On Fri, 25 Apr 2003 16:03 (UT), Joe St Sauver <JOE@OREGON.UOREGON.EDU> wrote: | And of course, no-more-viruses.com is a perfect example of a domain | whose web site obtains transit from that fabulous far eastern | "bulletproof ASN", AS9929. For context, AS9929 also has provided | transit for hosts from a few other domains you may recognize {SNIP!} | I believe that to make progress on the let's-go-after-their-web-hosting | approach, you'll need to convince AS9929's upstreams, Sprint and Cable | and Wireless, to pull the plug (which they probably won't do) or at least | convince them to enforce an acceptable use policy on their customers | (which they can only do if they're willing to pull the plug for | non-compliance, which I don't believe they're willing to do in this case). According to the CIDR report there are rather more than two upstreams. Apart from Sprint and Cable and Wireless, they include ... AS1 GNTY-1 Genuity AS2516 KDDI KDDI CORPORATION AS3549 GBLX Global Crossing AS3356 LEVEL3 Level 3 Communications, LLC AS701 ALTERNET-AS UUNET Technologies, Inc. | But hey, I'd love to be proven wrong. I'd love to be able to do that. But I can get to halfway, as I believe those comments are no longer valid where Sprint is concerned. They may have been based on Sprint's historic notoriety, but Sprint has seen major changes in th last year. When I was recently investigating the hijacked /16s, for each case that we identified that was being announced over Sprint, those announcements were filtered by Sprint within *ten minutes* of my initial phone call. That does _not_ sound anything like an abuse-tolerant network to me. As far as Cable and Wireless are concerned, it would be difficult for them to complain of abuse tolerance by a downstream while their own hosting company, Exodus, is considered unresponsive on abuse matters. If they did it would no doubt be a case of "Pot, Kettle, Black Hat"! -- Richard Cox