B2 Net Solutions / Servermania - Shifting ColoCrossing's Spam

Discussion in 'The Pub (Off topic discussion)' started by drmike, Jul 23, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Still on vacation time, so this is just a glancing jab.

    When ColoCrossing recently stemmed the flow of spam on their network, I said to a number of people that if CC continued to do so, they would be shifting their SPAMMERS to "partners".  That is to say, hiding said bad actors on other ASNs, but still on the CC network.

    Last week we saw an IP range in CC's control and owned by ServerCentral in Chicago get soiled by spam.

    Now I am pointing to more of this and more uptick notably out of ServerMania / B2 Net Solutions.

    B2 Net just received another /16 of IP space which is meh, fictional justification at best.  245k+ IPs under B2 Net's control now.  + 65k = 310k+ total.  For those in the know, B2 Net / Servermania owners are besties with Biloh and have more than a working relationship, ehh partners.

    Some interesting views of B2 Net:

    http://bgp.he.net/AS55286#_prefixes

    http://www.senderbase.org/lookup/org/?search_string=B2%20Net%20Solutions
     
    Last edited by a moderator: Jul 23, 2014
  2. HalfEatenPie

    HalfEatenPie The Irrational One Retired Staff

    2,890
    1,386
    Mar 25, 2013
    HalfEatenPie
    Funny thing.

    The other day one of CC's IPs tried to brute force through my Wordpress installation.  

    Got to send a fun little abuse e-mail to them.  Hopefully they take care of that!  
     
  3. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    Last week we also saw this csf.deny firewall rule added to all my servers "138.128.112.0/20 #do not delete" :)
     
    Last edited by a moderator: Jul 23, 2014
  4. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    Good luck with that.  I have never received a response to any abuse report I've sent their way.  In a couple of cases, the severity of the abuse ramped up quite a bit after sending a report in.

    Honestly pretty close to just blocking their entire ASN at this point.
     
  5. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    File the abuse reports on WHT. :p  I got an immediate response from Ernie via PM and an almost instant null routing of the offending (port scanner) IP a few weeks ago. http://www.webhostingtalk.com/showpost.php?p=9160291&postcount=27
     
    WSWD and drmike like this.
  6. MartinD

    MartinD Retired Staff Retired Staff Verified Provider

    1,410
    1,278
    May 15, 2013
    I wonder what would happen if a number of large providers started dropping their ASN entirely.
     
  7. kcaj

    kcaj New Member

    117
    44
    Apr 30, 2014
    Probably wouldn't work in your favour if you were to do it at a corporate level.
     
  8. concerto49

    concerto49 New Member Verified Provider

    960
    200
    May 5, 2013
    You would need the transit carriers / ISPs to do it to have any real effect.
     
  9. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Dropping their ASN is bound to happen as more admins wake up and realize the origin of so many of their headaches.

    All this time, only a handful of us have been looking at the waste stream flowing from CC.  Certainly are small networks entirely blocking CC's IP ranges already.  

    It's about time we fashion a script for end users and others to simply ban CC and directly from CC's ASN IP info/IP allocation.. so it never gets out of date, stale, etc.
     
  10. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
  11. Kris

    Kris New Member

    167
    113
    May 7, 2013
     
  12. Schultz

    Schultz New Member

    129
    33
    Jun 3, 2014
    Perhaps all this spam has been a smoke-screen for what CC is actually doing; collecting IPs!
     
  13. wlanboy

    wlanboy Content Contributer

    2,126
    1,169
    May 16, 2013
    More of a WIN-WIN situation.

    They got paid by spammers for collecting IPs.

    They don't care because if someone is buing them they get cleaned.
     
    Kris likes this.
  14. D. Strout

    D. Strout Resident IPv6 Proponent

    1,180
    365
    Apr 17, 2013
    This isn't too surprising. They peer with each other, they both have way more IPs than they should, they both offer dirt-cheap servers. They're besties, really - they probably have a monthly circlejerk in Buffalo while bemoaning how mean Spamhaus is while sitting on a pile of money thrown their way by ROKSO spammers.
     
    Kris and drmike like this.