Mailing List Archive

Re: Atrivo/Intercage: NO Upstream depeer
Hello,

It's true that David from PIE disconnected our link approx 9pm or so yesterday.  Things were going perfect, no complaints for a few weeks now.  The only thing I believe is that NTT gave lots of pressure to PIE.  For some unknown reason when I tried to reach out to the security guy at NTT he basically said our contract is with PIE.

So in a time like this you really get to know who your friends are and who should be avoided.

Onward and upward!  What doesn't kill you only makes you stronger ;-).  Just feel bad for the customers for which I am truly sorry for right now ;-(.

Thanks!

Contact: Emil Kacperski

Company: Intercage Inc. - Atrivo

Dedicated Servers

San Francisco Datacenter

E-Mail: emil@intercage.com

Phone: 925-550-3947

ICQ: 23531098
RE: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Emil,

You have a lot of loyal legit customers. What's your plans? Seems like your
taking action against the bad clients which is great. Where does this leave
Intercage? You seeking alternative routes currently? Offering refunds to
those loyal clients?


James

-----Original Message-----
From: Emil Kacperski [mailto:emilkacp@yahoo.com]
Sent: Sunday, September 21, 2008 3:20 PM
To: nanog@nanog.org
Subject: Re: Atrivo/Intercage: NO Upstream depeer

Hello,

It's true that David from PIE disconnected our link approx 9pm or so
yesterday.  Things were going perfect, no complaints for a few weeks now. 
The only thing I believe is that NTT gave lots of pressure to PIE.  For some
unknown reason when I tried to reach out to the security guy at NTT he
basically said our contract is with PIE.

So in a time like this you really get to know who your friends are and who
should be avoided.

Onward and upward!  What doesn't kill you only makes you stronger ;-).  Just
feel bad for the customers for which I am truly sorry for right now ;-(.

Thanks!

Contact: Emil Kacperski

Company: Intercage Inc. - Atrivo

Dedicated Servers

San Francisco Datacenter

E-Mail: emil@intercage.com

Phone: 925-550-3947

ICQ: 23531098
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Emil Kacperski wrote:

> It's true that David from PIE disconnected our link approx 9pm or so
> yesterday. Things were going perfect, no complaints for a few weeks
> now. The only thing I believe is that NTT gave lots of pressure to
> PIE. For some unknown reason when I tried to reach out to the
> security guy at NTT he basically said our contract is with PIE.


Some days the dragon wins, some days the knight does.
RE: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Hey James,

That's the worst part in all this, so many been with me for years!  I just put my fate into companies I shouldn't have.  NLayer was bought and Liteup held control of the SF pop, who is fully at the mercy of NLayer / ServerCentral.  WVFiber was bought by Host.NET and Randy simply made a choice.  And David from PIE I knew who he was from others but hey he has been at the datacenter with me for a number of years, so I gave him the benefit of the doubt.

Spamhaus a few days ago added his IP's as a /22.  And surprise surprise now it's a /32!

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL67906

David didn't even have the balls to contact me and let me know what happened.  Has ignored any phone calls, etc.  Just told him router admin not to do anything without his approval.  In fact his technician acted at first as he didn't know what happened.

Just need to put all this behind me. 

Thanks!

Contact: Emil Kacperski

Company: Intercage Inc. - Atrivo

Dedicated Servers

San Francisco Datacenter

E-Mail: emil@intercage.com

Phone: 925-550-3947

ICQ: 23531098
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Had you responded to the hundreds of abuse complaints over the years
this would not have happened.

Sorry, no sympathy for you or the customers not smart enough to move
over the last few years of very overt negative news about you.

Matt

Emil Kacperski wrote:
> Hey James,
>
> That's the worst part in all this, so many been with me for years! I just put my fate into companies I shouldn't have. NLayer was bought and Liteup held control of the SF pop, who is fully at the mercy of NLayer / ServerCentral. WVFiber was bought by Host.NET and Randy simply made a choice. And David from PIE I knew who he was from others but hey he has been at the datacenter with me for a number of years, so I gave him the benefit of the doubt.
>
> Spamhaus a few days ago added his IP's as a /22. And surprise surprise now it's a /32!
>
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL67906
>
> David didn't even have the balls to contact me and let me know what happened. Has ignored any phone calls, etc. Just told him router admin not to do anything without his approval. In fact his technician acted at first as he didn't know what happened.
>
> Just need to put all this behind me.
>
> Thanks!
>
> Contact: Emil Kacperski
>
> Company: Intercage Inc. - Atrivo
>
> Dedicated Servers
>
> San Francisco Datacenter
>
> E-Mail: emil@intercage.com
>
> Phone: 925-550-3947
>
> ICQ: 23531098
>
>
>

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Matt,

Don't believe everything you read.  I have unfortunately been a target over the years
because I rented machines to Esthost.  But the stories made up are way out there.
It's all very easy a dedicated server / customer relationship - nothing more.

