North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: drone armies C&C report - July/2005
The question of self promotion came back split down the middle. It was noted that IL CERT does a fantastic job seeing that there are no IL networks listed. Or none that are easily identifiable. YMMV. -M< -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations & Infrastructure [email protected] > -----Original Message----- > From: [email protected] [mailto:[email protected]]On Behalf Of > Gadi Evron > Sent: Monday, August 15, 2005 8:22 AM > To: [email protected] > Subject: drone armies C&C report - July/2005 > > > > Below is a periodic public report from the drone armies / botnets > research and mitigation mailing list. > For this report it should be noted that we base our analysis > on the data > we have accumulated from various sources. > > According to our incomplete analysis of information we have > thus far, we > now publish our regular reports, with some additional information. > > > As of this month, any responsible party that wishes to receive > information about botnet C&C's in their net space can contact > us and be > added to our notification list. > > > This month's survey is of 3629 unique domain with port or IP with port > suspect C&Cs. This list is extracted from the BBL which currently has > a historical base of 4464 reported C&Cs. Of the suspect C&Cs surveyed, > 920 reported as Open, 3115 reported as closed and 393 issued resets to > the survey instrument. Of the C&Cs listed by domain name, 2080 are > mitigated via remapping. 276 ASNs report one or more open C&Cs. > > > ASNs with 10 or more unresolved and open suspect C&Cs: > ASNumber Responsible Party Count Open/Unresolved > 21840 SAGONET-TPA - Sago Networks 53 34 > 30058 FDCSERVERS - FDCservers.net LL 65 32 > 30083 SERVER4YOU - Server4You Inc. 41 28 > 12832 LYCOS-EUROPE Lycos Europe GmbH 31 27 > 23522 CIT-FOONET - CREATIVE INTERNET 25 23 > 174 COGENT Cogent/PSI 45 23 > 13680 AS13680 Hostway Corporation Ta 22 22 > 6461 MFNX MFN - Metromedia Fiber Ne 23 18 > 27595 ATRIVO-AS - Atrivo 27 16 > 15083 INFOLINK-MIA-US - Infolink Inf 19 15 > 4766 KIXS-AS-KR Korea Telecom 41 15 > 8560 SCHLUND-AS Schlund + Partner A 28 14 > 27645 ASN-NA-MSG-01 - Managed Soluti 19 12 > 13237 LAMBDANET-AS European Backbone 15 12 > 1113 TUGNET Technische Universitaet 12 11 > 13301 UNITEDCOLO-AS Autonomous Syste 16 11 > 6939 HURRICANE - Hurricane Electric 12 10 > 16265 LEASEWEB LEASEWEB AS 13 10 > 21698 NEBRIX-CA - Nebrix Communicati 25 10 > > > Top 10 ASNs by total count: > ASNumber Responsible Party Count > Open/Unresolved > 14742 INTERNAP-BLOCK-4 - Internap Ne 118 1 > 14744 INTERNAP-BLOCK-4 - Internap Ne 118 1 > 25761 STAMINUS-COMM - Staminus Commu 69 25 > 10913 INTERNAP-BLK - Internap Networ 67 1 > 30058 FDCSERVERS - FDCservers.net LL 65 32 > 21840 SAGONET-TPA - Sago Networks 53 34 > 174 COGENT Cogent/PSI 45 23 > 4766 KIXS-AS-KR Korea Telecom 41 15 > 30083 SERVER4YOU - Server4You Inc. 41 28 > 3356 LEVEL3 Level 3 Communications 37 2 > > > ASNs with 0ne or more open C&Cs: > ASNumber Responsible Party > 81 CONCERT - MCNC Center of Commu > 174 COGENT Cogent/PSI > 237 MERIT-AS-14 - Merit Network In > 701 ALTERNET-AS - UUNET Technologi > 790 EUNETFI EUnet Finland > 813 UUNET-AS1 - UUNET Technologies > 1113 TUGNET Technische Universitaet > 1221 ASN-TELSTRA Telstra Pty Ltd > 1239 SPRINTLINK - Sprint > 1267 ASN-INFOSTRADA Infostrada S.p. > 1659 ERX-TANET-ASN1 Tiawan Academic > 1668 AOL-ATDN - AOL Transit Data Ne > 1784 GNAPS - Global NAPs Networks > 1785 USLEC-ASN-1785 - USLEC Corp. > 1955 HBONE-AS HUNGARNET > 2042 ERX-JARING Malaysian institute > 2108 CARNET-AS Croatian Academic an > 2119 TELENOR-NEXTEL Telenor Interne > 2501 JPNIC-ASBLOCK-AP JPNIC > 2514 JPNIC-ASBLOCK-AP JPNIC > 2527 JPNIC-ASBLOCK-AP JPNIC > 2828 XO-AS15 - XO Communications > 2856 BT-UK-AS BTnet UK Regional net > 2907 ERX-SINET-AS National Center f > 2914 VERIO - Verio Inc. > 3064 AFFINITY-FTL - Affinity Intern > 3215 AS3215 France Telecom Transpac > 3246 TDCSONG TDC Song > 3248 SIL-AT SILVER:SERVER GmbH > 3265 XS4ALL-NL XS4ALL > 3292 TDC TDC Data Networks > 3301 TELIANET-SWEDEN TeliaNet Swede > 3307 BANETELE-NORWAY BaneTele AS (f > 3313 INET-AS I.NET S.p.A. > 3344 KEWLIO-DOT-NET Kewlio.net Limi > 3352 TELEFONICA-DATA-ESPANA Interne > 3356 LEVEL3 Level 3 Communications > 3462 HINET Data Communication Busin > 3491 BTN-ASN - Beyond The Network A > 3561 SAVVIS - Savvis > 3701 NERONET - Oregon Joint Graduat > 3758 ERX-SINGNET SingNet > 3786 ERX-DACOMNET DACOM Corporation > 3801 MISNET - Mikrotec Internet Ser > 4134 CHINANET-BACKBONE No.31 Jin-ro > 4230 Embratel > 4436 AS-NLAYER - nLayer Communicati > 4589 EASYNET Easynet Group Plc > 4618 INET-TH-AS Internet Thailand C > 4628 ASN-PACIFIC-INTERNET-IX Pacifi > 4637 REACH Reach Network Border AS > 4645 ASN-HKNET-AP HKNet Co. Ltd > 4670 HYUNDAI-KR Shinbiro > 4713 OCN NTT Communications Corpora > 4732 DION KDDI CORPORATION > 4766 KIXS-AS-KR Korea Telecom > 4780 SEEDNET Digital United Inc. > 4812 CHINANET-SH-AP China Telecom ( > 4837 CHINA169-BACKBONE CNCGROUP Chi > 5089 NTL NTL Group Limited > 5381 POWTECH-AS PowerTech Informati > 5390 EURONET Wanadoo Nederland BV G > 5417 DEMON-NL Demon Netherlands Th > 5462 CABLEINET Telewest Broadband > 5486 Euronet Digital Communications > 5522 OMNITEL PLC OMNITEL > 5617 TPNET Polish Telecom's commerc > 5783 KCSOS-NET - Kern County Superi > 6058 NWT-AS - Internet North > 6079 RCN-AS - RCN Corporation > 6128 CABLE-NET-1 - Cablevision Syst > 6197 BATI-ATL - BellSouth Network S > 6295 WHIDBEY1 - Whidbey Internet Se > 6327 SHAW - Shaw Communications Inc > 6380 BELLSOUTH-NET-BLK - BellSouth. > 6383 BELLSOUTH-NET-BLK - BellSouth. > 6385 BELLSOUTH-NET-BLK - BellSouth. > 6388 BELLSOUTH-NET-BLK - BellSouth. > 6412 KW Gulfnet International > 6453 GLOBEINTERNET Teleglobe Americ > 6461 MFNX MFN - Metromedia Fiber Ne > 6467 ESPIRECOMM - e.spire Communica > 6711 HUNGARNET-SZEGED Szeged Univer > 6805 TDDE-ASN1 Telefonica Deutschla > 6939 HURRICANE - Hurricane Electric > 7011 FRONTIER-AND-CITIZENS - Electr > 7015 CCCH-AS2 - Comcast Cable Commu > 7018 ATT-INTERNET4 - AT&T WorldNet > 7132 SBIS-AS - SBC Internet Service > 7303 Telecom Argentina S.A. > 7701 CAIRNSNET-AS-AP CairnsNet Pty > 7893 BELLSOUTH-NET-BLK2 - Bellsouth > 8001 NET-ACCESS-CORP - Net Access C > 8047 GCI - GCI Communications Inc. > 8120 BESTWEB - BestWeb Corporation > 8151 Uninet S.A. de C.V. > 8176 NETSCAPE-ASN - Netscape > 8220 COLT COLT Telecommunications > 8326 PL-BYDMAN-EDU Educational User > 8342 RTCOMM-AS RTComm.RU Autonomous > 8362 NordNet Autonomous System > 8434 TELENOR-SE Telenor AB > 8551 BEZEQ-INTERNATIONAL-AS Bezeqin > 8560 SCHLUND-AS Schlund + Partner A > 8642 B2 B2 Bredband AB (publ) > 8732 COMCOR-AS AS for Moscow Teleco > 8736 GNS Grapes Network Services > 8752 ASVT-NETWORK RusSDO Autonomous > 8943 JUMP Jump Networks Ltd. > 8968 Albacom Autonomous System > 8972 INTERGENIA-ASN intergenia auto > 8992 TELERING-AT tele.ring Telekom > 9044 SOLNET SolNet Internet Solutio > 9105 TISCALI-UK Tiscali UK > 9116 Goldenlines main autonomous sy > 9121 TTNET TTnet Autonomous System > 9277 THRUNET-AS-KR THRUNET > 9317 ITISNET-AS Inha University > 9318 HANARO-AS HANARO Telecom > 9768 PUBNET1-AS KT > 9800 UNICOM CHINA UNICOM > 9803 JINGXUN Beijing Jingxun Public > 9806 BJENET Beijing Educational Inf > 9811 BJGY srit corp. beijing. > 9848 GNGAS GNG Networks > 9919 NCIC-TW New Century InfoComm T > 9924 TFN-TW Taiwan Fixed Network T > 10212 GUANGTONGNET-AP China Guangzho > 10481 Prima S.A. > 10602 TDL - THE DIAMOND LANE > 10913 INTERNAP-BLK - Internap Networ > 11191 ELITE-NET - Elite.Net > 11290 RAPIDUS - COGECO Cable Canada > 11305 INTERLAND-NET1 - Interland Inc > 11351 RR-NYSREGION-ASN-01 - Road Run > 11388 MAXIM - Interland > 11426 SCRR-11426 - Road Runner > 11814 IGS-GTA - Information Gateway > 12322 PROXAD AS for Proxad ISP > 12352 WINEASY WinEasy Autonomous Sys > 12363 DADA S.p.a. > 12578 APOLLO-AS LATTELEKOM-APOLLO > 12634 SCARLET Autonomous System for > 12695 DINET-AS Digital Network JSC > 12832 LYCOS-EUROPE Lycos Europe GmbH > 12843 TELEMAXX TelemaxX Telekommunik > 12859 NL-BIT BIT BV > 12867 ONLINE-BG BULGARIA ONLINE > 12874 FASTWEB Fastweb Autonomous Sys > 12880 DCI-AS DCI Autonomous System > 13213 UK2NET-AS UK-2 Ltd Autonomous > 13237 LAMBDANET-AS European Backbone > 13272 STARMAN Starman Internet AS > 13301 UNITEDCOLO-AS Autonomous Syste > 13571 VIDEOTRON-LTEE - Videotron lte > 13609 CHOICEONECOM - Choice One Comm > 13680 AS13680 Hostway Corporation Ta > 13726 VISION-I-SYSTEMS-ASN - Vision > 13749 EVERYONES-INTERNET - Everyones > 13768 PEER1 - Peer 1 Network Inc. > 14501 CIHOST - C I Host > 14562 SHAW-COMMUNICATIONS - Shaw Com > 14742 INTERNAP-BLOCK-4 - Internap Ne > 14744 INTERNAP-BLOCK-4 - Internap Ne > 15083 INFOLINK-MIA-US - Infolink Inf > 15149 EZZI-101-BGP - EZZI.net > 15440 AS15440 MicroLink Lietuva Auto > 15542 ZEELANDNET ZeelandNet BV > 15589 AS15589 Eutelia S.p.A. Backbon > 15694 ATMAN ATMAN Autonomous System > 15703 TRUESERVER-AS TrueServer BV AS > 15857 DIALOG-AS DIALOG-NET Autonomuo > 16150 PORT80 Port80 AB Sweden > 16265 LEASEWEB LEASEWEB AS > 16276 OVH OVH > 16526 BIRCH-TELECOM - Birch Telecom > 16557 RE-STAFFORD - R. E. Stafford I > 16629 Compania de Telecomunicaciones > 17054 SLC-EXPEDIENT - e-xpedient > 17184 ATL-CBEYOND - CBEYOND COMMUNIC > 17444 NWT-AS-AP AS number for New Wo > 17506 JPNIC-JP-ASN-BLOCK Japan Netwo > 17557 PKTELECOM-AS-AP Pakistan Telec > 17676 JPNIC-JP-ASN-BLOCK Japan Netwo > 17964 DXTNET Beijing Dian-Xin-Tong N > 17974 TELKOMNET-AS2-AP PT TELEKOMUNI > 18474 AENEAS-CWUS - Aeneas Internet > 18847 NETFIRE - NetFire.com > 19262 VZGNI-TRANSIT - Verizon Intern > 19444 CHARTER-STL - CHARTER COMMUNIC > 19864 O1COMM - O1 COMMUNICATIONS > 20001 ROADRUNNER-WEST - Road Runner > 20013 CYRUSONE - CYRUS ONE > 20115 CHARTER-NET-HKY-NC - Charter C > 20141 EDELTACOM-SUW-300 - e^deltacom > 20183 VERICENTER - VeriCenter Inc. > 20473 NETTRANS - NetTransactions LL > 20495 WEDARE We Dare BV Autonomous S > 20580 Telecom Italia Network > 20804 ASN-TELENERGO EXATEL S.A. Auto > 20932 SIG SIG - IP-MAN.NET > 21195 DGCSYSTEMS DGC Systems AB Auto > 21285 DKOM Telekom Austria Applicati > 21502 ASN-NUMERICABLE NUMERICABLE is > 21698 NEBRIX-CA - Nebrix Communicati > 21788 NOC - Network Operations Cente > 21840 SAGONET-TPA - Sago Networks > 21844 THEPLANET-AS - THE PLANET > 21889 RAPIDSYSTEMS - Rapid Systems C > 22659 LIQUIDIX - LIQUID COMMUNICATIO > 22685 QUICKPACKET - Plusweb Communic > 22773 CCINET-2 - Cox Communications > 22822 LLNW - Limelight Networks LLC > 22909 DNEO-OSP1 - Comcast Cable Comm > 22927 Telefonica de Argentina > 22935 WAYNE-BOCES - Wayne Finger-Lak > 23183 SWIFTSYSTEMS - SWIFT SYSTEMS > 23201 Telecel S.A. > 23352 SERVER-CENTRAL-CHI - Server Ce > 23393 ISPRIME - ISPrime Inc. > 23522 CIT-FOONET - CREATIVE INTERNET > 23670 SECURE-AS Oz Servers Data Cen > 23980 YOUNGNAM-UNIV-AS-AP YOUNGNAM U > 24607 LENET "Lietuvos energija" JSC > 24730 ASN-NETHOLDING Autonomous Syst > 24953 ASN-CARRIER66 carrier66.net Ne > 25504 CRONON-AS Cronon AG > 25525 REASONNET-AS Reasonnet LTD > 25653 PEGASUS - Pegasus Web Technolo > 25700 SWIFTDESK - SWIFTDESK VENTURE > 25761 STAMINUS-COMM - Staminus Commu > 25973 MZIMA - Mzima Networks Inc. > 26053 DREAMNET-C-S-I - DreamNet Comm > 26496 PAH-INC - Go Daddy Software I > 27524 NETSENTRY - Net Sentry Corp > 27595 ATRIVO-AS - Atrivo > 27645 ASN-NA-MSG-01 - Managed Soluti > 28677 AMEN AMEN Network > 28716 EPLANET-AS ePLANET SPA > 28753 NETDIRECT AS NETDIRECT Frankfu > 29055 PRODIGY-AS Prodigy ASN > 29131 RAPIDSWITCH-AS RapidSwitch Ltd > 29415 EUROWAN-ASN OVANET - EuroWan d > 29550 EUROCONNEX-AS Euroconnex Netwo > 29737 WOW-INTERNET - WideOpenWest LL > 29748 CARPATHIA-HOSTING - Carpathia > 29759 OXFORD-INDUSTRIES - Oxford Ind > 30058 FDCSERVERS - FDCservers.net LL > 30083 SERVER4YOU - Server4You Inc. > 30099 SB-2 - ServerBeach > 30315 EVERYONES-INTERNET2 - Everyone > 30407 VELCOM - Rcp.net > 30736 EASYSPEEDY-NETWORK Easyspeedy > 30943 UTRANSIT-AS Utransit Internati > 31034 ARUBA-ASN Aruba.it Network > 31042 SERBIA-BROADBAND-AS Serbia Bro > 31159 NETCATHOST-AS NetcatHosting > 31216 BSOCOM BSO Communication Netwo > 31400 AS31400 AS31400.NET BACKBONE > 31669 ITSS-AS IT - SOLID SOLUTIONS > 31800 DALNET - DALnet > 31898 NAMEI - Name Intelligence Inc > 31932 AFS-KC - American Fiber System > 32097 WII-KC - WholeSale Internet > 32666 CWRU-AS-1 - Case Western Reser > 32748 STEADFAST - NoZone Inc. > 32751 NUCLEARFALLOUT-SEA - Nuclearfa > 32788 XILOGIX-ASN - Xilogix LLC > 33438 EASYNEWS - Easynews Inc. > 33569 ALLHOSTSHOP - ALLHOSTSHOP.COM > 33657 DNEO-OSP7 - Comcast Cable Comm > 34021 MULTI-VISP Multi-vISP Network > 34465 BENESOL-AS Belgian Network Sol > 34549 LAXIN-AS Laxin IT-Services Gmb > 35921 IFCI-US - InternetFCI LLC > > * We would gladly like to establish a trusted relationship with > these and any organizations to help them in the future. > > * By previous requests here is an explanation of what "ASN" is, by Joe > St Sauver: > http://darkwing.uoregon.edu/~joe/one-pager-asn.pdf > > > The Trojan horses most used in botnets: > > 1. Korgobot. > 2. SpyBot. > 3. Optix Pro. > 4. rBot. > 5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots, > etc.). > > This report is unchanged. > > > Credit for gathering the data and compiling the statistics from our > group efforts should go to the Statistics Project lead: > Prof. Randal Vaughn <[email protected]> > > -- > Gadi Evron, > Israeli Government CERT Manager, > Tehila, Ministry of Finance. > > [email protected] > Office: +972-2-5317890 > Fax: +972-2-5317801 > > The opinions, views, facts or anything else expressed in this email > message are not necessarily those of the Israeli Government. > >
|