Interesting Point of view - Russian police and RIPE accused of aiding RBN

noc acrino noc.akrino at
Sat Nov 7 21:58:39 UTC 2009

Hello, Jeffery and other NANOC members.

Sorry for making another thread - I'm not too experienced in mailgroups.

The problem is in structure of new generation advert or banner networks -
they allow to return other subject traffic  to the partner's URL. And this
could also be used to redirect the traffic to different exploits (a simple
way to compromise a banner network or hosting provider). This is extremely
hard to monitor or to take preventive measures in case of a large banner or
advert network. Unfortunately Google doesn't provide a detailed report on
their check results: this could allow the resource's owner easily block
their partners in that case.

Anyway I'll contact the owner of this resource ( now in order
to perform a check of their partners. I suppose, just having a few domains
would be enough.

The other resource is situated on the public ip of our reseller - I'll ask
him to check this domain, too.

Thank you for that information, I'll report on that issue later.


Akrino Support Team

2009/11/7 Jeffrey Lyon <jeffrey.lyon at>

> Kanak,
> Can you please detail your plans to correct the malware issues on your
> network? (reference:
> ).
> Best regards, Jeff
> [offlist communication snipped for privacy]
> >
> > Kanak
> >
> > Akrino Abuse Team
> >
> --
> Jeffrey Lyon, Leadership Team
> jeffrey.lyon at |
> Black Lotus Communications of The IRC Company, Inc.
> Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
> 21 to find out how to "protect your booty."

More information about the NANOG mailing list