YAY! Re: Atrivo/Intercage: NO Upstream depeer

Wed Sep 24 05:13:53 UTC 2008

Hello Paul,

Those are their IP Blocks. We were simply routing them, as they were our client.
They've owned these blocks for quite a while. They seem to have moved that after a day of being down.

I haven't been monitoring their blocks, and made the decision Sunday Night that they were no longer going to be allowed on our network.
I believe the blocks your referring to are their 85.255 Blocks? Registered to "InHoster". I believe those prefixes are an entity of their's, though I don't know for sure. Perhaps ask them?
Cernel is their own ASN. It's not associated with our company.

Thank you for your time. Have a great day. 
---
Russell Mitchell

InterCage, Inc.

----- Original Message ----
From: Paul Ferguson <fergdawgster at gmail.com>
To: Russell Mitchell <russm2k8 at yahoo.com>
Cc: nanog at nanog.org
Sent: Tuesday, September 23, 2008 9:22:03 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Russ,

While I think that is great and everything, can you explain why Cernel is
now originating prefixes which were originally originated by
Atrivo/Intercage?

I'd be curious as to your explanation.

Thanks,

- - ferg

On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8 at yahoo.com>
wrote:
> Apologies, Yahoo was set to "Rich Text" :(
>
> -----
>
> Hello All,
>
> It seems you all missed the memo.As of about 11PM PST
> Last night 09/22/08, Esthost has been ENTIRELY Shutdown.
> They no longer have ANY Machine on my network.
>
> I'm currently starting to monitor some of the public media, such as
> google, DroneBL, as well as several Anti-Malware community websites for
> abuse. Being that Esthost is now entirely GONE, we should not have any
> further issues. In the case that something does arise, such as an
> exploited host, we're currently developing a game plan for response to
> the issues.
>
> To make the best effort towards combatting abuse on our network, here's
> what I have planned so far for ANY Type of abuse: Step 1, Suspend Power
> to the affected machine.
> Step 2, Call/Email the client whom the affected machine is leased to.
> Step 3, Allow the client the option to investigate the machine further
> (Nullroute access via KVM)= Step 4, Verify the reported content, domain,
> user, or exploit is patched/eliminated from the machine. Step 5, Remove
> the Nullroute. Allow the machine to return to the network.
>
> Any comments? This is the result of a zero tolerance policy regarding
> abuse.
>
> If it's clear that the server owner is the cause of the abusive material
> etc, the client will then be immediately cancelled. No questions. It
> seems that this approach will be the best supported by the anti-abuse
> communities, so please let me know your input.
>
> Thank you for your time. Have a great day.
>
> ---
> Russell Mitchell
> InterCage, Inc.
>
>
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFI2cBUq1pz9mNUZTMRAtbAAJwKk/H/9Pz4YelIgnYvtuCCDhmuswCfcrfV
PTUD/SyPo8+zHpACucRPqk4=
=+rwg
-----END PGP SIGNATURE-----

-- 
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawgster(at)gmail.com
ferg's tech blog: http://fergdawg.blogspot.com/