Guess I need to look in more detail, but doesn't looking at that show that CHINANET has about half the rouge network infections of the overall network. Sounds like if you don't do business with China, putting in a blackhole on AS4134 (and maybe 4837 and 4812) would knock out the majority of the trouble sites. Heck, and maybe I am in the dark ages, I didn't realize google was providing that much connectivity, why the heck do they have so many infected machines. Unless I am just reading that stuff wrong, guess I need to take my time and go through it. I am not in the wholesale bandwidth game anymore, but I have sure suffered my share of DDoS attacks, and am all for any intelligent things I can do to help eliminate such future issues.. --- Howard Leadmon
-----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists@gmail.com] Sent: Friday, August 29, 2008 4:38 PM To: Gadi Evron Cc: nanog@merit.edu Subject: Re: Washington Post: Atrivo/Intercage, why are we peering with the American RBN?
On Sat, Aug 30, 2008 at 1:32 AM, Gadi Evron <ge@linuxbox.org> wrote:
2. On a different note, why is anyone still accepting their route announcements? I know some among us re-route RBN traffic to protect users. Do you see this as a valid solution for your networks?
What ASNs belong to Atrivo, anyway?
The ASNs you ask about - as per the report - are on pages 4..8 of http://hostexploit.com/downloads/Atrivo%20white%20paper%20082808ac.pdf