Feeds

Net pariah Intercage back among the dead

No more Global Crossing

Seven Steps to Software Security

Updated After returning from the dead two days ago, network provider and internet pariah Intercage has once again been knocked offline.

Websites served by Intercage started to become inaccessible on Wednesday afternoon after backbone provider Global Crossing began filtering internet protocol addresses assigned to the California-based company. The move, which largely negated the decision by transit provider UnitedLayer to offer upstream service to Intercage, blocked most of the net provider's traffic. Because of peering agreements in place, about 25 percent of the websites it hosted were still accessible, said Aaron Hughes, UnitedLayer's head of operations.

"It has come to our attention that United Layer is now routing traffic for Intercage (AS 27595) over the Global Crossing network," Andrew Ramsey, Global Crossing's manager of information security operations, wrote in an email sent to UnitedLayer on Wednesday morning. "Intercage was removed from our network for violating our acceptable use policy, and is not welcome to return under any circumstance."

UnitedLayer initially declined Ramsey's request to stop routing Inetercage's net traffic over Global Crossing's network. But by Thursday afternoon, after receiving 28 confirmed violations of its acceptible usage policy, UnitedLayer stopped anouncing any routes from Intercage, a move that completely severed its connection to the outside world.

"To the extent that things were quote unquote infected, from our perspective they were trying legitimately it seemed to reform," UnitedLayer COO Richard Donaldson told The Register. "I think there was just too much to do. In light of that, it was safer to keep them off."

Hughes said Intercage employees in many instances responded to the complaints by promptly removing the abusive sites, but that over time, after forwarding complaints, "we continued to get confirmation that there were [abusive] hosts still up."

Intercage and Global Crossing representatives didn't respond to requests for comment at time of writing.

Over the past month, Intercage has been struggling for survival following reports that it hosts a large concentration of sites engaged in phishing, spam, and malware. After being dumped by a succession of transit providers and briefly going dark, UnitedLayer emerged as Intercage's white knight, agreeing to provide it service as long as it abides by UnitedLayer's acceptable use policy.

For years, security professionals have widely criticized Intercage for carrying a large amount of abusive traffic over its network. Earlier this month, they ratcheted up the pressure on upstream providers of Intercage after researchers said a random sampling of 2,600 Intercage addresses revealed 7,340 malicious web links, 910 infected websites, 310 malicious binaries, and 113 botnet command and control servers.

After growing increasingly isolated, Emil Kacperski earlier this week said he was severing all ties with Esthost, which he said was responsible for 25 percent to 50 percent of Intercage's revenue. He also pledged to overhaul his abuse reporting system so employees could more quickly disconnect customers engaging in malicious activity. Security professionals have remained skeptical, as the Global Crossing move would suggest.

But it's questionable exactly how effective this method of ostracization is. Within hours of being dumped by Intercage, Esthost, and its sister company, Estdomains, were back online through a patchwork of different hosts that have changed over time. At time of writing, Esthost appeared to be sitting in Cernel.net IP space, based on trace route results and border gateway protocol table information.

What's more, a trace route of Estdomains shows the registrar is now using the services of Petersberg Transit Telecom and ReTN net. That's right, Global Crossing, and a variety of other big name providers, are accepting Estdomains and Esthost IP allocation prefixes.

We contacted Global Crossing a second time but have yet to receive a response.

This endless game of Whackamole is one of the many reasons we've opined that the current take-down process is highly imperfect.

We're not the only ones to say so.

"Esthost is traversing Global Crossing's network as we speak and everybody else's, for that matter," Donaldson said. "All you've done is force Esthost go more underground and become less visible, less, containable and less capable of even being approached by law enforcement. So the community can certainly cheer that they've in essence targeted this company, but the root of the problem has not been fixed." ®

(This story was updated to correct the identity of the company providing IP space to Esthost. It is Cernel.net, not GoDaddy, as incorrectly reported previously. The update also includes additional details about UnitedLayer suspending service to Intercage.)

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.