Interesting Point of view - Russian police and RIPE accused of aiding RBN

Jeffrey Lyon jeffrey.lyon at blacklotus.net
Fri Nov 6 19:01:51 UTC 2009


Kanak,

It's good to see you here. The primary issue is that we receive a fair
deal of customers who end up with wide scale DDoS attacks followed by
an offer for "protection" to move to your network. In almost every
case the attacks cease once the customer has agreed to pay this
"protection" fee. Every one of these attacks was nearly identical in
signature.

A couple of years back we followed up on this and a handful of trusted
security analysts who focus on RBN alleged that Akrino was an RBN
shill network thus prompting the spawn of this article:
http://www.computerworld.com/s/article/9063418/Russian_hosting_network_running_a_protection_racket_researcher_says
.

Since first seeing your network arise in early 2008 i've never
actually seen anyone claim to own it and a Google search for your name
and ASN were completely devoid of any useful information. The ASN and
IP assignment are registered to a BVI offshore corporation that based
on my research do not seem to correlate to any legitimate commercial
activity. All of these things seem to support the Computerworld
article.

I would love to be proven wrong on this issue as I do not like to see
a good net op ostracized without just cause. Perhaps your reseller(s)
are giving you a bad name? Either way I would love to chat, feel free
to Skype: blacklotus.net .

Best regards, Jeff



On Fri, Nov 6, 2009 at 1:20 PM, noc acrino <noc.akrino at gmail.com> wrote:
> Greetings!
>
> Let me introduce myself - I as a part of a support team represent NOC
> Akrino, the team responsible of the technical use of AKRINO Networks,
> AS44571 (91.202.61.0/21). It's a service network for DDoS-mitigation
> purposes, using a combination of hardware and self-developed software which
> allow us to efficiently filter mostly any kind of malicious traffic
> providing the white traffic to the client's server. Among our clients there
> are some e-businesses, e-shops, e-mass media, etc. with critical losses in
> case of possible DDoS-attacks. I'd apply in case it's necessary, the
> recommendations of our foreign resellers. Anyway we have never declared
> ourselves as an abuse-resistant service provider - every abuse sent to
> service email "noc.akrino at gmail.com" is being investigated and responded: we
> can block the exact URLS or even block completely the traffic redirection to
> the client in case of his abusive network behavior.
>
> We're completely shocked by the declaration that the RBN moved to our AS. We
> have no affiliation to RBN, the personal data is hidden and can be provided
> by request just because of our members' personal security - in rare cases we
> even had those risks (just because our filtration works cyber criminals
> often search for other ways of influence upon us, including coercion).
>
> In fact there are some problem clients like some adult sites whose
> advertising programs could be popular with the spammers, but our policy
> demands normal network behavior and in case of the abuse - their advert
> partner is blocked.
>
> So, if you have any evidence of abusive network behavior of our clients you
> should send it directly to noc.akrino at gmail.com and we'll respond. If there
> were any unsolved cases - we'll close them.
>
> Please, excuse us if in somehow Akrino Networks were the source of problems
> for you - we'll do our best to prevent it in the future.
>
> And I'll sincerely ask *Jeffrey Lyon *as a representative of Blacklotus team
> to clarify his accusations: aren't they connected with the fact that many of
> your DDoS-protected clients have chosen our reseller Blockdos (blockdos.net)
> just because our pricing doesn't depend on the amount of attack? As far as I
> understand it's a question of about $20k/month. Please, tell me if I'm not
> right.
>
> Thank you.
>
> Kanak
>
> Akrino Abuse Team
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."




More information about the NANOG mailing list