North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[funsec] Security Fix: Updates on Atrivo/Intercage (fwd)

  • From: Gadi Evron
  • Date: Mon Sep 08 00:22:28 2008



---------- Forwarded message ----------
Date: Mon, 8 Sep 2008 04:17:29 GMT
From: Paul Ferguson <[email protected]>
To: [email protected]
Subject: [funsec] Security Fix: Updates on Atrivo/Intercage

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Krebs add some late updates to his "Security Fix" article
from Friday 5 September 2008:

[snip]

Update, Sunday, Sept. 7, 8:02 p.m.: I spoke today with Randy Epstein,
president of WVFiber and co-founder of Host.net, which acquired WVFiber
just six weeks ago. Epstein said after reading reports from Security Fix,
Hostexploit.com, Spamhaus.org and others about cyber crime activities at
Atrivo, WVFiber has decided to drop Atrivo as a customer. WVFiber plans to
stop providing upstream connectivity to Atrivo by Wednesday or Thursday at
the latest, Epstein said. That would leave Atrivo with just a single
upstream provider -- Bandcon.

Update, Sunday, Sept. 7, 9:15 p.m.: nLayer Communications, a company that
owns a significant slice of the Internet addresses used by
Atrivo/Intercage, is demanding that Atrivo vacate the space and return the
addresses by Sept 30.

"Atrivo/Intercage has not been a direct customer of nLayer Communications
since December 2007, but they still have some legacy reallocations from our
IP space," wrote nLayer co-founder Richard A. Steenbergen, in an e-mail to
Security Fix. "Since they are no longer a customer, we require that they
return our non-portable IP space, and have given them a deadline of
September 30th to do so. If the IP space is not returned by that point, we
will follow standard procedure to reclaim it, including null routing the
space, and sending cease and desist letters to any network who still
transits it without our permission."

According to Steenbergen, Atrivo/Intercage must return roughly 7,400 IP
addresses.

[snip]

Ref:
http://voices.washingtonpost.com/securityfix/2008/09/scam-heavy_us_isp_grow
s_more_i.html

FYI,

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFIxKdMq1pz9mNUZTMRAnLcAKCRgGjZrgwr5xCmFFXPV/a0xUAlVwCaAkPL
nHo38nvc5azHws2QPhshAvY=
=zWoJ
-----END PGP SIGNATURE-----


-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.