RE: Atrivo/Intercage

Just to add my $0.02 to this discussion and a disclaimer - I've known
Emil for years, I've seen his shop and even the controversy.
200 Paul is a small community, and most of the folks in there know
eachother, I've been in there since 2001 or so.

Intercage is not a big shop, there are very few people involved in running
it and I have a very hard time believing the accusations made by some
of the folks around. I also don't believe Intercage was complicit in any
net-crime; Thats not to say it didn't exist, but more along the lines
of they got lost in the noise of running a business. I'd guess that
given the server volume they've got, abuse emails are less than one percent
of all the email they get in a week. From what I've seen, the bulk of their
customer base is webhosters, Unix Shell providers and some video/audio
streamers. Were I to venture a guess on the number of folks reselling
those webservers, its probably on the order of thousands...

Any time I've had an issue with one of Atrivo's customers, it only took
one email to get it dealt with, or I got Emil on IM or on the phone and
it was taken care of.

My experience with being on the other end of abuse@, I'd say a good
60-75% of the complaints I saw coming in were bogus. Either people
complaining about their ZoneAlarm's going off, people complaining
about bounced emails with spam and a bunch of automated stuff that was
always wrong. The legit complaints were not always easy to deal with
either since a good 20-30% of them were unclear on what was actually wrong
until you spent some time digging.

Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real dedication to
find out whats *actually* going on.

I have no dog in this fight, but I would comment on the "small shop" issue as it relates to handling abuse complaints.

I own a small colo/hosting shop too. We don't have many employees. If we had to deal with so many abuse complaints that things were "getting lost in the noise", I'd have to seriously examine my AUP and associated enforcement policies, add staff to handle abuse issues, or both. Being small isn't an excuse. In fact, a small shop that runs a clean network should be far better at handling abuse issues than the larger players could ever hope to be.

Tom,

Atrivo is not just a spammer, and Intercage has _not_ "taken care of" problems - unless you count moving IP addresses around as "taking care of" things. I'm sure the people downloading child pr0n or hosting virus / C&C servers were very inconvenienced from having to change a hostname. Pardon me if I am incredulous. And not because we were not dedicated in trying to find out what was *actually* going on. Try reading up on your friend before accusing the community of not doing due diligence.

And don't give me any BS about not reading his abuse@ mail.

Eventually ignorance (willful ignorance?) in the service of evil becomes indistinguishable from malice.

Basically, THAT is what it boils down to for me, and apparently everyone else as well.

Perhaps I should clarify - Abuse complaints being a small percentage
of normal requests for service (IE: I need a new hdd, an OS reinstalled)
I would agree that anyone beseiged in abuse requests should take a
machete to the offending customer's cables :slight_smile:

So... apparently AS27595 is back on the air, with aspath's like:

6461 23342 27595
6539 23342 27595
8075 23342 27595

23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?

-Chris

ah! someone reminded me that Tom left UL :frowning: but at least I was
remembering the right tom :slight_smile:

Yep, same Tom, I was one of the founders of UnitedLayer.
I haven't been there since 2006, so its not my doing.

I also noticed AS paths like this:
* 69.22.162.0/23 701 2914 32335 6461 23342 27595 i

I'm not sure whats going on there, but I'm thinking someone needs some help :slight_smile:

So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595
6539 23342 27595
8075 23342 27595

23342 == UnitedLayer, Tom isn't that you or is that another
Tom I'm remembering?

Yep, same Tom, I was one of the founders of UnitedLayer.
I haven't been there since 2006, so its not my doing.

yup, didn't particularly mean it was 'your doing' (even if you were
there) but that perhaps (if you were still there) you might be able to
influence the ops folks some... if you thought it worthy.

I also noticed AS paths like this:
* 69.22.162.0/23 701 2914 32335 6461 23342 27595 i

I'm not sure whats going on there, but I'm thinking someone needs some help :slight_smile:

yea I suspect that's a history route (or PIE re-opened the links
between PIE/Atrivo). Or... Abovenet & PIE & NTT aren't filtering their
customers in a way that keeps PIE form providing transit to NTT for
Abovenet :frowning: (NTT says loud and long they filter based on IRR data, PIE
might not have updated their IRR info?)

wierd though.

actually, I think PIE sees this route from 6461 and passes it along
probably because they didn't update the filters on their sessions when
they dropped the links to 27595 :frowning: Also they didn't update the IRR
data to remove this set of prefixes.

bummers.

actually, I think PIE sees this route from 6461 and passes it along
probably because they didn't update the filters on their sessions when
they dropped the links to 27595 :frowning:

Has anyone actually confirmed that the link is dropped with PIE?

Also they didn't update the IRR data to remove this set of prefixes.

Looks like they've got all kindsa stuff in there...

Which is not acceptable. You answer your abuse complaints, you shut down your spammers. Period, end of subject.

Tom Sparks (Applied Operations) wrote:

Basically is what it boils down to for me - its easy to blame
an NSP/ISP/Hoster for what their clients do, it takes real dedication to
find out whats *actually* going on.
  

We did, and now we're solving the problem.

Andrew