Washington Post: Atrivo/Intercage, why are we peering with the American RBN?

Gadi Evron ge at linuxbox.org
Fri Aug 29 18:14:48 CDT 2008


On Fri, 29 Aug 2008, Marc Sachs wrote:
> Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
> good-bye to Atrivo/Intercage), it looks like they are no longer their
> upstream:
>
> http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0

Current peers:
http://cidr-report.org/cgi-bin/as-report?as=AS19151 (just purchased by 
Host.net)
http://cidr-report.org/cgi-bin/as-report?as=AS26769




> Marc
> SANS ISC
>
>
> -----Original Message-----
> From: Gadi Evron [mailto:ge at linuxbox.org]
> Sent: Friday, August 29, 2008 4:02 PM
> To: nanog at merit.edu
> Subject: Washington Post: Atrivo/Intercage, why are we peering with the
> American RBN?
>
> Hi all.
>
> This Washington Post story came out today:
> http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as
> _major.html
>
> In it, Brian Krebs discusses the SF Bay Area based Atrivo/Intercage, which
> has been long named as a bad actor, accused of shuffling abuse reports to
> different IP addresses and hosting criminals en masse, compared often to
> RBN in maliciousness. "The American RBN", if you like.
>
> 1. I realize this is a problematic issue, but when it is clear a network
> is so evil (as the story suggests they are), why are we still peering with
> them? Who currently provides them with transit? Are they aware of this
> news story?
>
> If Lycos' make spam not war, and Blue Security's blue frog were ran out of
> hosting continually, this has been done before to some extent. This
> network is not in Russia or China, but in the silicon valley.
>
> 2. On a different note, why is anyone still accepting their route
> announcements? I know some among us re-route RBN traffic to protect users.
> Do you see this as a valid solution for your networks?
>
> What ASNs belong to Atrivo, anyway?
>
> Anyone has more details as to the apparent evilness of Atrivo/Intercage,
> who can verify these reports? As researched as they are, and my personal
> experience aside, I'd like some more data before coming to conclusions.
>
> Hostexploit released a document [PDF] on this very network, just now,
> which is helpful:
> http://hostexploit.com/index.php?option=com_content&view=article&id=12&Itemi
> d=15
>
> 	Gadi.
>




More information about the NANOG mailing list