funsec mailing list archives

Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd)

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 29 Aug 2008 15:20:30 -0500 (CDT)

fyi.

Thoughts?

---------- Forwarded message ----------
Date: Fri, 29 Aug 2008 15:02:25 -0500 (CDT)
From: Gadi Evron <ge () linuxbox org>
To: nanog
Subject: Washington Post: Atrivo/Intercage,
     why are we peering with the American RBN?

Hi all.

This Washington Post story came out today:
http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html

In it, Brian Krebs discusses the SF Bay Area based Atrivo/Intercage, which has 
been long named as a bad actor, accused of shuffling abuse reports to different 
IP addresses and hosting criminals en masse, compared often to RBN in 
maliciousness. "The American RBN", if you like.

1. I realize this is a problematic issue, but when it is clear a network is so 
evil (as the story suggests they are), why are we still peering with them? Who 
currently provides them with transit? Are they aware of this news story?

If Lycos' make spam not war, and Blue Security's blue frog were ran out of 
hosting continually, this has been done before to some extent. This network is 
not in Russia or China, but in the silicon valley.

2. On a different note, why is anyone still accepting their route 
announcements? I know some among us re-route RBN traffic to protect users. Do 
you see this as a valid solution for your networks?

What ASNs belong to Atrivo, anyway?

Anyone has more details as to the apparent evilness of Atrivo/Intercage, who 
can verify these reports? As researched as they are, and my personal experience 
aside, I'd like some more data before coming to conclusions.

Hostexploit released a document [PDF] on this very network, just now, which is 
helpful:
http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemid=15

        Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd) Gadi Evron (Aug 29)
- Re: Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd) Jon Kibler (Aug 29)
- <Possible follow-ups>
- Re: Washington Post: Atrivo/Intercage, why are we peering with the American RBN? (fwd) Gadi Evron (Aug 29)