RE: Atrivo/Intercage
Just to add my $0.02 to this discussion and a disclaimer - I've known Emil for years, I've seen his shop and even the controversy. 200 Paul is a small community, and most of the folks in there know eachother, I've been in there since 2001 or so. Intercage is not a big shop, there are very few people involved in running it and I have a very hard time believing the accusations made by some of the folks around. I also don't believe Intercage was complicit in any net-crime; Thats not to say it didn't exist, but more along the lines of they got lost in the noise of running a business. I'd guess that given the server volume they've got, abuse emails are less than one percent of all the email they get in a week. From what I've seen, the bulk of their customer base is webhosters, Unix Shell providers and some video/audio streamers. Were I to venture a guess on the number of folks reselling those webservers, its probably on the order of thousands... Any time I've had an issue with one of Atrivo's customers, it only took one email to get it dealt with, or I got Emil on IM or on the phone and it was taken care of. My experience with being on the other end of abuse@, I'd say a good 60-75% of the complaints I saw coming in were bogus. Either people complaining about their ZoneAlarm's going off, people complaining about bounced emails with spam and a bunch of automated stuff that was always wrong. The legit complaints were not always easy to deal with either since a good 20-30% of them were unclear on what was actually wrong until you spent some time digging. Basically is what it boils down to for me - its easy to blame an NSP/ISP/Hoster for what their clients do, it takes real dedication to find out whats *actually* going on. -- Tom Sparks (415) 367-7328x1001
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in running it
I have no dog in this fight, but I would comment on the "small shop" issue as it relates to handling abuse complaints. I own a small colo/hosting shop too. We don't have many employees. If we had to deal with so many abuse complaints that things were "getting lost in the noise", I'd have to seriously examine my AUP and associated enforcement policies, add staff to handle abuse issues, or both. Being small isn't an excuse. In fact, a small shop that runs a clean network should be far better at handling abuse issues than the larger players could ever hope to be.
On Mon, Sep 22, 2008 at 04:48:16PM -0400, Drew Linsalata wrote:
I have no dog in this fight, but I would comment on the "small shop" issue as it relates to handling abuse complaints.
I own a small colo/hosting shop too. We don't have many employees. If we had to deal with so many abuse complaints that things were "getting lost in the noise"
Perhaps I should clarify - Abuse complaints being a small percentage of normal requests for service (IE: I need a new hdd, an OS reinstalled) I would agree that anyone beseiged in abuse requests should take a machete to the offending customer's cables :) -- Tom Sparks (415) 367-7328x1001
So... apparently AS27595 is back on the air, with aspath's like: 6461 23342 27595 6539 23342 27595 8075 23342 27595 23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering? -Chris
On Mon, Sep 22, 2008 at 5:17 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
So... apparently AS27595 is back on the air, with aspath's like:
6461 23342 27595 6539 23342 27595 8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?
ah! someone reminded me that Tom left UL :( but at least I was remembering the right tom :)
On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
So... apparently AS27595 is back on the air, with aspath's like: 6461 23342 27595 6539 23342 27595 8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?
Yep, same Tom, I was one of the founders of UnitedLayer. I haven't been there since 2006, so its not my doing. I also noticed AS paths like this: * 69.22.162.0/23 701 2914 32335 6461 23342 27595 i I'm not sure whats going on there, but I'm thinking someone needs some help :) -- Tom Sparks (415) 367-7328x1001
On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations) <tsparks@appliedops.net> wrote:
On Mon, Sep 22, 2008 at 05:17:42PM -0400, Christopher Morrow wrote:
So... apparently AS27595 is back on the air, with aspath's like: 6461 23342 27595 6539 23342 27595 8075 23342 27595
23342 == UnitedLayer, Tom isn't that you or is that another Tom I'm remembering?
Yep, same Tom, I was one of the founders of UnitedLayer. I haven't been there since 2006, so its not my doing.
yup, didn't particularly mean it was 'your doing' (even if you were there) but that perhaps (if you were still there) you might be able to influence the ops folks some... if you thought it worthy.
I also noticed AS paths like this: * 69.22.162.0/23 701 2914 32335 6461 23342 27595 i
I'm not sure whats going on there, but I'm thinking someone needs some help :)
yea I suspect that's a history route (or PIE re-opened the links between PIE/Atrivo). Or... Abovenet & PIE & NTT aren't filtering their customers in a way that keeps PIE form providing transit to NTT for Abovenet :( (NTT says loud and long they filter based on IRR data, PIE might not have updated their IRR info?) wierd though.
On Mon, Sep 22, 2008 at 5:48 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Mon, Sep 22, 2008 at 5:25 PM, Tom Sparks (Applied Operations) <tsparks@appliedops.net> wrote:
I also noticed AS paths like this: * 69.22.162.0/23 701 2914 32335 6461 23342 27595 i
I'm not sure whats going on there, but I'm thinking someone needs some help :)
yea I suspect that's a history route (or PIE re-opened the links between PIE/Atrivo). Or... Abovenet & PIE & NTT aren't filtering their customers in a way that keeps PIE form providing transit to NTT for Abovenet :( (NTT says loud and long they filter based on IRR data, PIE might not have updated their IRR info?)
wierd though.
actually, I think PIE sees this route from 6461 and passes it along probably because they didn't update the filters on their sessions when they dropped the links to 27595 :( Also they didn't update the IRR data to remove this set of prefixes. bummers.