Never did I ignore anymore from the abuse community.  Go ahead and find me
a IP address that did any spam or anything.  You won't find it, I can't remember
the last time I got any Spamcop complaints.  Not even going to mention Spamhaus
because we all know there abuse.

"We asked a handful of Intercage's most vocal critics if they sent take
down requests to Kacperski. None said yes. "In his defense, what may
have finally happened is that malware researchers stopped bothering to
report" abusive sites," Eckelberry says."

None said YES!  That pretty much sums it all up.  Maybe I could of reached out
more, I guess that was my mistake.  But it surely is impossible to deal with if
you have to deal with people like John Reid.

Thanks! 

Contact: Emil Kacperski

Company: Intercage Inc. - Atrivo

Dedicated Servers

San Francisco Datacenter

E-Mail: emil@intercage.com

Phone: 925-550-3947

ICQ: 23531098
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
On Sep 21, 2008, at 4:21 PM, Emil Kacperski wrote:

> Don't believe everything you read.

Most excellent advice.

[SNIP]

--
TTFN,
patrick
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Considering the years of abuse, DNSBL listings, ROKSO listings, further
abuse, and silence at the abuse switch, I _CERTAINLY_ would not send
Atrivo abuse reports, I would send them to the upstreams instead.
Considering the almost 40 page white paper produced last month on the
abuse from Atrivo, for me to change this practice, I would require:
* a rapid, and verifiable response from Atrivo here over some
period of time exceeding several months, and continuing thereafter,
* the clearing of SBL/ROKSO records, and
* a general reduction of abuse eminating from Atrivo.

Andrew


Emil Kacperski wrote:
> Matt,
>
> Don't believe everything you read. I have unfortunately been a target over the years
> because I rented machines to Esthost. But the stories made up are way out there.
> It's all very easy a dedicated server / customer relationship - nothing more.
>
> Never did I ignore anymore from the abuse community. Go ahead and find me
> a IP address that did any spam or anything. You won't find it, I can't remember
> the last time I got any Spamcop complaints. Not even going to mention Spamhaus
> because we all know there abuse.
>
> "We asked a handful of Intercage's most vocal critics if they sent take
> down requests to Kacperski. None said yes. "In his defense, what may
> have finally happened is that malware researchers stopped bothering to
> report" abusive sites," Eckelberry says."
>
> None said YES! That pretty much sums it all up. Maybe I could of reached out
> more, I guess that was my mistake. But it surely is impossible to deal with if
> you have to deal with people like John Reid.
>
> Thanks!
>
> Contact: Emil Kacperski
>
> Company: Intercage Inc. - Atrivo
>
> Dedicated Servers
>
> San Francisco Datacenter
>
> E-Mail: emil@intercage.com
>
> Phone: 925-550-3947
>
> ICQ: 23531098
>
>
>
>
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Greetings,

I can further vouch for this... an unusually large amount of botnets
reported to DroneBL have command and control servers on Atrivo's
network.

With the amount of listings and reports I get, it is obvious that Atrivo
does not care about the abuse@ inbox... which is unfortunate.

