[nsp-sec] [Fwd: GLBX De-Peers Intercage

David Freedman david.freedman at uk.clara.net
Mon Sep 1 07:19:26 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In case people on nanog didn't spot this....


- -------- Original Message --------
Subject: GLBX De-Peers Intercage [Was: RE: Washington Post:
Atrivo/Intercage, w	hy are we peering with the American RBN?]
Date: Sat, 30 Aug 2008 00:43:38 GMT
From: Paul Ferguson <fergdawg at netzero.net>
To: marc at sans.org
CC: nanog at merit.edu
Newsgroups: gmane.org.operators.nanog

- -- "Marc Sachs" <marc at sans.org> wrote:

>Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said
>good-bye to Atrivo/Intercage), it looks like they are no longer their
>upstream:
>
>http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
>

I applaud GLBX's move to disconnect Atrivo/Intercage.

What the Armin/McQuaid/Jonkman report [1] documented are activities
that many of us in the security community have known for a couple
of years.

One thing that Krebs _didn't_ mention in his WaPo article are the
large number of rogue DNS servers that also reside there. A couple
of  colleagues, Feike Hacquebord, Chenguai Lu, et al., presented a
paper at the Virus Bulletin conference last year [2]. While the
paper is almost a year old, that particular situation has gotten
progressively worse.

My only concern here is that by the publicity this issue continues
to receive, these activities will just move else where, like
scurrying cockroaches (like what happened with AS40989).

One step at a time, I suppose.

- - ferg



[1] http://www.hostexploit.com/
[2] http://www.virusbtn.com/pdf/conference_slides/2007/HacquebordVB2007.pdf



- --
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




- --
David Freedman
Group Network Engineering
Claranet Limited
http://www.clara.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIu8+9tFWeqpgEZrIRAuhoAKDXGpDhKgMyWo5o1HoEOZSIyR0ejACgwFHg
FVE9nnzuZ7boEIQK0PCZI/I=
=kH44
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list