YAY! Re: Atrivo/Intercage: NO Upstream depeer

Christopher Morrow christopher.morrow at gmail.com
Tue Sep 23 22:21:03 CDT 2008


please to not email in html format... yikes! Russ, could you re-mail
whatever content you just sent, in plain text?

On Tue, Sep 23, 2008 at 11:07 PM, Russell Mitchell <russm2k8 at yahoo.com> wrote:
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary="0-593512929-1222225655=:9145"
>
> --0-593512929-1222225655=:9145
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> Hello All,=0A=A0=0AIt seems you all missed the memo.=0AAs of about 11PM PST=
>  Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer ha=
> ve ANY Machine on my network.=0A=A0=0AI'm currently starting to monitor som=
> e of the public media, such as google, DroneBL, as well as several Anti-Mal=
> ware community websites for abuse.=0A=A0=0ABeing that Esthost is now entire=
> ly GONE, we should not have any further issues.=0AIn the case that somethin=
> g=A0does arise, such as an exploited host, we're currently developing a gam=
> e plan for=A0response to=A0the issues.=0ATo make the best effort towards co=
> mbatting=A0abuse on our network, here's what I have planned so far for ANY =
> Type of abuse:=0AStep 1,=A0Suspend Power to the affected machine.=0AStep 2,=
>  Call/Email the client whom the affected machine is leased to.=0AStep 3, Al=
> low the client=A0the option to=A0investigate the machine further (Nullroute=
>  access via KVM)=0AStep=A04, Verify the=A0reported content, domain, user, o=
> r exploit=A0is patched/eliminated from the machine.=0AStep 5,=A0Remove the =
> Nullroute. Allow the machine to return to the network.=0A=A0=0AAny comments=
> ? =0A=A0=0AThis is=A0the result of a zero tolerance policy regarding abuse.=
>  If it's clear that the server owner is the cause of the abusive material e=
> tc, the client will then be immediately cancelled. No questions.=A0=0A=0A=
> =0AIt seems that this approach will be the best supported by the anti-abuse=
>  communities, so please let me know your input.=0A=0AThank you for your tim=
> e. Have a great day.=0A=A0---=0ARussell Mitchell=0A=0AInterCage, Inc.=0A=0A=
> =0A=0A----- Original Message ----=0AFrom: Paul Wall <pauldotwall at gmail.com>=
> =0ATo: Mark Foo <mark.foo.dog at gmail.com>=0ACc: nanog at nanog.org=0ASent: Tues=
> day, September 23, 2008 5:46:58 PM=0ASubject: Re: YAY! Re: Atrivo/Intercage=
> : NO Upstream depeer=0A=0AHold the rejoicing, Atrivo is back, this time on =
> UnitedLayer.=0A=0AI'd contact them, only they seem to change CTOs every mon=
> th or two,=0Adoes anybody know who's currently in charge?=0A=0AThank you, a=
> nd Drive Slow,=0APaul Wall=0A=0A=0A
> --0-593512929-1222225655=:9145
> Content-Type: text/html; charset=us-ascii
>
> <html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><P>Hello All,</P>
> <P> </P>
> <P>It seems you all missed the memo.<BR>As of about 11PM PST Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer have ANY Machine on my network.</P>
> <P> </P>
> <P>I'm currently starting to monitor some of the public media, such as google, DroneBL, as well as several Anti-Malware community websites for abuse.</P>
> <P> </P>
> <P>Being that Esthost is now entirely GONE, we should not have any further issues.</P>
> <P>In the case that something does arise, such as an exploited host, we're currently developing a game plan for response to the issues.</P>
> <P>To make the best effort towards combatting abuse on our network, here's what I have planned so far for ANY Type of abuse:</P>
> <P>Step 1, Suspend Power to the affected machine.</P>
> <P>Step 2, Call/Email the client whom the affected machine is leased to.</P>
> <P>Step 3, Allow the client the option to investigate the machine further (Nullroute access via KVM)</P>
> <P>Step 4, Verify the reported content, domain, user, or exploit is patched/eliminated from the machine.</P>
> <P>Step 5, Remove the Nullroute. Allow the machine to return to the network.</P>
> <P> </P>
> <P>Any comments? </P>
> <P> </P>
> <P>This is the result of a zero tolerance policy regarding abuse. If it's clear that the server owner is the cause of the abusive material etc, the client will then be immediately cancelled. No questions. </P>
> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
> <DIV></DIV>
> <DIV> </DIV>
> <DIV>It seems that this approach will be the best supported by the anti-abuse communities, so please let me know your input.</DIV>
> <DIV> </DIV>
> <DIV>Thank you for your time. Have a great day.<BR> </DIV>---<BR>Russell Mitchell<BR>
> <DIV>InterCage, Inc.<BR></DIV>
> <DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR>
> <DIV style="FONT-SIZE: 13px; FONT-FAMILY: arial, helvetica, sans-serif">----- Original Message ----<BR>From: Paul Wall <pauldotwall at gmail.com><BR>To: Mark Foo <mark.foo.dog at gmail.com><BR>Cc: nanog at nanog.org<BR>Sent: Tuesday, September 23, 2008 5:46:58 PM<BR>Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer<BR><BR>Hold the rejoicing, Atrivo is back, this time on UnitedLayer.<BR><BR>I'd contact them, only they seem to change CTOs every month or two,<BR>does anybody know who's currently in charge?<BR><BR>Thank you, and Drive Slow,<BR>Paul Wall<BR><BR></DIV></DIV></DIV></div><br>
>
>      </body></html>
> --0-593512929-1222225655=:9145--
>
>
>




More information about the NANOG mailing list