Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer
Apologies, Yahoo was set to "Rich Text" :( ----- Hello All, It seems you all missed the memo.As of about 11PM PST Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer have ANY Machine on my network. I'm currently starting to monitor some of the public media, such as google, DroneBL, as well as several Anti-Malware community websites for abuse. Being that Esthost is now entirely GONE, we should not have any further issues. In the case that something does arise, such as an exploited host, we're currently developing a game plan for response to the issues. To make the best effort towards combatting abuse on our network, here's what I have planned so far for ANY Type of abuse: Step 1, Suspend Power to the affected machine. Step 2, Call/Email the client whom the affected machine is leased to. Step 3, Allow the client the option to investigate the machine further (Nullroute access via KVM)= Step 4, Verify the reported content, domain, user, or exploit is patched/eliminated from the machine. Step 5, Remove the Nullroute. Allow the machine to return to the network. Any comments? This is the result of a zero tolerance policy regarding abuse. If it's clear that the server owner is the cause of the abusive material etc, the client will then be immediately cancelled. No questions. It seems that this approach will be the best supported by the anti-abuse communities, so please let me know your input. Thank you for your time. Have a great day. --- Russell Mitchell InterCage, Inc.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Russ, While I think that is great and everything, can you explain why Cernel is now originating prefixes which were originally originated by Atrivo/Intercage? I'd be curious as to your explanation. Thanks, - - ferg On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8@yahoo.com> wrote:
Apologies, Yahoo was set to "Rich Text" :(
-----
Hello All,
It seems you all missed the memo.As of about 11PM PST Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer have ANY Machine on my network.
I'm currently starting to monitor some of the public media, such as google, DroneBL, as well as several Anti-Malware community websites for abuse. Being that Esthost is now entirely GONE, we should not have any further issues. In the case that something does arise, such as an exploited host, we're currently developing a game plan for response to the issues.
To make the best effort towards combatting abuse on our network, here's what I have planned so far for ANY Type of abuse: Step 1, Suspend Power to the affected machine. Step 2, Call/Email the client whom the affected machine is leased to. Step 3, Allow the client the option to investigate the machine further (Nullroute access via KVM)= Step 4, Verify the reported content, domain, user, or exploit is patched/eliminated from the machine. Step 5, Remove the Nullroute. Allow the machine to return to the network.
Any comments? This is the result of a zero tolerance policy regarding abuse.
If it's clear that the server owner is the cause of the abusive material etc, the client will then be immediately cancelled. No questions. It seems that this approach will be the best supported by the anti-abuse communities, so please let me know your input.
Thank you for your time. Have a great day.
--- Russell Mitchell InterCage, Inc.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2cBUq1pz9mNUZTMRAtbAAJwKk/H/9Pz4YelIgnYvtuCCDhmuswCfcrfV PTUD/SyPo8+zHpACucRPqk4= =+rwg -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It may be true that Estdomains has moved a couple of the external-facing a hosting hosts into the a Netherlands hosting provider in conjunction with this whole situation -- folks are watching very carefully. estdomains.com A 94.102.49.3 storefront.estdomains.com A 94.102.49.5 www.estdomains.com A 94.102.49.4 www.estsecure.com A 94.102.49.5 AS | IP | AS Name 29073 | 94.102.49.3 | ECATEL-AS AS29073, Ecatel Network % Information related to '94.102.48.0 - 94.102.63.255' inetnum: 94.102.48.0 - 94.102.63.255 netname: NL-ECATEL-20080829 descr: Ecatel LTD country: NL org: ORG-EL38-RIPE admin-c: RvE16-RIPE tech-c: RvE16-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: ECATEL-MNT mnt-routes: ECATEL-MNT source: RIPE # Filtered organisation: ORG-EL38-RIPE org-name: Ecatel LTD org-type: LIR address: Ecatel LTD Reinier van Eeden P.O.Box 19533 2521 CA The Hague NETHERLANDS phone: +31702204015 fax-no: +31702204015 e-mail: r.eeden@ecatel.net admin-c: RvE16-RIPE mnt-ref: ECATEL-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT source: RIPE # Filtered DNSLogger: estdomains.com A 94.102.49.3 estdomains.com A 216.255.176.238 estdomains.com NS ans1.esthost.com estdomains.com NS ans2.esthost.com estdomains.com NS temp1.estdomains.com estdomains.com NS ns1.estdomains.com estdomains.com NS temp2.estdomains.com estdomains.com NS ns2.estdomains.com http://www.bfk.de/bfk_dnslogger.html Thanks, - - ferg On Tue, Sep 23, 2008 at 9:05 PM, Russell Mitchell <russm2k8@yahoo.com> wrote:
Apologies, Yahoo was set to "Rich Text" :(
-----
Hello All,
It seems you all missed the memo.As of about 11PM PST Last night 09/22/08, Esthost has been ENTIRELY Shutdown. They no longer have ANY Machine on my network.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI2cVCq1pz9mNUZTMRAtC1AJ9UK326w0H3C8lpB1cxz6EJC6KbqwCgjlwA 3WvkkgfWuVapwt1OKbys4dk= =B4vI -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
participants (2)
-
Paul Ferguson -
Russell Mitchell