*Internet address blocks as ghost towns. Tainted by crime, haunted forever. People shiver when they look at these deserted slums. A cold wind whistles through them.
*Gothic High Tech.
http://voices.washingtonpost.com/securityfix/2009/11/a_year_later_a_look_back_at_mc.html
"A year ago today, the Internet community witnessed a remarkable event: The unplugging of McColo, a Web hosting facility in Northern California that for a long time controlled a majority of the spam-sending operations on the planet. McColo's two main Internet providers abruptly yanked the cord after Security Fix presented them with scads of evidence collected by security researchers tying massive amounts of spam and other illicit activity to McColo's network.
"The outcome, of course, is now well known: The volume of spam sent worldwide tanked overnight, and remained at diminished levels for many weeks. All sorts of other badness diminished as well (more on that later). But since then, the sizable chunk of virtual real estate previously occupied by McColo has remained eerily quiet.
"A review of more than 3,000 Internet addresses previously assigned to the hosting firm reveals an Internet ghost town, as if the entire neighborhood had been contaminated by some kind of toxic sludge that frightened off any potential future occupants. (((Nice writing by Brian Krebs here. Kind of a Wm. Gibson / HP Lovecraft thing going on.)))
"And maybe it has. The Internet community typically shuns networks known to harbor spammers and organizations that host malicious software and other nastiness, usually by including their numeric Internet addresses on "blocklists." Many organizations configure their e-mail servers to reject messages from addresses included on one or more of these blocklists. A heavily blocklisted network quickly becomes unattractive to legitimate businesses, since any e-mail sent out of that network will most likely be refused by the intended recipients.
"The problem is once an address block gets so polluted and absorbed into all these blocklists, it's difficult to get off all of them because there is no central blocking authority," said Paul Ferguson, an advanced threat researcher at Trend Micro. "That space won't be toxic for all time to come, but certainly it is going to be tainted for whoever ends up with it." (((Note the folklore aspect here – all whispers, rumors and dark suspicions. Address blocks are just numbers. But, yes, people can be haunted by numbers.)))
"Don Bertier, chief security officer at Savvis Inc., a networking and managed hosting provider, said it's not uncommon for a once-blighted block of Internet addresses to remain unoccupied long after the abuse that caused the listing has gone.
"What you'll find is some blacklists out there are derivatives of other lists, and it's hard to get those cleaned up," Bertier said, recalling a case last year in which a customer was given a swath of Internet addresses, only to find it was impossible to send e-mail from that space. "Typically in those cases, we'll work with the customers to get them new space and mark that allocation as something that really shouldn't be used for e-mail." (...)
"The dismantling of McColo wasn't without precedent. A year before McColo's collapse, the notorious St. Petersburg based Russian Business Network was scattered to the four winds when its upstream Internet providers backed away, following investigative reports in The Washington Post, Security Fix and other publications about a massive concentration of badness there.
"In September 2008, a half dozen Internet providers one by one pulled out of another Northern California hosting firm named Atrivo (a.k.a. "Intercage"), after Security Fix and others publicized research into the company's colorful history as a malware-friendly hosting provider. Atrivo's exit from the Internet also caused a major – albeit brief — drop in spam rates. That event also kneecapped the Storm worm botnet, which was once responsible for sending 20 percent of the world's spam. Storm was never heard from again.... (((So far.)))
