictions placed on one or more significant operators
regarding [de-]peering (i.e. your statement above is significantly
incorrect).  my altzheimer's device tells me that those  
restrictions end

2008.12.31.  expect change.
The fact there is a temporary exception to the rule for two  
providers in

the US who agreed to the exception for reasons other than peering /
transit does not mean the rule is invalid.


so sorry to have interrupted a deep discussion of political theory on
rights and unwritten rules with operational reality :)


Cute. :-)

But the "operational reality" is that you have no real expectation of  
connectivity to any other network.


--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 11, 2008, at 9:11 PM, Lamar Owen wrote:

On Thursday 11 September 2008 18:37:59 Patrick W. Gilmore wrote:

On Sep 11, 2008, at 8:50 AM, Lamar Owen wrote:

On Thursday 11 September 2008 06:23:29 [EMAIL PROTECTED] wrote:

This is not a court. In court, if you are determined guilty a large
punishment may be exacted


Depeering is not a large punishment?

In the internet world, mass depeering / de-transitting like we've
see in this
instance is akin to capital punishment.  By vigilantes.  The US Old
West
redux.


You are confused.


No, I'm not, actually.


We disagree.



As you say, it's every man (peer) for himself; is this
not a digital analog to the dynamic of the Old West?

If I have either a peering agreement or a transit arrangement with a  
written

contract, then that contract supports my 'rights' under that contract
persuant to my responsibilities being fulfilled.


If you had ever read a peering agreement, you would know they contain  
no guarantees of connectivity.  Your rights are actually set forth as  
to what you may not do (e.g. point default), not what you may do (e.g.  
connect to me).  Well, unless you include "disconnect from me" as a  
right.


As for transit agreements, note that the network in question was  
kicked off both its transit providers in essentially nothing flat, so  
they obviously are not guaranteed either.  (Not to mention at least  
two more the transit providers previous to this thread.)



But here on NANOG it sure looked like the gunfight at the OK Corral  
earlier as
the posse went after the bad guys.  And, well, yes, the alleged 'bad  
guys'
might have deserved the penalty.  But it was sure an interesting  
dynamic to

watch.  Go back and read the whole thread; it is very enlightening.


Perhaps you should read up more on the "alleged" bad guys.  I like to  
think of myself as a very open minded person, but child pr0n tends to  
upset essentially everyone.  (And no, we are not talking 17 year olds,  
or even teenagers.)




But you don't have to get all defensive about it.


Not defensive, educational.

From the tone and content of your posts, I made the - perhaps  
erroneous - assumption you were unclear on how and why networks  
interconnected.  But to try and verify my assumption, I asked you a  
question, which you ignored:


Mind if I ask why you think you have any right to connect to my  
network if I do not want you to do so?


Although you verified my assumption anyway (see point you tried to  
make about peering agreements above).  That said, I like to understand  
the root of your confusion, so I am still interested in your answer.


--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Randy Bush]

> But here on NANOG it sure looked like the gunfight at the OK Corral
> earlier as the posse went after the bad guys.

we do not lack in self-righteousness or vigilanteism.  and we seem to be
wannabe lawyers, economists, and sociologists, though only the $dieties
can guess why.

as the industry has become more and more commoditized, the 'grey people'
occupy most of middle management and sadly often senior management.  our
arrogance does not earn us creds with these folk, with customers, or
with our peers [0].

it is sadly telling that  is our major archive of
tools and techniques of the operators' trade (yes, i think it is a
trade), and it is not even well-linked from other sites.  compare this
to other trades or engineering disciplines.

randy

--

[0] - http://www.merit.edu/mail.archives/nanog/2000-08/msg00087.html

Re: InterCage, Inc. (NOT Atrivo)

[Lamar Owen]

[On-list comment.  Off-list comments longer.]

On Thursday 11 September 2008 22:23:35 Patrick W. Gilmore wrote:
> > If I have either a peering agreement or a transit arrangement with a
> > written
> > contract, then that contract supports my 'rights' under that contract
> > persuant to my responsibilities being fulfilled.

> If you had ever read a peering agreement, 

I have; see this publicly available peering agreement [0], where in clause 9 
we find the wording "Neither party shall assign its rights under this 
Agreement without the prior written consent of the other party."  In clause 5 
we find the wording "If ... there are significant breaches of the conditions 
of this agreement, both parties reserve the right unilaterally to immediately 
terminate the agreement ..."  See what lies under the points of ellipsis by 
reading the whole (2.5 page) agreement; it is succinct, clear, and a great 
model.

Drifting off-topic; my participation in this thread terminated, unilaterally.

[0] - http://www.vix.at/vix-aconet-pa.html (PDF)

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 12, 2008, at 1:42 AM, Lamar Owen wrote:


[On-list comment.  Off-list comments longer.]

