funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Fix: Updates on Atrivo/Intercage

From: cracker () gmail com
Date: Mon, 8 Sep 2008 11:05:28 -0400
Just heard from Bandcon. They claim they have also stopped routing for
Intercage/Atrivo, but for whatever reason the route tables don't reflect
that yet b/c of some problem with their routers. Anyway, it appears now that
WVFiber is the only one keeping Atrivo on the Web, and they're set to cut
them off by Thurs. at the latest.

On Mon, Sep 8, 2008 at 8:55 AM, Matt Jonkman <jonkman () jonkmans com> wrote:


Definitely (finally) a mark in the win column for the good guys!!!

Matt

Paul Ferguson wrote:

Brian Krebs add some late updates to his "Security Fix" article
from Friday 5 September 2008:

[snip]

Update, Sunday, Sept. 7, 8:02 p.m.: I spoke today with Randy Epstein,
president of WVFiber and co-founder of Host.net, which acquired WVFiber
just six weeks ago. Epstein said after reading reports from Security Fix,
Hostexploit.com, Spamhaus.org and others about cyber crime activities at
Atrivo, WVFiber has decided to drop Atrivo as a customer. WVFiber plans

to

stop providing upstream connectivity to Atrivo by Wednesday or Thursday

at

the latest, Epstein said. That would leave Atrivo with just a single
upstream provider -- Bandcon.

Update, Sunday, Sept. 7, 9:15 p.m.: nLayer Communications, a company that
owns a significant slice of the Internet addresses used by
Atrivo/Intercage, is demanding that Atrivo vacate the space and return

the

addresses by Sept 30.

"Atrivo/Intercage has not been a direct customer of nLayer Communications
since December 2007, but they still have some legacy reallocations from

our

IP space," wrote nLayer co-founder Richard A. Steenbergen, in an e-mail

to

Security Fix. "Since they are no longer a customer, we require that they
return our non-portable IP space, and have given them a deadline of
September 30th to do so. If the IP space is not returned by that point,

we

will follow standard procedure to reclaim it, including null routing the
space, and sending cease and desist letters to any network who still
transits it without our permission."

According to Steenbergen, Atrivo/Intercage must return roughly 7,400 IP
addresses.

[snip]

Ref:


http://voices.washingtonpost.com/securityfix/2008/09/scam-heavy_us_isp_grow

s_more_i.html

FYI,

- ferg



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: