Hello Paul, Those are their IP Blocks. We were simply routing them, as they were our client. They've owned these blocks for quite a while. They seem to have moved that after a day of being down. I haven't been monitoring their blocks, and made the decision Sunday Night that they were no longer going to be allowed on our network. I believe the blocks your referring to are their 85.255 Blocks? Registered to "InHoster". I believe those prefixes are an entity of their's, though I don't know for sure. Perhaps ask them? Cernel is their own ASN. It's not associated with our company. Thank you for your time. Have a great day. --- Russell Mitchell InterCage, Inc. ----- Original Message ---- From: Paul Ferguson <fergdawgster@gmail.com> To: Russell Mitchell <russm2k8@yahoo.com> Cc: nanog@nanog.org Sent: Tuesday, September 23, 2008 9:22:03 PM Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Russ, While I think that is great and everything, can you explain why Cernel is now originating prefixes which were originally originated by Atrivo/Intercage? I'd be curious as to your explanation. Thanks, - - ferg On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8@yahoo.com> wrote:
Apologies, Yahoo was set to "Rich Text" :(
-----
Hello All,
It seems you all missed the memo.As of about 11PM PST Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer have ANY Machine on my network.
I'm currently starting to monitor some of the public media, such as google, DroneBL, as well as several Anti-Malware community websites for abuse. Being that Esthost is now entirely GONE, we should not have any further issues. In the case that something does arise, such as an exploited host, we're currently developing a game plan for response to the issues.
To make the best effort towards combatting abuse on our network, here's what I have planned so far for ANY Type of abuse: Step 1, Suspend Power to the affected machine. Step 2, Call/Email the client whom the affected machine is leased to. Step 3, Allow the client the option to investigate the machine further (Nullroute access via KVM)= Step 4, Verify the reported content, domain, user, or exploit is patched/eliminated from the machine. Step 5, Remove the Nullroute. Allow the machine to return to the network.
Any comments? This is the result of a zero tolerance policy regarding abuse.
If it's clear that the server owner is the cause of the abusive material etc, the client will then be immediately cancelled. No questions. It seems that this approach will be the best supported by the anti-abuse communities, so please let me know your input.
Thank you for your time. Have a great day.
--- Russell Mitchell InterCage, Inc.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2cBUq1pz9mNUZTMRAtbAAJwKk/H/9Pz4YelIgnYvtuCCDhmuswCfcrfV PTUD/SyPo8+zHpACucRPqk4= =+rwg -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/