Re: Security Fix: Updates on Atrivo/Intercage

[cracker () gmail com]

Just added the following to the blog:

*Update, Monday, Sept 8, 12:00 p.m. ET:* *Todd Braning*, vice president of
BandCon, just e-mailed me to say that BandCon also has stopped providing
connectivity to Atrivo/Intercage. From his e-mail: "Intercage, a new
customer, was connected to the BandCon Network for total of about a week.
Once we recognized and issue with Intercage, BandCon took immediate action
and terminated services. We are no longer providing services to AS27595.
This can be confirmed
here<http://www.cidr-report.org/cgi-bin/as-report?as=27595&view=2.0>."

WVFiber is the only company still providing direct connectivity to Atrivo,
and as stated before they plan to pull the plug by Thursday at the latest,
so it appears that Atrivo will have to find another network provider or it
will very soon cease to be reachable on the Internet.

On Mon, Sep 8, 2008 at 11:05 AM, <cracker () gmail com> wrote:

> Just heard from Bandcon. They claim they have also stopped routing for
> Intercage/Atrivo, but for whatever reason the route tables don't reflect
> that yet b/c of some problem with their routers. Anyway, it appears now that
> WVFiber is the only one keeping Atrivo on the Web, and they're set to cut
> them off by Thurs. at the latest.
>
>
> On Mon, Sep 8, 2008 at 8:55 AM, Matt Jonkman <jonkman () jonkmans com> wrote:
>
> > Definitely (finally) a mark in the win column for the good guys!!!
> >
> > Matt
> >
> > Paul Ferguson wrote:
> > > Brian Krebs add some late updates to his "Security Fix" article
> > > from Friday 5 September 2008:
> > >
> > > [snip]
> > >
> > > Update, Sunday, Sept. 7, 8:02 p.m.: I spoke today with Randy Epstein,
> > > president of WVFiber and co-founder of Host.net, which acquired WVFiber
> > > just six weeks ago. Epstein said after reading reports from Security
> > Fix,
> > > Hostexploit.com, Spamhaus.org and others about cyber crime activities at
> > > Atrivo, WVFiber has decided to drop Atrivo as a customer. WVFiber plans
> > to
> > > stop providing upstream connectivity to Atrivo by Wednesday or Thursday
> > at
> > > the latest, Epstein said. That would leave Atrivo with just a single
> > > upstream provider -- Bandcon.
> > >
> > > Update, Sunday, Sept. 7, 9:15 p.m.: nLayer Communications, a company
> > that
> > > owns a significant slice of the Internet addresses used by
> > > Atrivo/Intercage, is demanding that Atrivo vacate the space and return
> > the
> > > addresses by Sept 30.
> > >
> > > "Atrivo/Intercage has not been a direct customer of nLayer
> > Communications
> > > since December 2007, but they still have some legacy reallocations from
> > our
> > > IP space," wrote nLayer co-founder Richard A. Steenbergen, in an e-mail
> > to
> > > Security Fix. "Since they are no longer a customer, we require that they
> > > return our non-portable IP space, and have given them a deadline of
> > > September 30th to do so. If the IP space is not returned by that point,
> > we
> > > will follow standard procedure to reclaim it, including null routing the
> > > space, and sending cease and desist letters to any network who still
> > > transits it without our permission."
> > >
> > > According to Steenbergen, Atrivo/Intercage must return roughly 7,400 IP
> > > addresses.
> > >
> > > [snip]
> > >
> > > Ref:
> > http://voices.washingtonpost.com/securityfix/2008/09/scam-heavy_us_isp_grow
> > > s_more_i.html
> > >
> > > FYI,
> > >
> > > - ferg
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  Engineering Architecture for the Internet
> >  fergdawg(at)netzero.net
> >  ferg's tech blog: http://fergdawg.blogspot.com/
> >
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
> >
> > --
> > --------------------------------------------
> > Matthew Jonkman
> > Emerging Threats
> > Phone 765-429-0398
> > Fax 312-264-0205
> > http://www.emergingthreats.net
> > --------------------------------------------
> >
> > PGP: http://www.jonkmans.com/mattjonkman.asc
> >
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.