On Mon, Sep 22, 2008 at 05:50:58PM -0400, Christopher Morrow wrote:
actually, I think PIE sees this route from 6461 and passes it along probably because they didn't update the filters on their sessions when they dropped the links to 27595 :(
Has anyone actually confirmed that the link is dropped with PIE?
Also they didn't update the IRR data to remove this set of prefixes.
Looks like they've got all kindsa stuff in there... -- Tom Sparks (415) 367-7328x1001
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in running it
I have no dog in this fight, but I would comment on the "small shop" issue as it relates to handling abuse complaints.
I own a small colo/hosting shop too. We don't have many employees. If we had to deal with so many abuse complaints that things were "getting lost in the noise", I'd have to seriously examine my AUP and associated enforcement policies, add staff to handle abuse issues, or both. Being small isn't an excuse. In fact, a small shop that runs a clean network should be far better at handling abuse issues than the larger players could ever hope to be.
I would have to agree with this latter bit. We count incidents per YEAR. On a hand. Mostly because we haven't made a habit of accepting random clients, I guess, but were it a problem, it would be made not to be. Being proactive is a big part of this. For example, when ARIN began to allow abuse contacts for IP space, we fairly quickly registered a POC for it. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
http://www.giantitp.com/comics/oots0595.html I think that sums up this thread. On Tue, 23 Sep 2008, Joe Greco wrote:
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Intercage is not a big shop, there are very few people involved in running it
I have no dog in this fight, but I would comment on the "small shop" issue as it relates to handling abuse complaints.
I own a small colo/hosting shop too. We don't have many employees. If we had to deal with so many abuse complaints that things were "getting lost in the noise", I'd have to seriously examine my AUP and associated enforcement policies, add staff to handle abuse issues, or both. Being small isn't an excuse. In fact, a small shop that runs a clean network should be far better at handling abuse issues than the larger players could ever hope to be.
I would have to agree with this latter bit. We count incidents per YEAR. On a hand. Mostly because we haven't made a habit of accepting random clients, I guess, but were it a problem, it would be made not to be.
Being proactive is a big part of this. For example, when ARIN began to allow abuse contacts for IP space, we fairly quickly registered a POC for it.
... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Sep 22, 2008, at 4:33 PM, Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame an NSP/ISP/Hoster for what their clients do, it takes real dedication to find out whats *actually* going on.
Tom, Atrivo is not just a spammer, and Intercage has _not_ "taken care of" problems - unless you count moving IP addresses around as "taking care of" things. I'm sure the people downloading child pr0n or hosting virus / C&C servers were very inconvenienced from having to change a hostname. Pardon me if I am incredulous. And not because we were not dedicated in trying to find out what was *actually* going on. Try reading up on your friend before accusing the community of not doing due diligence. And don't give me any BS about not reading his abuse@ mail. Eventually ignorance (willful ignorance?) in the service of evil becomes indistinguishable from malice. Basically, THAT is what it boils down to for me, and apparently everyone else as well. -- TTFN, patrick
On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
I also don't believe Intercage was complicit in any net-crime; Thats not to say it didn't exist, but more along the lines of they got lost in the noise of running a business.
Which is not acceptable. You answer your abuse complaints, you shut down your spammers. Period, end of subject. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
On Sep 22, 2008, at 1:33 PM, Tom Sparks (Applied Operations) wrote:
I also don't believe Intercage was complicit in any net-crime; Thats not to say it didn't exist, but more along the lines of they got lost in the noise of running a business.
Which is not acceptable. You answer your abuse complaints, you shut down your spammers. Period, end of subject.
That's a bit '90's. I'll settle for s/answer/handle/, because I don't think that most sites are willing to actually discuss abuse issues with random folks submitting complaints, and so that leaves you with either sending a form letter of some sort, or not saying anything. Further, many places seem to send form letters but not do anything. I am not sure that there is much (or any) value-add in sending a response, unless further information is needed.
From my point of view, the best response is when the problem simply goes away. A personal reply (rather than a form letter) is also generally a really good sign that someone cares enough to show that they're doing something, but again that seems to be the exception rather than the norm. The Afterburner experience, however, should be an excellent example for the difference that simply *showing* you care and are doing something makes.
... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Sep 23, 2008, at 8:12 PM, Joe Greco wrote:
Which is not acceptable. You answer your abuse complaints, you shut down your spammers. Period, end of subject.
That's a bit '90's. I'll settle for s/answer/handle/, because I don't think that most sites are willing to actually discuss abuse issues with random folks submitting complaints, and so that leaves you with either sending a form letter of some sort, or not saying anything.
I went out of my way to get it written into our customer contract that we can discuss abuse issues with the affected parties. And I am simply an employee, neither an executive nor an owner, so this took a bit of doing. But it has given me great pleasure the few times that we made a mistake with a customer, and I got to tell the affected parties that the abuser is now homeless ;-) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Tom Sparks (Applied Operations) wrote:
Basically is what it boils down to for me - its easy to blame an NSP/ISP/Hoster for what their clients do, it takes real dedication to find out whats *actually* going on.
We did, and now we're solving the problem. Andrew
participants (8)
-
Andrew D Kirch -
Christopher Morrow -
Drew Linsalata -
Gadi Evron -
Jo Rhett -
Joe Greco -
Patrick W. Gilmore -
Tom Sparks (Applied Operations)