William

On Sun, 2008-09-21 at 16:49 -0400, Andrew D Kirch wrote:
> Considering the years of abuse, DNSBL listings, ROKSO listings, further
> abuse, and silence at the abuse switch, I _CERTAINLY_ would not send
> Atrivo abuse reports, I would send them to the upstreams instead.
> Considering the almost 40 page white paper produced last month on the
> abuse from Atrivo, for me to change this practice, I would require:
> * a rapid, and verifiable response from Atrivo here over some
> period of time exceeding several months, and continuing thereafter,
> * the clearing of SBL/ROKSO records, and
> * a general reduction of abuse eminating from Atrivo.
>
> Andrew
>
>
> Emil Kacperski wrote:
> > Matt,
> >
> > Don't believe everything you read. I have unfortunately been a target over the years
> > because I rented machines to Esthost. But the stories made up are way out there.
> > It's all very easy a dedicated server / customer relationship - nothing more.
> >
> > Never did I ignore anymore from the abuse community. Go ahead and find me
> > a IP address that did any spam or anything. You won't find it, I can't remember
> > the last time I got any Spamcop complaints. Not even going to mention Spamhaus
> > because we all know there abuse.
> >
> > "We asked a handful of Intercage's most vocal critics if they sent take
> > down requests to Kacperski. None said yes. "In his defense, what may
> > have finally happened is that malware researchers stopped bothering to
> > report" abusive sites," Eckelberry says."
> >
> > None said YES! That pretty much sums it all up. Maybe I could of reached out
> > more, I guess that was my mistake. But it surely is impossible to deal with if
> > you have to deal with people like John Reid.
> >
> > Thanks!
> >
> > Contact: Emil Kacperski
> >
> > Company: Intercage Inc. - Atrivo
> >
> > Dedicated Servers
> >
> > San Francisco Datacenter
> >
> > E-Mail: emil@intercage.com
> >
> > Phone: 925-550-3947
> >
> > ICQ: 23531098
> >
> >
> >
> >
>
>
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Emil Kacperski wrote:
> Don't believe everything you read. I have unfortunately been a target over the years
> because I rented machines to Esthost. But the stories made up are way out there.
> It's all very easy a dedicated server / customer relationship - nothing more.

I don't have to believe what I read. I did the research, and I helped
write the reports. Have to say I'm VERY proud of contributing to getting
you offline.

It's not just estdomains. In fact very little of them is related to you.
It's the botnet controllers, spam, phishing sites, etc. If you think
those things trivial then you need to remain offline.

>
> Never did I ignore anymore from the abuse community. Go ahead and find me
> a IP address that did any spam or anything. You won't find it, I can't remember
> the last time I got any Spamcop complaints. Not even going to mention Spamhaus
> because we all know there abuse.
>

You ignored MY abuse complaints. You ignored MY emails to cooperate in
getting your net cleaned up. I have HUNDREDS of malware samples using
your nets as CnC just in the last few months! So rather than wasting my
time emailing your abuse blackhole I helped write a report about you.

Time well spent I think.

> "We asked a handful of Intercage's most vocal critics if they sent take
> down requests to Kacperski. None said yes. "In his defense, what may
> have finally happened is that malware researchers stopped bothering to
> report" abusive sites," Eckelberry says."

They didn't ask me. I sent plenty. And if you read his full comments I'm
sure he goes on to say "because they were tired of having their time
wasted by you ignoring them for YEARS!"

But this thread isn't what nanog is for. We should end this here, until
Emil finds someone else willing to peer his crap. Then we can decide how
to get that handled.

Matt

>
> None said YES! That pretty much sums it all up. Maybe I could of reached out
> more, I guess that was my mistake. But it surely is impossible to deal with if
> you have to deal with people like John Reid.
>
> Thanks!
>
> Contact: Emil Kacperski
>
> Company: Intercage Inc. - Atrivo
>
> Dedicated Servers
>
> San Francisco Datacenter
>
> E-Mail: emil@intercage.com
>
> Phone: 925-550-3947
>
> ICQ: 23531098
>
>
>

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Hello all,

Andrew:
It is truly enlightening, to say the least, that you want to talk about all of the SBL Listings, all of the DNSBL Listings, and all of the abuse on our network has never had action taken.

-----

In Spamhaus' article, they did a history of more then ?350? SBL Listings for our company. Today, we have 6 ACTIVE Listings in the SBL. If we haven't acted on abuse claims, why do those numbers not match up?

So, sometime over the weekend, Spamhaus listed our ONLY Upstream's /22 IP Block.. There's NO Evidence of any abuse from PIE for the listing. How can they be labeled as a SPAM or Abuse Supporter after routing us for such a short time? That's ethical, legitimate, and reasonable to you?

We have ALL of our IP Space listed with Spamhaus because we have a Reseller named Esthost. While their customer track record may not be a straight arrow, they've ALWAYS taken action on abuse we've received for machines leased to them (Just like every other customer we have!).

We enacted a zero tolerance policy in light of the community delivering false information and giving false reports to news media. What did that do? It gave us the opportunity to cancel service on EVERY Machine that an abuse was reported on.
What happened shortly after? No more reports, no more abuse.

Esthost's Registrar entity, EstDomains launched a great campaign to work with the public and take in reports against Malware Customers, as that is what the news media was reporting was the issue. Over 20,000 Domains get suspended by EstDomains in a period of about a week. Your going to come back and say, "Well Directi did it in about 2 days!". Yeah? Directi had it placed right on their desk! They didn't have to launch any campaign or go out and ask the COMMUNITY for it. The people behind those false reports on our company gave them a set of Data to allow them to act that fast.

