Feeds

Net pariah Intercage back among the dead

No more Global Crossing

5 things you didn’t know about cloud backup

Updated After returning from the dead two days ago, network provider and internet pariah Intercage has once again been knocked offline.

Websites served by Intercage started to become inaccessible on Wednesday afternoon after backbone provider Global Crossing began filtering internet protocol addresses assigned to the California-based company. The move, which largely negated the decision by transit provider UnitedLayer to offer upstream service to Intercage, blocked most of the net provider's traffic. Because of peering agreements in place, about 25 percent of the websites it hosted were still accessible, said Aaron Hughes, UnitedLayer's head of operations.

"It has come to our attention that United Layer is now routing traffic for Intercage (AS 27595) over the Global Crossing network," Andrew Ramsey, Global Crossing's manager of information security operations, wrote in an email sent to UnitedLayer on Wednesday morning. "Intercage was removed from our network for violating our acceptable use policy, and is not welcome to return under any circumstance."

UnitedLayer initially declined Ramsey's request to stop routing Inetercage's net traffic over Global Crossing's network. But by Thursday afternoon, after receiving 28 confirmed violations of its acceptible usage policy, UnitedLayer stopped anouncing any routes from Intercage, a move that completely severed its connection to the outside world.

"To the extent that things were quote unquote infected, from our perspective they were trying legitimately it seemed to reform," UnitedLayer COO Richard Donaldson told The Register. "I think there was just too much to do. In light of that, it was safer to keep them off."

Hughes said Intercage employees in many instances responded to the complaints by promptly removing the abusive sites, but that over time, after forwarding complaints, "we continued to get confirmation that there were [abusive] hosts still up."

Intercage and Global Crossing representatives didn't respond to requests for comment at time of writing.

Over the past month, Intercage has been struggling for survival following reports that it hosts a large concentration of sites engaged in phishing, spam, and malware. After being dumped by a succession of transit providers and briefly going dark, UnitedLayer emerged as Intercage's white knight, agreeing to provide it service as long as it abides by UnitedLayer's acceptable use policy.

For years, security professionals have widely criticized Intercage for carrying a large amount of abusive traffic over its network. Earlier this month, they ratcheted up the pressure on upstream providers of Intercage after researchers said a random sampling of 2,600 Intercage addresses revealed 7,340 malicious web links, 910 infected websites, 310 malicious binaries, and 113 botnet command and control servers.

After growing increasingly isolated, Emil Kacperski earlier this week said he was severing all ties with Esthost, which he said was responsible for 25 percent to 50 percent of Intercage's revenue. He also pledged to overhaul his abuse reporting system so employees could more quickly disconnect customers engaging in malicious activity. Security professionals have remained skeptical, as the Global Crossing move would suggest.

But it's questionable exactly how effective this method of ostracization is. Within hours of being dumped by Intercage, Esthost, and its sister company, Estdomains, were back online through a patchwork of different hosts that have changed over time. At time of writing, Esthost appeared to be sitting in Cernel.net IP space, based on trace route results and border gateway protocol table information.

What's more, a trace route of Estdomains shows the registrar is now using the services of Petersberg Transit Telecom and ReTN net. That's right, Global Crossing, and a variety of other big name providers, are accepting Estdomains and Esthost IP allocation prefixes.

We contacted Global Crossing a second time but have yet to receive a response.

This endless game of Whackamole is one of the many reasons we've opined that the current take-down process is highly imperfect.

We're not the only ones to say so.

"Esthost is traversing Global Crossing's network as we speak and everybody else's, for that matter," Donaldson said. "All you've done is force Esthost go more underground and become less visible, less, containable and less capable of even being approached by law enforcement. So the community can certainly cheer that they've in essence targeted this company, but the root of the problem has not been fixed." ®

(This story was updated to correct the identity of the company providing IP space to Esthost. It is Cernel.net, not GoDaddy, as incorrectly reported previously. The update also includes additional details about UnitedLayer suspending service to Intercage.)

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.