Alan Spicer Marine Telecom Main BLOG

Spam may have dropped off as much as 50 to 75% on Wednesday after a hosting center called McColo was shut down by it's upstream provider, Hurricane Electric, and probably as well by Global Crossing company.

It's a fairly hot news item.

Hosting Companies and smaller Internet Service Providers (ISP's) have to get an Internet Connection too, just like rest of us, only more expensive and much better speed (called Bandwidth by many.) They also sign on, as us ordinary mortal users - to agree to AUP or Acceptable Use Policies, which stipulate what kind of activity they can and cannot do on their Internet Connection. Bigger connections do what is called "Peering" which without getting overly technical means that they "jack in" to a Larger Gateway often called an Internet Exchange or IX - or someone that is already big enough to connect to an IX. At the IX basically the "calling plan" of how to get to the "Littler Guys" network is shared and announced to the "Bigger Guys" network. This is how routing (on a basic concept level) works on the Internet. The little guy announces all of his networks (IP Address Blocks) to the bigger guy, who in turn uses it and passes it on to other systems on the Internet. The same happens at least on some level from the bigger guy to the smaller guy. But everyone uses some main "GATEWAY" point to get to everywhere else. An important part of this that most users don't know is that it is as important that 1.) A computer has a Gateway TO the Internet, and 2.) That the rest of the Internet knows how to get to that Computer. In actuality it's not the end computer, but the Network - or Network IP Address Block. This might be a way for spammers to be stopped no matter where they go. The routes to a network are announce by routing protocols. If a bad guy network were discovered, and there were a way to have everyone important (the Big Guys mentioned before) drop the routes to the bad guys networks, then he disappears off of the Internet. You see it's a two way street. Coming in, and going out. If the rest of the Internet were to "forget" how to get to your network, If everybody dropped the ROUTES to your network, then you're network basically disappears. No matter what YOU DO. Nothing has to be disconnected, no connection has to be terminated. The Internet just in effect forgets about you. You can send ip packets out all you want, but no acknowledgement or traffic would pass. Connections would never happen. Because the "return path" to BadGuy Network would basically not exist on a virtual level called Routing Announcements.

Basically Hurricane Electric (and Global Crossing?) pulled the plug on McColo after much apparent evidence of hosting of spamming, bot nets (which use infected zombie computers all over the Internet), and other exploit and possibly criminal server / services running on the Mcolo Network. Allegedly Mcolo turned a blind eye to these activities. I guess money still talks even to the point of almost or actually becoming criminal activity.

Mcolo.com has been around since at least February 2005, according to the Internet Wayback Machine: http://web.archive.org/web/*/http://www.mccolo.com/ but they are DOWN now. By the way, my guess these guys are Russian (not that there is anything wrong with Russian persons.), from language I saw in the web.archive.org there was Russian Language in missing image files shown. I was viewing an English archived page, there was a link to change to Russian, but no other language option. 2005 page shows them bragging about their excellent connections to the Internet. Their web page design changed several times. Sometime in 2007 became somehow not very well saved by the web.archive.org.

Anyway spam supposedly dropped dramatically. Others say that Spam isn't necessarily dead. That it will just move elsewhere. And that other such large spam hosting operations have been shut down in the past, and the spammers and such just popped up elsewhere. Interestingly two of the recent such sites (the current one being discussed and a previous similar one) were both in California. I wonder what's up with California?

Supposedly they will just move off shore, possibly Eastern Europe. Hopefully those in Eastern Europe are hearing that as well. It would be a shame if there weren't some mechanism whereby it could be detected - where the new location is, anywhere on the Internet, and block it. Shut it off from the rest of the Internet. But that can get more complicated. If you can't get their upstream providers to cut them off, then what else can you do? Block their connection leaving a country? Block their connection coming in to a country (like the U.S., U.K., Australia, etc.?) And what if they spread out more... to multiple locations. It could be a long battle... possibly not really ending any time soon.

If the perpetrators were in the U.S. then why wasn't legal or police action taken? Maybe it still will be. If they are still in the U.S. make an example out of them before they can leave, or via the Internet do a "Virtual" leaving of the U.S. to places that may harbor their activities or support of such activities. Of course I'm not a lawyer and no doubt the legal aspects of this against the Mcolo provider can be complicated as well.

Hopefully our new President-Elect will be listening to these happenings and will give the right empowerments where necessary to get these kinds of things stopped.

An interesting blog about this stuff is here:

http://blog.fireeye.com/research/

---
Alan Spicer Telecom / Alan Spicer Marine Telecom
http://www.marinetelecom.net
http://www.alanspicermarinetelecom.com
communications (at) marinetelecom.net
communications (at) alanspicermarinetelecom.com
a_spicer (at) bellsouth.net
+1 954-683-3426 +1 954-977-5245