So, we see Esthost turning a corner and going out to the community with an outreach program. Community is giving support for it.
We enact a zero tolerance policy for our entire network, this isn't made public aside to a GOOD and TRUTHFUL Editor from TheRegister, Dan Goodin.
We gave ourselves 1 month to see what is going to happen between the community, and Esthost. In the final stretch of that 1 month, we get blind-sided by Spamhaus.

So now, an apparently level-headed James Thomas brings the happenings from last night into the light, and here we are.
All of the claims about us being the RBN, Emil being some Russian named "Igor", and "Atrivo" being the epicenter with such partners like InterCage. Did you forget? Emil has a split-personality, that's how they got their claim of InterCage being partnered with Atrivo. As though they're 2 seperate entities! Good Research Matt, Jart, Garth, and all the others who've written about us recently!

Thank you all for your time and responses. Good or bad, we're reading them. Have a great day.

---
Russell Mitchell
InterCage, Inc. - An un-orgranized eCrime ring based out of San Francisco, CA. We would only be so lucky!
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
William:
To date, I have never heard of the "DroneBL". I have NEVER received any report from any entity referring to that. The last report for a bot on our network was an EggDrop bot a week or so ago. The report was from the IRC Network Operator, and asked to have it removed from his network because it seemed to be 'forgotten'. It was sitting in a dead channel that hasn't had any activity for months.
He did NOT claim any abuse.

I'll be more then happy to monitor DroneBL, or have digests or reports from them in regards to our network.

-----

Matt:
It's very sad that your PROUD of you contribution to the supposed "white paper" on our company. I'd like to know, was any of your "contribution" to the report altered, or mis-represented, or are you truly unaware of how false the information you provided was?
Care to have verified it? or are you a Spamhaus admin like John Reid who has that magic stick to make a claim and attack anyone who objects to it with the truth?

If you want to see REAL Cyber Crime, take a look at what you caused Matt. Take a good look at Spamhaus, and tell me that they're entirely legitimate with their business. Oh, I forgot, they're a "Not-for-profit organization" that DOESN'T do business in the USA, nor has any clientel in the USA.

-----

There is absolutely no sense in arguing and biquering over all this crap that you guys have caused with your misinformation and false claims.
I don't know how to make this any simpler: If you see abuse from our network, report it to US. If you report it to an upstream, they'll just drop it back down to us. Obviously, we can't do anything right now with our network being OFFLINE.. But I'm dying to see who comes up with some abuse that originated from our network in this downtime! Who will be first!? Spamhaus?

Thanks again for all your time and comments. Hopefully, you all will straighten up your act, cause clearly and truthfully, we've been straight the entire time.
 ---
Russell Mitchell

InterCage, Inc.
RE: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Russell,

I really think Atrivo/Intercage has been doing great after reports
and community public action. I'm still puzzled as to the why they are still
targetting you? I have a few friends who have machines with you so and they
run legitimate companies with over 4 machines.

Emil has done everything in his power to bring his network back to
normal operations. Looks great the past 2 weeks, I wish both of you the best
of luck its hard to determine who is a solid friend and who is not. Like
emil said... It only will make you stronger.

James

-----Original Message-----
From: Russell Mitchell [mailto:russm2k8@yahoo.com]
Sent: Sunday, September 21, 2008 5:54 PM
To: nanog@nanog.org
Subject: Re: Atrivo/Intercage: NO Upstream depeer

Hello all,

Andrew:
It is truly enlightening, to say the least, that you want to talk about all
of the SBL Listings, all of the DNSBL Listings, and all of the abuse on our
network has never had action taken.

-----

In Spamhaus' article, they did a history of more then ?350? SBL Listings for
our company. Today, we have 6 ACTIVE Listings in the SBL. If we haven't
acted on abuse claims, why do those numbers not match up?

So, sometime over the weekend, Spamhaus listed our ONLY Upstream's /22 IP
Block.. There's NO Evidence of any abuse from PIE for the listing. How can
they be labeled as a SPAM or Abuse Supporter after routing us for such a
short time? That's ethical, legitimate, and reasonable to you?

We have ALL of our IP Space listed with Spamhaus because we have a Reseller
named Esthost. While their customer track record may not be a straight
arrow, they've ALWAYS taken action on abuse we've received for machines
leased to them (Just like every other customer we have!).

We enacted a zero tolerance policy in light of the community delivering
false information and giving false reports to news media. What did that do?
It gave us the opportunity to cancel service on EVERY Machine that an abuse
was reported on.
What happened shortly after? No more reports, no more abuse.

Esthost's Registrar entity, EstDomains launched a great campaign to work
with the public and take in reports against Malware Customers, as that is
what the news media was reporting was the issue. Over 20,000 Domains get
suspended by EstDomains in a period of about a week. Your going to come back
and say, "Well Directi did it in about 2 days!". Yeah? Directi had it placed
right on their desk! They didn't have to launch any campaign or go out and
ask the COMMUNITY for it. The people behind those false reports on our
company gave them a set of Data to allow them to act that fast.

So, we see Esthost turning a corner and going out to the community with an
outreach program. Community is giving support for it.
We enact a zero tolerance policy for our entire network, this isn't made
public aside to a GOOD and TRUTHFUL Editor from TheRegister, Dan Goodin.
We gave ourselves 1 month to see what is going to happen between the
community, and Esthost. In the final stretch of that 1 month, we get
blind-sided by Spamhaus.

So now, an apparently level-headed James Thomas brings the happenings from
last night into the light, and here we are.
All of the claims about us being the RBN, Emil being some Russian named
"Igor", and "Atrivo" being the epicenter with such partners like InterCage.
Did you forget? Emil has a split-personality, that's how they got their
claim of InterCage being partnered with Atrivo. As though they're 2 seperate
entities! Good Research Matt, Jart, Garth, and all the others who've written
about us recently!

Thank you all for your time and responses. Good or bad, we're reading them.
Have a great day.

---
Russell Mitchell
InterCage, Inc. - An un-orgranized eCrime ring based out of San Francisco,
CA. We would only be so lucky!
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
On Sun, 21 Sep 2008, Russell Mitchell wrote:
> Hello all,
>
> Andrew:
> It is truly enlightening, to say the least, that you want to talk about all of the SBL Listings, all of the DNSBL Listings, and all of the abuse on our network has never had action taken.

"Don't kick someone when they are down". Okay.

I have but one question, why are you speaking to us all now, instead of
last week or last month?

Gadi.


> -----
>
> In Spamhaus' article, they did a history of more then ?350? SBL Listings for our company. Today, we have 6 ACTIVE Listings in the SBL. If we haven't acted on abuse claims, why do those numbers not match up?
>
> So, sometime over the weekend, Spamhaus listed our ONLY Upstream's /22 IP Block.. There's NO Evidence of any abuse from PIE for the listing. How can they be labeled as a SPAM or Abuse Supporter after routing us for such a short time? That's ethical, legitimate, and reasonable to you?
>
> We have ALL of our IP Space listed with Spamhaus because we have a Reseller named Esthost. While their customer track record may not be a straight arrow, they've ALWAYS taken action on abuse we've received for machines leased to them (Just like every other customer we have!).
>
> We enacted a zero tolerance policy in light of the community delivering false information and giving false reports to news media. What did that do? It gave us the opportunity to cancel service on EVERY Machine that an abuse was reported on.
> What happened shortly after? No more reports, no more abuse.
>
> Esthost's Registrar entity, EstDomains launched a great campaign to work with the public and take in reports against Malware Customers, as that is what the news media was reporting was the issue. Over 20,000 Domains get suspended by EstDomains in a period of about a week. Your going to come back and say, "Well Directi did it in about 2 days!". Yeah? Directi had it placed right on their desk! They didn't have to launch any campaign or go out and ask the COMMUNITY for it. The people behind those false reports on our company gave them a set of Data to allow them to act that fast.
>
> So, we see Esthost turning a corner and going out to the community with an outreach program. Community is giving support for it.
> We enact a zero tolerance policy for our entire network, this isn't made public aside to a GOOD and TRUTHFUL Editor from TheRegister, Dan Goodin.
> We gave ourselves 1 month to see what is going to happen between the community, and Esthost. In the final stretch of that 1 month, we get blind-sided by Spamhaus.
>
> So now, an apparently level-headed James Thomas brings the happenings from last night into the light, and here we are.
> All of the claims about us being the RBN, Emil being some Russian named "Igor", and "Atrivo" being the epicenter with such partners like InterCage. Did you forget? Emil has a split-personality, that's how they got their claim of InterCage being partnered with Atrivo. As though they're 2 seperate entities! Good Research Matt, Jart, Garth, and all the others who've written about us recently!
>
> Thank you all for your time and responses. Good or bad, we're reading them. Have a great day.
>
> ---
> Russell Mitchell
> InterCage, Inc. - An un-orgranized eCrime ring based out of San Francisco, CA. We would only be so lucky!
>
>
>
>
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Russell Mitchell wrote:
> Hello all,
>
> Andrew:
> It is truly enlightening, to say the least, that you want to talk about all of the SBL Listings, all of the DNSBL Listings, and all of the abuse on our network has never had action taken.
>
> -----
>
> In Spamhaus' article, they did a history of more then ?350? SBL Listings for our company. Today, we have 6 ACTIVE Listings in the SBL. If we haven't acted on abuse claims, why do those numbers not match up?
>
I didn't say deal with some of them, I said deal with _ALL_ of them. I
have 0 SBL Listings, 0 ROKSO listings. There's not an acceptable
minimum. Don't host abusers, period. No points are given for half effort.
> So, sometime over the weekend, Spamhaus listed our ONLY Upstream's /22 IP Block.. There's NO Evidence of any abuse from PIE for the listing. How can they be labeled as a SPAM or Abuse Supporter after routing us for such a short time? That's ethical, legitimate, and reasonable to you?
>
There were listings of PIE earlier this week as well. I am not with
Spamhaus and I don't speak for them, but I think that the legitimacy
threshold is met by being consistent with their own listing criteria.
As you have nothing other than a vague insinuation otherwise, your claim
here fails.
> We have ALL of our IP Space listed with Spamhaus because we have a Reseller named Esthost. While their customer track record may not be a straight arrow, they've ALWAYS taken action on abuse we've received for machines leased to them (Just like every other customer we have!).
>
Damn, did you forgot the botnet C&C's? The Credit Card Fraud, the 40
page report documenting Atrivo's abuse of the Internet?
> We enacted a zero tolerance policy in light of the community delivering false information and giving false reports to news media. What did that do? It gave us the opportunity to cancel service on EVERY Machine that an abuse was reported on.
> What happened shortly after? No more reports, no more abuse.
>
0 Tolerance = 6 SBL listings? 0 != 6
> Esthost's Registrar entity, EstDomains launched a great campaign to work with the public and take in reports against Malware Customers, as that is what the news media was reporting was the issue. Over 20,000 Domains get suspended by EstDomains in a period of about a week. Your going to come back and say, "Well Directi did it in about 2 days!". Yeah? Directi had it placed right on their desk! They didn't have to launch any campaign or go out and ask the COMMUNITY for it. The people behind those false reports on our company gave them a set of Data to allow them to act that fast.
>
Directi was a slightly stagnate pond compared to the sewer which is Atrivo.
> So, we see Esthost turning a corner and going out to the community with an outreach program. Community is giving support for it.
> We enact a zero tolerance policy for our entire network, this isn't made public aside to a GOOD and TRUTHFUL Editor from TheRegister, Dan Goodin.
> We gave ourselves 1 month to see what is going to happen between the community, and Esthost. In the final stretch of that 1 month, we get blind-sided by Spamhaus.
>
Yep, the British Tabloids are always accurate. Dan's pretty new there,
and they have better security writers.
> So now, an apparently level-headed James Thomas brings the happenings from last night into the light, and here we are.
> All of the claims about us being the RBN, Emil being some Russian named "Igor", and "Atrivo" being the epicenter with such partners like InterCage. Did you forget? Emil has a split-personality, that's how they got their claim of InterCage being partnered with Atrivo. As though they're 2 seperate entities! Good Research Matt, Jart, Garth, and all the others who've written about us recently!
After the years of abuse it doesn't matter if there's a factual basis
for where I send my e-mail reports (I think I've demonstrated that there
still is), or merely a visceral dislike of the long-standing business
practices at Atrivo (I think I've demonstrated that as well).

Andrew
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Gadi Evron wrote:
> On Sun, 21 Sep 2008, Russell Mitchell wrote:
>> Hello all,
>>
>> Andrew:
>> It is truly enlightening, to say the least, that you want to talk
>> about all of the SBL Listings, all of the DNSBL Listings, and all of
>> the abuse on our network has never had action taken.
>
> "Don't kick someone when they are down". Okay.
>
> I have but one question, why are you speaking to us all now, instead
> of last week or last month?
>
> Gadi.
I think he figured out that there's bite to go with the bark.

Andrew
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Russell Mitchell wrote:
> -----
>
> Matt:
> It's very sad that your PROUD of you contribution to the supposed "white paper" on our company. I'd like to know, was any of your "contribution" to the report altered, or mis-represented, or are you truly unaware of how false the information you provided was?
> Care to have verified it? or are you a Spamhaus admin like John Reid who has that magic stick to make a claim and attack anyone who objects to it with the truth?

I'd love to, but nanog isn't the place. I'll be in san fran in the near
future. Lets sit down over a beer, I'll bring the research and you can
look it over yourself. That would be far more productive than this. I
think a few other folks would love to meet up with you as well. Maybe
Emil can join us too?

It's easy to insinuate from behind a keyboard. Lets get down to facts.

But take this off nanog. This is NOT the place for it. Let me know when
you'l be in town, I'll schedule my travel in that direction to meet up soon.

Matt

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Russell Mitchell wrote:
> Andrew:
> If you have seen how Spamhaus handles our resolved SBL Listings, you
> would know.
> Those 6 listings have been resolved for a week now. John Reid and
> his goons only provide swift LISTINGS, _NOT_ delistings.
>
Possibly why they're so widely used.
>
> In the past 12 months, I have received not 1 report of a botnet on our
> network.
Your e-mail is broken, or you're a liar, or both
> Phishing pages are always nullrouted at the time of the report. The
> "40 page report" you keep referring to is a complete farse.
it's 'farce' but that couldn't matter less.
> But, undoubtably, you truly believe that there is an "Atrivo" and
> InterCage is a "partner in crime" to Atrivo huh?
Results *1* - *10* of about *26,900* for atrivo.
Results *1* - *10* of about *2,390* for *atrivo crime
<http://www.google.com/url?q=http://www.answers.com/crime&r=67&sa=X&oi=dict&ct=D&cd=1&ei=xdTWSInuLpKsgQKTjOTqCA&sig2=4_AAUrDMpVIAAFUehFoFNA&usg=AFQjCNFDtuAxxhp6jkB15m7JZih5ySf2RQ>*.
Results *1* - *10* of about *1,880* for *atrivo fraud
<http://www.google.com/url?q=http://www.answers.com/fraud&r=67&sa=X&oi=dict&ct=D&cd=1&ei=1NTWSNGPG5XIhgKMyZzaCA&sig2=zfBNv_8RR8gu9QGtmQIoFg&usg=AFQjCNGithiupXgqQTx4_5iVimy3I7hDeA>*.
Results *1* - *10* of about *1,100* for *atrivo phish*.

It seems that at least 26,900 people join me in the first fantasy, and
6000 or so join me in the second. Cult meetings are on Thrusday, we'll
sacrifice a spammer.
> Anything else you'd like to throw at me here on NANOG?
Sure, but I havn't figured out how to hit someone with a two-by-four
over the Internet.
> I truly feel that there are very FEW in the anti-abuse community
> that smelling fresh air. If you knew where you head was, and where it
> should be, maybe this conversation and the happenings in the recent
> week would have actually gave benefit to the internet in whole.
Atrivo/Intercage is off the Internet. That sounds like Mission
Accomplished to me.


I'm done now, there's clearly nothing I can do to impart a clue here.

Andrew
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Matt:
I've already put this offer up. I'll be more then happy to meet up at our datacenter and take you through our space.
What I find funny is, your the first one whom participated in the recent reports to actually take up and respond to us.
I've emailed Garth and Jart, and both of them refused to respond.

I emailed both of them requesting the same information they gave to Directi. If they were able to provide Directi with a list of 20,000+ domains from their control that were abusive, why can't they provide US directly with a single 1?

Then, release a joint-statement talking about how the companies need to come together to combat the abusive activities across the net, yet when we extend our hand and open up our network, we don't even get a response!

Directi went from being a "partner in crime" with us to being a great anti-abuse supporting company.. How can YOU claim that WE don't do anything, if you won't report your findings in the first place? Got recent stuff? Why are you willing to give it now that we're OFFLINE? What can we do about it NOW at this very minute?

You tell me when your going to be in San Francisco, and I'll make myself available.

Thank you for your time. Have a great day.
 ---
Russell Mitchell

InterCage, Inc.

P.S. I just realized all my responses to earlier people like Gadi and them were direct and not cc to NANOG. Will "Reply to all" now :)



----- Original Message ----
From: Matt Jonkman <jonkman@jonkmans.com>
To: Russell Mitchell <russm2k8@yahoo.com>
Cc: nanog@nanog.org
Sent: Sunday, September 21, 2008 4:02:15 PM
Subject: Re: Atrivo/Intercage: NO Upstream depeer

Russell Mitchell wrote:
> -----
>
> Matt:
> It's very sad that your PROUD of you contribution to the supposed "white paper" on our company. I'd like to know, was any of your "contribution" to the report altered, or mis-represented, or are you truly unaware of how false the information you provided was?
> Care to have verified it? or are you a Spamhaus admin like John Reid who has that magic stick to make a claim and attack anyone who objects to it with the truth?

