Interesting Point of view - Russian police and RIPE accused of aiding RBN

noc acrino noc.akrino at gmail.com
Sat Nov 7 21:58:39 UTC 2009


Hello, Jeffery and other NANOC members.

Sorry for making another thread - I'm not too experienced in mailgroups.

The problem is in structure of new generation advert or banner networks -
they allow to return other subject traffic  to the partner's URL. And this
could also be used to redirect the traffic to different exploits (a simple
way to compromise a banner network or hosting provider). This is extremely
hard to monitor or to take preventive measures in case of a large banner or
advert network. Unfortunately Google doesn't provide a detailed report on
their check results: this could allow the resource's owner easily block
their partners in that case.

Anyway I'll contact the owner of this resource (91.202.63.96) now in order
to perform a check of their partners. I suppose, just having a few domains
would be enough.

The other resource is situated on the public ip of our reseller - I'll ask
him to check this domain, too.

Thank you for that information, I'll report on that issue later.

Kanak

Akrino Support Team


2009/11/7 Jeffrey Lyon <jeffrey.lyon at blacklotus.net>

> Kanak,
>
> Can you please detail your plans to correct the malware issues on your
> network? (reference:
> http://google.com/safebrowsing/diagnostic?site=AS:44571 ).
>
> Best regards, Jeff
>
>
>
> [offlist communication snipped for privacy]
>
> >
> > Kanak
> >
> > Akrino Abuse Team
> >
>
>
>
> --
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
> Black Lotus Communications of The IRC Company, Inc.
>
> Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
> 21 to find out how to "protect your booty."
>



More information about the NANOG mailing list