Video Screencast Help
Encryption Blog

Rogue ISP Unplugged

Created: 13 Nov 2008 • Updated: 05 Nov 2012
Doug McLean's picture
0 0 Votes
Login to vote

An interesting local story appeared in today's San José Mercury News. An ISP that was working under the brand McColo was shutdown when its two "upstream providers" Hurricane Electric and Global Crossing unplugged their links to McColo. This isn't exactly news by itself as these bad actor ISPs posing as legitimate businesses come and go pretty frequently.

Nor was it news that the miscreants behind McColo are probably well beyond the reach of U.S. law enforcement. While their hardware may have been in the heart of the Silicon Valley, the bad guys themselves are evidently in Eastern Europe.

What is shocking about the story is that the minute McColo was offline, Trend Micro observed at 40% drop in spam hitting its customers filters. Trend's spam filtering products report back to a central point to aid in the identification and blocking of new spam attacks. So they have a pretty good perspective on what's going on across the 'net. But, 40%? That almost constitutes a single point of failure for the spammers.

Being smart, flexible business people, the spammers will almost certainly have backfilled this loss of infrastructure in a day or two and the spam level will return to whatever is normal these days. I find it encouraging though that as in industry the ISPs are self regulating and trying to do the right thing for their customers.