amuck-landowner

B2 Net Solutions / Servermania - Shifting ColoCrossing's Spam

drmike

100% Tier-1 Gogent
Still on vacation time, so this is just a glancing jab.

When ColoCrossing recently stemmed the flow of spam on their network, I said to a number of people that if CC continued to do so, they would be shifting their SPAMMERS to "partners".  That is to say, hiding said bad actors on other ASNs, but still on the CC network.

Last week we saw an IP range in CC's control and owned by ServerCentral in Chicago get soiled by spam.

Now I am pointing to more of this and more uptick notably out of ServerMania / B2 Net Solutions.

B2 Net just received another /16 of IP space which is meh, fictional justification at best.  245k+ IPs under B2 Net's control now.  + 65k = 310k+ total.  For those in the know, B2 Net / Servermania owners are besties with Biloh and have more than a working relationship, ehh partners.

Some interesting views of B2 Net:

http://bgp.he.net/AS55286#_prefixes

http://www.senderbase.org/lookup/org/?search_string=B2%20Net%20Solutions
 
Last edited by a moderator:

HalfEatenPie

The Irrational One
Retired Staff
Funny thing.

The other day one of CC's IPs tried to brute force through my Wordpress installation.  

Got to send a fun little abuse e-mail to them.  Hopefully they take care of that!  
 

DomainBop

Dormant VPSB Pathogen
Last week we saw an IP range in CC's control and owned by ServerCentral in Chicago get soiled by spam.
Last week we also saw this csf.deny firewall rule added to all my servers "138.128.112.0/20 #do not delete" :)
 
Last edited by a moderator:

Aldryic C'boas

The Pony
Funny thing.

The other day one of CC's IPs tried to brute force through my Wordpress installation.  

Got to send a fun little abuse e-mail to them.  Hopefully they take care of that!  
Good luck with that.  I have never received a response to any abuse report I've sent their way.  In a couple of cases, the severity of the abuse ramped up quite a bit after sending a report in.

Honestly pretty close to just blocking their entire ASN at this point.
 

DomainBop

Dormant VPSB Pathogen
Good luck with that.  I have never received a response to any abuse report I've sent their way.  In a couple of cases, the severity of the abuse ramped up quite a bit after sending a report in.

Honestly pretty close to just blocking their entire ASN at this point.
File the abuse reports on WHT. :p  I got an immediate response from Ernie via PM and an almost instant null routing of the offending (port scanner) IP a few weeks ago. http://www.webhostingtalk.com/showpost.php?p=9160291&postcount=27
 

MartinD

Retired Staff
Verified Provider
Retired Staff
I wonder what would happen if a number of large providers started dropping their ASN entirely.
 

drmike

100% Tier-1 Gogent
Dropping their ASN is bound to happen as more admins wake up and realize the origin of so many of their headaches.

All this time, only a handful of us have been looking at the waste stream flowing from CC.  Certainly are small networks entirely blocking CC's IP ranges already.  

It's about time we fashion a script for end users and others to simply ban CC and directly from CC's ASN IP info/IP allocation.. so it never gets out of date, stale, etc.
 

wlanboy

Content Contributer
Perhaps all this spam has been a smoke-screen for what CC is actually doing; collecting IPs!
More of a WIN-WIN situation.

They got paid by spammers for collecting IPs.

They don't care because if someone is buing them they get cleaned.
 

D. Strout

Resident IPv6 Proponent
This isn't too surprising. They peer with each other, they both have way more IPs than they should, they both offer dirt-cheap servers. They're besties, really - they probably have a monthly circlejerk in Buffalo while bemoaning how mean Spamhaus is while sitting on a pile of money thrown their way by ROKSO spammers.
 
Top
amuck-landowner