After several run-ins with Edge 1 Networks [69.44.28.0/22] having their machines "hijack" victim machines on our networks infected with Jeem, and then making their spam runs, I've had it. I have reported both to Edge 1 and their parent Williams Communications Group [AS7911] with no result and I will be blocking Edge 1 [in theory, AS29986, but no doubt private spewage from WCG.NET).
They hijacked a Jeem proxy on July 17th, it was shut down. The help desk thought they had cleaned it up, but within 30 mins of placing it back online again, Edge 1 grabbed it again. I brought it into the lab with a sniffer, rebooted (new IP), and Edge 1 picked it up within 10 minutes and began spam/proxying.
This past Sunday, a similarly Jeem'ed machine was hijacked by the same Edge 1 block (numerous machines in the Edge 1 block, mind you) and due to me being out of the office it wasn't noticed and shutdown until Tuesday, after a little over a half million proxied spams.
Are these people just totally off-the-wall? Google searches seem to concur.
I am awaiting confirmation that ALL the proxies originated from Edge 1 (takes a while to churn through those gigs of pix logs).
Jeff Kell
University of Tennessee, Chattanooga
After several run-ins with Edge 1 Networks [69.44.28.0/22] having their
machines "hijack" victim machines on our networks infected with Jeem,
and then making their spam runs, I've had it. I have reported both to
Edge 1 and their parent Williams Communications Group [AS7911] with no
result and I will be blocking Edge 1 [in theory, AS29986, but no doubt
private spewage from WCG.NET).
I smell a rat. I have a funny feeling Edge1 is a front for
pro-spammer Nick Geyer.
Look at their whois:
Edge1 Networks
Hostmaster Edge1
25 Broadway - 5th Floor
New York, NY 10004
US
Phone: 212-248-1121
Fax..: 212-248-0929
But if you call Verizon, they'll tell you these lines terminate
on the sixth floor of 25 Broadway, an address I remember all
too well from the VMX Networks hijackings.
If you want the abuse to stop, call Nick at work (212-685-2009)
or on his cellular phone (503-851-1963) and tell him to knock it off.
If Nick is busy or at a meeting, as is often the case
ask to speak to his boss, Paul Hodara, and see if he can track
him down.
The Williams NOC could care less, if you want to get anywhere,
try contacting Blake Williams (blake.williams@wcg.com) or
Michael Winslow (Michael.Winslow@wcg.com), who are capable of
taking action, including ultimately denying service to Edge1
for AUP violations.
(off-topic)
After several run-ins with Edge 1 Networks [69.44.28.0/22] having their
machines "hijack" victim machines on our networks infected with Jeem,
and then making their spam runs, I've had it. I have reported both to
Edge 1 and their parent Williams Communications Group [AS7911] with no
result and I will be blocking Edge 1 [in theory, AS29986, but no doubt
private spewage from WCG.NET).
[I omitted quoting the follow-up post where Nick Geyer and Chris
'Rizler' Smith are being ratted out by fellow IP space hijackers at
Web Design House (AS 26857):
- 199.60.102.0/24 hijacked by registering henningassoc.com (which has
the same POC e-mail addr as AS26857 until recently: loopback2003@yahoo.com,
with interesting nameservers that have since moved out of that /24:
NS1.NANOG.US 216.66.69.69, NS2.NANOG.US 216.66.69.169 ;
- announced hijacked 148.3.32.0/20 IT-SOUTHLTD.COM
- provided transit for AS 27526 (endai.com/endai.net/dmx0.com),
originating hijacked 148.3.0.0/21 (IT-SOUTHLTD.COM) ]
The following (now posted daily) feature in Spam-L should make some
silent NANOG subscribers ask themselves a question: do I work for a
large criminal enterprise and could my own actions as an employee be
considered active participation with possible criminal culpability?
And for those OTHER NANOG subscribers that decided that joining the
unemployment line after the Internet bubble burst was not for them,
but legal work suiting their qualifications was nowhere to be found:
you should read up on some of the statutes of limitations for computer
fraud and abuse acts (federal and state) and reconsider your current
activities. Your acts are definitely not going unnoticed nor are they
being ignored.
There's a reason why Chris 'Rizler' Smith and 2 of his associates
fled^Wrelocated to Costa Rica, you know, but Mary Jo White sure as
hell didn't care that the last batch of people she had indicted had
relocated to small caribbean island nations to evade US justice:
http://zdnet.com.com/2100-11-508027.html
ISPs, including Level3.net and Cogent, are conspiring (that's what 'knowingly
providing assistance to the perpetrator of a criminal act' actually is) with
hard core computer criminals, and there's a handy list right here: