North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: Mike Tancsa
  • Date: Thu Oct 07 16:21:13 2004

At 01:10 AM 07/10/2004, J. Oquendo wrote:
I've been slowly compiling a list of known botnets should


A lot of the IP addresses you have listed seem like they would change with some frequency based on the host names. The problem with using such a list is that it can quickly become out of date unless the entries are automatically aged. Think of a dialup zombie assigned a dynamic IP out of the netblock 192.168.0.0/24. Over time, 192.168.0.1 through .255 will become black listed as the user comes and goes. A quick

cat list | sort | uniq | awk '{print "host "$1}' | sh

shows
0.102.218.12.IN-ADDR.ARPA domain name pointer 12-218-102-0.client.mchsi.com
197.26.119.128.IN-ADDR.ARPA domain name pointer jqa-197.res.umass.edu
227.8.119.128.IN-ADDR.ARPA domain name pointer ja2-227.res.umass.edu
Host not found.
76.84.36.128.IN-ADDR.ARPA domain name pointer yale128036084076.student.yale.edu
144.150.2.129.IN-ADDR.ARPA domain name pointer rkraft.student.umd.edu
205.153.64.130.IN-ADDR.ARPA domain name pointer resnet153-205.medford.tufts.edu
154.221.49.137.IN-ADDR.ARPA domain name pointer uhartford221154.hartford.edu
58.229.166.141.IN-ADDR.ARPA domain name pointer smh229058.richmond.edu
57.230.166.141.IN-ADDR.ARPA domain name pointer smh230057.richmond.edu
2.233.166.141.IN-ADDR.ARPA domain name pointer sfa233002.richmond.edu
87.236.166.141.IN-ADDR.ARPA domain name pointer sfa236087.richmond.edu
247.237.166.141.IN-ADDR.ARPA domain name pointer sfa237247.richmond.edu
168.130.216.150.IN-ADDR.ARPA domain name pointer tfk1116.students.ecu.edu
82.187.1.152.IN-ADDR.ARPA domain name pointer fahrmpc32.cvm.ncsu.edu
Host not found.
222.128.112.195.IN-ADDR.ARPA domain name pointer proxy02.ada.net.tr
131.11.66.200.IN-ADDR.ARPA domain name pointer customer-MZT-11-131.megared.net.mx
102.214.253.206.IN-ADDR.ARPA domain name pointer construct.enic.cc
205.147.234.207.IN-ADDR.ARPA domain name pointer 207-234-147-205.ptr.primarydns.com
Host not found.
198.173.54.213.IN-ADDR.ARPA domain name pointer p213.54.173.198.tisdip.tiscali.de
58.114.254.216.IN-ADDR.ARPA domain name pointer dsl254-114-058.nyc1.dsl.speakeasy.net
114.8.195.24.IN-ADDR.ARPA domain name pointer alb-24-195-8-114.nycap.rr.com
Host not found.
Host not found.
Host not found.
163.26.167.62.IN-ADDR.ARPA domain name pointer adsl-62-167-26-163.adslplus.ch
248.180.65.62.IN-ADDR.ARPA domain name pointer irc-out.antik.sk
179.55.23.64.IN-ADDR.ARPA domain name pointer 64-23-55-179.ptr.skynetweb.com
7.156.37.64.IN-ADDR.ARPA domain name pointer patch-virt7.station.sony.com
156.238.110.65.IN-ADDR.ARPA domain name pointer coy.student.iastate.edu
163.75.210.66.IN-ADDR.ARPA domain name pointer wsip-66-210-75-163.lu.dl.cox.net
20.188.250.66.IN-ADDR.ARPA domain name pointer 66.250.188.20.chaincast.com
200.234.45.66.IN-ADDR.ARPA domain name pointer irc.ashenworlds.net
Host not found, try again.
56.87.90.66.IN-ADDR.ARPA domain name pointer .
36.53.149.68.IN-ADDR.ARPA domain name pointer S0106000103a72199.ed.shawcable.net
146.173.41.69.IN-ADDR.ARPA domain name pointer unused.800hosting.com
60.89.42.69.IN-ADDR.ARPA domain name pointer irc.afraid.org
1.212.247.80.IN-ADDR.ARPA domain name pointer servicez.org


Have you sent email to those edu abuse contacts ? Most of the universities I have worked with for abuse resolution are generally responsive.

---Mike