YAY! Re: Atrivo/Intercage: NO Upstream depeer

Russell Mitchell russm2k8 at yahoo.com
Wed Sep 24 00:13:53 CDT 2008

Hello Paul,

Those are their IP Blocks. We were simply routing them, as they were our client.
They've owned these blocks for quite a while. They seem to have moved that after a day of being down.

I haven't been monitoring their blocks, and made the decision Sunday Night that they were no longer going to be allowed on our network.
I believe the blocks your referring to are their 85.255 Blocks? Registered to "InHoster". I believe those prefixes are an entity of their's, though I don't know for sure. Perhaps ask them?
Cernel is their own ASN. It's not associated with our company.

Thank you for your time. Have a great day. 
Russell Mitchell

InterCage, Inc.

----- Original Message ----
From: Paul Ferguson <fergdawgster at gmail.com>
To: Russell Mitchell <russm2k8 at yahoo.com>
Cc: nanog at nanog.org
Sent: Tuesday, September 23, 2008 9:22:03 PM
Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer

Hash: SHA1

Hi Russ,

While I think that is great and everything, can you explain why Cernel is
now originating prefixes which were originally originated by

I'd be curious as to your explanation.


- - ferg

On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8 at yahoo.com>
> Apologies, Yahoo was set to "Rich Text" :(
> -----
> Hello All,
> It seems you all missed the memo.As of about 11PM PST
> Last night 09/22/08, Esthost has been ENTIRELY Shutdown.
> They no longer have ANY Machine on my network.
> I'm currently starting to monitor some of the public media, such as
> google, DroneBL, as well as several Anti-Malware community websites for
> abuse. Being that Esthost is now entirely GONE, we should not have any
> further issues. In the case that something does arise, such as an
> exploited host, we're currently developing a game plan for response to
> the issues.
> To make the best effort towards combatting abuse on our network, here's
> what I have planned so far for ANY Type of abuse: Step 1, Suspend Power
> to the affected machine.
> Step 2, Call/Email the client whom the affected machine is leased to.
> Step 3, Allow the client the option to investigate the machine further
> (Nullroute access via KVM)= Step 4, Verify the reported content, domain,
> user, or exploit is patched/eliminated from the machine. Step 5, Remove
> the Nullroute. Allow the machine to return to the network.
> Any comments? This is the result of a zero tolerance policy regarding
> abuse.
> If it's clear that the server owner is the cause of the abusive material
> etc, the client will then be immediately cancelled. No questions. It
> seems that this approach will be the best supported by the anti-abuse
> communities, so please let me know your input.
> Thank you for your time. Have a great day.
> ---
> Russell Mitchell
> InterCage, Inc.

Version: PGP Desktop 9.6.3 (Build 3017)


"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
ferg's tech blog: http://fergdawg.blogspot.com/


More information about the NANOG mailing list