[120203] in North American Network Operators' Group
RE: Is there anyone from ASPEWS on this list?
daemon@ATHENA.MIT.EDU (William Pitcock)
Fri Dec 11 20:36:19 2009
From: William Pitcock <nenolod@systeminplace.net>
To: Alex Lanstein <ALanstein@FireEye.com>
In-Reply-To: <60B0F2124D07B942988329B5B7CA393D020BE87546@mail2.FireEye.com>
Date: Fri, 11 Dec 2009 19:35:00 -0600
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 2009-12-11 at 17:25 -0800, Alex Lanstein wrote:
> William Pitcock wrote:
> >>>Cernal and Atrivo are two different entities, Atrivo used to host
> >>>Cernal, but now they have different hosting arrangements.
>
> I now understand the original point you were trying to make about Atrivo. I disagree with your premise that it is actually a different entity than Cernel, but am not trying to debate that on this list for various reasons.
Then why did you make the post?
>
> Acting under my (incorrect or correct) assumption that they are in fact the same entity, I made my post to show that "the boys were back".
They are separate entities, and Cernal hosts with other providers, and
did so while Atrivo existed as well.
Infact, read below for some poignant analysis on this fact.
>
> That is, for a decent amount of time, parts of 85.255.112.0/20 were not being advertised, and hence the dns hijacking pointing selected http traffic to 67.210.0.0/20 wasn't happening.
>
> My point was that it (fairly) recently started being advertised again, and it was the same old song and dance wrt dns/http hijacking/fraud.
>
That doesn't surprise me, but I see it coming from Amazon EC2. Infact,
traceroutes end at 67.210.14.1, which is a router servicing the EC2
cloud. 85.255.112.0/20 appears to be announced by Bandcon /
Internet-Path in the NYC area. I believe that Amazon EC2's NYC cloud
uses these providers, but not 100% sure on that one.
Regardless, Amazon EC2 is not Atrivo, at all, period, and if you believe
that it is, you're bloody crazy.
William