-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Marc Sachs" <marc@sans.org> wrote:
Unless I'm mis-reading this (or perhaps GBLX read Kreb's story and said good-bye to Atrivo/Intercage), it looks like they are no longer their upstream:
http://cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
I applaud GLBX's move to disconnect Atrivo/Intercage. What the Armin/McQuaid/Jonkman report [1] documented are activities that many of us in the security community have known for a couple of years. One thing that Krebs _didn't_ mention in his WaPo article are the large number of rogue DNS servers that also reside there. A couple of colleagues, Feike Hacquebord, Chenguai Lu, et al., presented a paper at the Virus Bulletin conference last year [2]. While the paper is almost a year old, that particular situation has gotten progressively worse. My only concern here is that by the publicity this issue continues to receive, these activities will just move else where, like scurrying cockroaches (like what happened with AS40989). One step at a time, I suppose. - - ferg [1] http://www.hostexploit.com/ [2] http://www.virusbtn.com/pdf/conference_slides/2007/HacquebordVB2007.pdf -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIuJelq1pz9mNUZTMRArvXAJ9PHNQygl5Mnrozgu140di34FvuigCcCzFa UWI10pR0jTyDUapX/J3Opa4= =YU/M -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/