[108101] in North American Network Operators' Group
Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
daemon@ATHENA.MIT.EDU (Russell Mitchell)
Wed Sep 24 01:14:20 2008
Date: Tue, 23 Sep 2008 22:13:53 -0700 (PDT)
From: Russell Mitchell <russm2k8@yahoo.com>
To: Paul Ferguson <fergdawgster@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Hello Paul,=0A=0AThose are their IP Blocks. We were simply routing them, as=
they were our client.=0AThey've owned these blocks for quite a while. They=
seem to have moved that after a day of being down.=0A=0AI haven't been mon=
itoring their blocks, and made the decision Sunday Night that they were no =
longer going to be allowed on our network.=0AI believe the blocks your refe=
rring to are their 85.255 Blocks? Registered to "InHoster". I believe those=
=A0prefixes are an entity of their's, though I don't know for sure. Perhaps=
ask them?=0ACernel is their own ASN. It's not associated with our company.=
=0A=0AThank you for your time. Have a great day.=A0=0A---=0ARussell Mitchel=
l=0A=0AInterCage, Inc.=0A=0A=0A=0A----- Original Message ----=0AFrom: Paul =
Ferguson <fergdawgster@gmail.com>=0ATo: Russell Mitchell <russm2k8@yahoo.co=
m>=0ACc: nanog@nanog.org=0ASent: Tuesday, September 23, 2008 9:22:03 PM=0AS=
ubject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer=0A=0A-----BEGIN P=
GP SIGNED MESSAGE-----=0AHash: SHA1=0A=0AHi Russ,=0A=0AWhile I think that i=
s great and everything, can you explain why Cernel is=0Anow originating pre=
fixes which were originally originated by=0AAtrivo/Intercage?=0A=0AI'd be c=
urious as to your explanation.=0A=0AThanks,=0A=0A- - ferg=0A=0A=0AOn Tue, S=
ep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8@yahoo.com>=0Awrote:=0A> =
Apologies, Yahoo was set to "Rich Text" :(=0A>=0A> -----=0A>=0A> Hello All,=
=0A>=0A> It seems you all missed the memo.As of about 11PM PST=0A> Last nig=
ht 09/22/08, Esthost has been ENTIRELY Shutdown.=0A> They no longer have AN=
Y Machine on my network.=0A>=0A> I'm currently starting to monitor some of =
the public media, such as=0A> google, DroneBL, as well as several Anti-Malw=
are community websites for=0A> abuse. Being that Esthost is now entirely GO=
NE, we should not have any=0A> further issues. In the case that something d=
oes arise, such as an=0A> exploited host, we're currently developing a game=
plan for response to=0A> the issues.=0A>=0A> To make the best effort towar=
ds combatting abuse on our network, here's=0A> what I have planned so far f=
or ANY Type of abuse: Step 1, Suspend Power=0A> to the affected machine.=0A=
> Step 2, Call/Email the client whom the affected machine is leased to.=0A>=
Step 3, Allow the client the option to investigate the machine further=0A>=
(Nullroute access via KVM)=3D Step 4, Verify the reported content, domain,=
=0A> user, or exploit is patched/eliminated from the machine. Step 5, Remov=
e=0A> the Nullroute. Allow the machine to return to the network.=0A>=0A> An=
y comments? This is the result of a zero tolerance policy regarding=0A> abu=
se.=0A>=0A> If it's clear that the server owner is the cause of the abusive=
material=0A> etc, the client will then be immediately cancelled. No questi=
ons. It=0A> seems that this approach will be the best supported by the anti=
-abuse=0A> communities, so please let me know your input.=0A>=0A> Thank you=
for your time. Have a great day.=0A>=0A> ---=0A> Russell Mitchell=0A> Inte=
rCage, Inc.=0A>=0A>=0A>=0A>=0A>=0A>=0A=0A=0A-----BEGIN PGP SIGNATURE-----=
=0AVersion: PGP Desktop 9.6.3 (Build 3017)=0A=0Awj8DBQFI2cBUq1pz9mNUZTMRAtb=
AAJwKk/H/9Pz4YelIgnYvtuCCDhmuswCfcrfV=0APTUD/SyPo8+zHpACucRPqk4=3D=0A=3D+rw=
g=0A-----END PGP SIGNATURE-----=0A=0A=0A-- =0A"Fergie", a.k.a. Paul Ferguso=
n=0AEngineering Architecture for the Internet=0Afergdawgster(at)gmail.com=
=0Aferg's tech blog: http://fergdawg.blogspot.com/=0A=0A=0A=0A