I'd love to, but nanog isn't the place. I'll be in san fran in the near
future. Lets sit down over a beer, I'll bring the research and you can
look it over yourself. That would be far more productive than this. I
think a few other folks would love to meet up with you as well. Maybe
Emil can join us too?

It's easy to insinuate from behind a keyboard. Lets get down to facts.

But take this off nanog. This is NOT the place for it. Let me know when
you'l be in town, I'll schedule my travel in that direction to meet up soon.

Matt

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
I will do so. Look forward to the tour.

Matt

Russell Mitchell wrote:
> Matt:
> I've already put this offer up. I'll be more then happy to meet up at
> our datacenter and take you through our space.
> What I find funny is, your the first one whom participated in the recent
> reports to actually take up and respond to us.
> I've emailed Garth and Jart, and both of them refused to respond.
>
> I emailed both of them requesting the same information they gave to
> Directi. If they were able to provide Directi with a list of 20,000+
> domains from their control that were abusive, why can't they provide US
> directly with a single 1?
>
> Then, release a joint-statement talking about how the companies need to
> come together to combat the abusive activities across the net, yet when
> we extend our hand and open up our network, we don't even get a response!
>
> Directi went from being a "partner in crime" with us to being a great
> anti-abuse supporting company. How can YOU claim that WE don't do
> anything, if you won't report your findings in the first place? Got
> recent stuff? Why are you willing to give it now that we're OFFLINE?
> What can we do about it NOW at this very minute?
>
> You tell me when your going to be in San Francisco, and I'll make myself
> available.
>
> Thank you for your time. Have a great day.
>
> ---
> Russell Mitchell
> InterCage, Inc.
>
> P.S. I just realized all my responses to earlier people like Gadi and
> them were direct and not cc to NANOG. Will "Reply to all" now :)
>
> ----- Original Message ----
> From: Matt Jonkman <jonkman@jonkmans.com>
> To: Russell Mitchell <russm2k8@yahoo.com>
> Cc: nanog@nanog.org
> Sent: Sunday, September 21, 2008 4:02:15 PM
> Subject: Re: Atrivo/Intercage: NO Upstream depeer
>
> Russell Mitchell wrote:
>> -----
>>
>> Matt:
>> It's very sad that your PROUD of you contribution to the supposed
> "white paper" on our company. I'd like to know, was any of your
> "contribution" to the report altered, or mis-represented, or are you
> truly unaware of how false the information you provided was?
>> Care to have verified it? or are you a Spamhaus admin like John Reid
> who has that magic stick to make a claim and attack anyone who objects
> to it with the truth?
>
> I'd love to, but nanog isn't the place. I'll be in san fran in the near
> future. Lets sit down over a beer, I'll bring the research and you can
> look it over yourself. That would be far more productive than this. I
> think a few other folks would love to meet up with you as well. Maybe
> Emil can join us too?
>
> It's easy to insinuate from behind a keyboard. Lets get down to facts.
>
> But take this off nanog. This is NOT the place for it. Let me know when
> you'l be in town, I'll schedule my travel in that direction to meet up soon.
>
> Matt
>
> --
> --------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net <http://www.emergingthreats.net/>
> --------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>

--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc
Re: Atrivo/Intercage: NO Upstream depeer [ In reply to ]
Emil,

If you've actually shut off the RBN, you should have no problem
finding some new transit to turn up, right?

We're in a buyer's market, and there are dozens of vendors on-net at
200 Paul who'd love a piece of your business.

Drive Slow,
Paul Wall

On Sun, Sep 21, 2008 at 3:20 PM, Emil Kacperski <emilkacp@yahoo.com> wrote:
> Hello,
>
> It's true that David from PIE disconnected our link approx 9pm or so yesterday. Things were going perfect, no complaints for a few weeks now. The only thing I believe is that NTT gave lots of pressure to PIE. For some unknown reason when I tried to reach out to the security guy at NTT he basically said our contract is with PIE.
>
> So in a time like this you really get to know who your friends are and who should be avoided.
>
> Onward and upward! What doesn't kill you only makes you stronger ;-). Just feel bad for the customers for which I am truly sorry for right now ;-(.
>
> Thanks!
>
> Contact: Emil Kacperski
>
> Company: Intercage Inc. - Atrivo
>
> Dedicated Servers
>
> San Francisco Datacenter
>
> E-Mail: emil@intercage.com
>
> Phone: 925-550-3947
>
> ICQ: 23531098
>
>
>
>