GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercage, w hy are we peering with the American RBN?]

I applaud GLBX's move to disconnect Atrivo/Intercage.

What the Armin/McQuaid/Jonkman report [1] documented are activities
that many of us in the security community have known for a couple
of years.

One thing that Krebs _didn't_ mention in his WaPo article are the
large number of rogue DNS servers that also reside there. A couple
of colleagues, Feike Hacquebord, Chenguai Lu, et al., presented a
paper at the Virus Bulletin conference last year [2]. While the
paper is almost a year old, that particular situation has gotten
progressively worse.

My only concern here is that by the publicity this issue continues
to receive, these activities will just move else where, like
scurrying cockroaches (like what happened with AS40989).

One step at a time, I suppose.

- - ferg


Yep, I am almost intrigued to see where they move. They'd move eventually anyway, the question is if we can then gripe about other countries not being responsive and approach that problem, or have to drive by their building to the office every morning?