On Thursday 11 September 2008 22:23:35 Patrick W. Gilmore wrote:

If I have either a peering agreement or a transit arrangement with a
written
contract, then that contract supports my 'rights' under that  
contract

persuant to my responsibilities being fulfilled.



If you had ever read a peering agreement,


I have; see this publicly available peering agreement [0], where in  
clause 9

we find the wording "Neither party shall assign its rights under this
Agreement without the prior written consent of the other party."  In  
clause 5
we find the wording "If ... there are significant breaches of the  
conditions
of this agreement, both parties reserve the right unilaterally to  
immediately
terminate the agreement ..."  See what lies under the points of  
ellipsis by
reading the whole (2.5 page) agreement; it is succinct, clear, and a  
great

model.

Drifting off-topic; my participation in this thread terminated,  
unilaterally.


Actually, peering is on-topic.  I'm sure there are many others out  
there who are just as unaware of how things work on the Internet as  
you are.  That said, I'm not sure how many of them can read a peering  
agreement come to the conclusion that you then have a "right" to  
connect to my network.


Going back a bit in case you forgot, we were discussing the fact you  
have NO RIGHT to connect to my network, it is a privilege, not a  
right.  You responded with: "If I have either a peering agreement ...  
then that contract supports my 'rights' under that contract persuant  
to my responsibilities being fulfilled."  Then you posted this  
contract as an example of those "rights".  From the contract you claim  
to be "a great model":



Each party’s entire liability and sole remedies, whether in contract  
or in tort, in respect of any default
shall be as set out in this Clause or Clause 5. Each party’s remedies  
against the other in respect of any
default shall be limited to damages and/or termination of this  
agreement.



I guess you could argue you have a right - at least until I type  
"shut" on your BGP sessions.  Then your rights end.


I need no reasoning to do this.  None.  And your recourse once I have  
done this is  Hrmm, it seems your only recourse is to type "shut"  
on your side of the session.  Yeah, lots of rights there.


Now, in practice, it is poor manners, and poor business judgement to  
shut someone off without notice.  It hurts your customers and mine,  
and puts a very large strain on any other business dealings we have in  
progress or might have in the future.  But manners and business deals  
are not rights.  That should be plainly obvious to you (I hope).



Oh, and I notice you ignored my question, again.  I won't bother copy/ 
pasting it here just to have you continue to ignore it, I think the  
audience gets the point - you don't have an answer.


--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 12, 2008, at 1:43 PM, Patrick W. Gilmore wrote:

Oh, and I notice you ignored my question, again.  I won't bother  
copy/pasting it here just to have you continue to ignore it, I think  
the audience gets the point - you don't have an answer.


In fairness, he sent me an answer privately.  Sorry, I didn't see that  
before I sent my on-list reply.


--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Steve Gibbard]

On Fri, 12 Sep 2008, Patrick W. Gilmore wrote:

Going back a bit in case you forgot, we were discussing the fact you have NO 
RIGHT to connect to my network, it is a privilege, not a right.  You 
responded with: "If I have either a peering agreement ... then that contract 
supports my 'rights' under that contract persuant to my responsibilities 
being fulfilled."  Then you posted this contract as an example of those 
"rights".  From the contract you claim to be "a great model":


Calm down, Patrick. :)

It's probably correct that any individual player in this industry not 
under other regulatory restrictions can refuse to do business with 
somebody they don't like, sometimes.  For the industry as a whole to make 
a group decision to not do business with somebody who may be a competitor 
seems more legally risky.  Engaging in that sort of thing without getting 
some good legal advice first would certainly make me nervous.


Since this appears to be somebody who is contracting with lots of US 
providers, their identity is presumably known.  This discussion has now 
been going on for long enough that it's presumably passed the emergency, 
"act now; think later," phase.  Should what they're doing be a law 
enforcement issue, rather than a "they've got cooties" issue?


-Steve

Re: InterCage, Inc. (NOT Atrivo)

[Gadi Evron]

On Fri, 12 Sep 2008, Steve Gibbard wrote:

On Fri, 12 Sep 2008, Patrick W. Gilmore wrote:
Since this appears to be somebody who is contracting with lots of US 
providers, their identity is presumably known.  This discussion has now been 
going on for long enough that it's presumably passed the emergency, "act now; 
think later," phase.  Should what they're doing be a law enforcement issue, 
rather than a "they've got cooties" issue?


It wasn't an emergency except a PR emergency for the transit providers.

As to a law enforcement issue, it probably is for 4 years now... which 
comes to show why we are the ones protecting the network. They will 
probably become more useful in the future.


Gadi.



-Steve

Re: InterCage, Inc. (NOT Atrivo)

[Christopher Morrow]

On 9/12/08, Steve Gibbard <[EMAIL PROTECTED]> wrote:

>  It's probably correct that any individual player in this industry not under
> other regulatory restrictions can refuse to do business with somebody they
> don't like, sometimes.  For the industry as a whole to make a group decision
> to not do business with somebody who may be a competitor seems more legally
> risky.  Engaging in that sort of thing without getting some good legal
> advice first would certainly make me nervous.

the perception of collusion is interesting, I don't necessarily think
it's happening here, but ianal (as patrick would say). What is
happening here is that instead of a bunch of random 'hey something
wierd is going on with that host over yonder' or 'wow that network has
a lot of bad stuff on it today' someone succinctly put down in an open
and public place the list of things that is going on and references to
how bad it may actually be. So, instead of (for one example)
GBLX-abuse getting onsey/twosy 'crazy guy' tickets/emails they have a
chance to now correlate their internal info against abuse@ and other
things and take some action.

I don't know that that's the case with GBLX in this case, but I know
at previous places of employment having lots of odd ranty emails never
really helped. Having succint collections of info about a problem
would make it simpler to address with management/bean-counters/lawyers
and propose reasonable action(s) against the offendors.

>
>  Since this appears to be somebody who is contracting with lots of US

well, at least 2, only one 'large'... other smaller folks may have been:
1) too busy fighting their own fires to worry about someone paying
ontime and (possibly) addressing abuse@ issues in a 'timely' fashion.
(from the abuse@ queue it's not necessarily easy to tell that badip1
shifted to newip2 when you sent the complaint to the downstream,
especially if you are already overwelmed with other fires)

2) too interested in the bills getting paid

3) unaware for a variety of reasons who their new customer really is/was

> now; think later," phase.  Should what they're doing be a law enforcement
> issue, rather than a "they've got cooties" issue?

with this particular network I've wondered this same thing for 4+
years. They were most obviously doing very bad things for a long
period of time, at no time was there an reasonable LEA action taken
that was evident form the outside. It's possible that with the forest
of issues LEA is dealing with on the Intertubes they just aren't
putting 1+1+2 together often enough and realizing there is a fairly
clear pattern of criminal activity eminating from the same general
place.

For instance, I've corrected many folks on many occasions who've said:
"Oh that badness is coming from the Ukraine... see the whois' info
here:"

organisation:   ORG-UL25-RIPE
org-name:   UkrTeleGroup Ltd.
org-type:   LIR
address:UkrTeleGroup Ltd.
Mechnikova 58/5
65029 Odessa
Ukraine

Really? why does it traceroute to SFO then and die there on a host??
Why is it routed to a leaf AS in the US with a presence only in a
single facility (200 Paul)?? I know of only a few folks who've put all
of the pieces together in a reasonable package, and I don't think they
can hand it all over (especially since it's not much good 2-3 weeks
after the package is gathered due to the shifting sands of tubage) to
LEA without it falling into the 'agent of LEA' part of evidence
gathering :(

Plus, LEA has to put priority on this sort of thing, and with so much
going on I get the feeling focus is hard to accomplish...

(I'd love to be proven wrong of course..)

-Chris

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

On Sep 12, 2008, at 3:02 PM, Steve Gibbard wrote:

On Fri, 12 Sep 2008, Patrick W. Gilmore wrote:

Going back a bit in case you forgot, we were discussing the fact  
you have NO RIGHT to connect to my network, it is a privilege, not  
a right.  You responded with: "If I have either a peering  
agreement ... then that contract supports my 'rights' under that  
contract persuant to my responsibilities being fulfilled."  Then  
you posted this contract as an example of those "rights".  From the  
contract you claim to be "a great model":


It's probably correct that any individual player in this industry  
not under other regulatory restrictions can refuse to do business  
with somebody they don't like, sometimes.


Probably?


For the industry as a whole to make a group decision to not do  
business with somebody who may be a competitor seems more legally  
risky.  Engaging in that sort of thing without getting some good  
legal advice first would certainly make me nervous.


"The industry as a whole"?

And who in their right minds considers Atrivo or InterCage a  
competitor?  Are you upset at InterCage for lost child pr0n customers?



Since this appears to be somebody who is contracting with lots of US  
providers, their identity is presumably known.  This discussion has  
now been going on for long enough that it's presumably passed the  
emergency, "act now; think later," phase.  Should what they're doing  
be a law enforcement issue, rather than a "they've got cooties" issue?


You have been around more than long enough to know better than that  
Steve.


And you should be more consistent.  Is this a US problem or an  
Internet problem?


--
TTFN,
patrick

Re: InterCage, Inc. (NOT Atrivo)

[Justin Shore]

Patrick W. Gilmore wrote:
There is no law or even custom stopping me from asking you to prove you 
are worthy to connect to my network.  


