Under Attack? Call (844) END.DDoS

Timeline: Atrivo/Intercage Depeering, Dissolution

I’m no slacker, really, I’ve just been very busy with a lot of things behind the scenes. One of the things that’s consumed my time has been the Atrivo/Intercage saga. Here’s a timeline I assembled for myself recently. It’s based on the NANOG mailing list, some private lists, the CIDR Report tools, BGP analysis, and some private emails, as well as this blog post.

  • Pre-history
    • Oodles of badnes, much of it with a line through Intercage
  • 28 Aug, 2008
    • HostExploit report
  • 28 Aug, 2008
    • WaPo Krebbs piece
  • 30 Aug, 2008
    • GBLX de-peers
  • 12 Sep, 2008
    • No more upstreams
    • Atrivo CIDRs appear elsewhere (Cernel, Pilosoft, etc)
    • WVFiber provides connectivity
  • 20 Sep 2008
    • Pacific Internet Exchange gets involved …
  • 21 Sep 2008
    • Atrivo again off the air
  • 22 Sep 2008
    • Atrivo back online, UnitedLayer provides upstream
  • 25 Sep 2008
    • Atrivo takes itself offline, says it will be out of business with no customers

Corrections welcome, this is roughly accurate I think.

So, some thoughts on this whole thing: no one is behind bars for what appears to have been blatantly criminal software that was hosted on this network; no one knows who was behind the operation’s malicious “customers”; no one has investigated this, it seems. And now the badness is popping up elsewhere.

We’ll have to continue to monitor this one and map the badness. We now know more rogue networks that are welcoming the hosting, and so this cycle will start again.

This is not a long-term victory.