There may not be a law preventing you from asking him for proof of 
legitimate customers, but there is a law preventing him from answering 
you.  Google for CPNI and "red flag".


Justin

Re: InterCage, Inc. (NOT Atrivo)

[Patrick W. Gilmore]

That does not stop me from asking.  Also, I've never seen a viable,  
legit biz that didn't have at least a couple customers who were  
willing to let their name be used.


--
TTFN,
patrick

iPhone 3-J
(That's 3-Jezuz for the uninitiated.)

On Sep 22, 2008, at 18:00, Justin Shore <[EMAIL PROTECTED]> wrote:


Patrick W. Gilmore wrote:
There is no law or even custom stopping me from asking you to prove  
you are worthy to connect to my network.


There may not be a law preventing you from asking him for proof of  
legitimate customers, but there is a law preventing him from  
answering you.  Google for CPNI and "red flag".


Justin

Re: InterCage, Inc. (NOT Atrivo)

[Valdis . Kletnieks]

On Mon, 22 Sep 2008 17:00:35 CDT, Justin Shore said:

> There may not be a law preventing you from asking him for proof of 
> legitimate customers, but there is a law preventing him from answering 
> you.  Google for CPNI and "red flag".

Hmm... I'm not sure how "Yes, XYZ is a customer of mine" qualifies as
a "red flag" question for identity theft.  I'm also not sure how "XYZ is
a customer" qualifies as CPNI, which (according to the first few pages of
Google hits) comprises things like calling/billing records.

http://www.privacyalerts.org/phone-records.html says:
For clarity, a "record" in this section is the same thing as a "call log" or a
"text log." A "phone record" typically includes: date, time, sender geographic
location, recipient phone number, recipient geographic location, and duration
of call. A "text record" includes: date, time, and recipient phone number.

Nope. Doesn't seem like "xyz is a customer" qualifies there...

http://www.ipbusinessmag.com/articles.php?issue_id=63&article_id=387 says:

Space does not permit an extended review of the FTC rules here, but they apply
to "creditors" who maintain ongoing accounts with customers for repeated
transactions. Cell phone accounts are offered by the rules as one example of a
"covered" account which is subject to the rules. If a business maintains such
"covered accounts" it must comply with the new rules to prevent identity theft
of its account holders.

Hmm... "xyz is a customer" doesn't seem to run afoul of that either.

Feel free to enlighten me about what I missed here?



pgpNGkggWH3um.pgp
Description: PGP signature

Re: InterCage, Inc. (NOT Atrivo)

[Justin Shore]

[EMAIL PROTECTED] wrote:

On Mon, 22 Sep 2008 17:00:35 CDT, Justin Shore said:

There may not be a law preventing you from asking him for proof of 
legitimate customers, but there is a law preventing him from answering 
you.  Google for CPNI and "red flag".


Hmm... I'm not sure how "Yes, XYZ is a customer of mine" qualifies as
a "red flag" question for identity theft.  I'm also not sure how "XYZ is
a customer" qualifies as CPNI, which (according to the first few pages of
Google hits) comprises things like calling/billing records.

Nope. Doesn't seem like "xyz is a customer" qualifies there...

Hmm... "xyz is a customer" doesn't seem to run afoul of that either.

Feel free to enlighten me about what I missed here?


Given the unfortunate vagueness of the FCC on their directive, 
consultants have interpreted CPNI differently and have given their 
customers (SP and CS organizations) wildly varying instructions. 
However every interpretation that I've been privy to extends far beyond 
call records like many people believe CPNI is limited to.  Our CPNI 
consultants instructed us to not even reveal that Company X is a 
customer (which is laughable given the size of the communities we serve, 
but I digress).  They did however tell us that we can trust all phone 
numbers listed on an account both for instant information providing and 
for callbacks.  Cox's interpretation is that only the primary number 
listed on the account is valid for callbacks and that the PIN is 
required regardless (something our consultants told us was only required 
if the caller couldn't be reached on a valid callback number). 
Everybody has different instructions to work with.


To answer the question the list is asking, the SP isn't simply stating 
that Company X is a customer of SP ABC.  They are stating that Company X 
is a customer and that they believe Company X is a valid, not malicious 
customer in good standing.  While that's not a call record that implies 
certain things about Company X's relationship with the SP.  They 
essentially stating that they haven't received spam or other abuse 
complaints regarding the customer.  They're implying that they are a 
customer in good standing.  That could even be construed to imply that 
their account is in good standing.  That's more than just saying that 
Company X is a customer of SP ABC.  Our consultants advised us against 
saying anything of the sort.  Think of it like HIPAA for SPs.


It's splitting hairs but that's the unfortunate situation that CPNI has 
put all of us in.  Instead of a common sense response we get to deal 
with the knee-jerk response from the FCC thanks chiefly to the Patty 
Dunn scandal.


Justin