North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

August 2005: Drone Army Botnet C&C listing

  • From: Fergie (Paul Ferguson)
  • Date: Wed Aug 31 19:59:21 2005

Keeping is step with Gadi's language from last month:

Below is a periodic public report from the Drone Army(DA)/Botnet
Research and mitigation mailing list.

For this report it should be noted that we base our analysis on
the data we have accumulated from various sources.

According to our analysis of information we have conducted thus
far, we are now publishing our regular reports, with some
additional information, which may vary from time to time,
as needed.

As of this July 2005, any responsible party that wishes to
receive information about botnet C&C's in their net space
can contact us and be added to our notification list. The
principle contact is Paul Ferguson (Fergie).

- ferg

====

Special appreciation is due to Staminus who took quick action to
resolve the suspect C&Cs of the last report and rapidly resolved
all of the suspect C&Cs which appeared during this current survey.


AS responsible Parties ranked by top 10 open unresolved
suspect C&Cs:
ASN     Responsible Party               Total   Open
30058   FDCSERVERS - FDCservers.net LL  123     43
21840   SAGONET-TPA - Sago Networks     53      26
13680   AS13680 Hostway Corporation Ta  23      23
15083   INFOLINK-MIA-US - Infolink Inf  37      21
6461    MFNX MFN - Metromedia Fiber Ne  28      17
8560    SCHLUND-AS Schlund + Partner A  26      17
30083   SERVER4YOU - Server4You Inc.    37      16
13237   LAMBDANET-AS European Backbone  15      12
9800    UNICOM CHINA UNICOM             14      11
27645   ASN-NA-MSG-01 - Managed Soluti  18      11


Historical Report ranked by past suspect C&Cs mapping into the AS:
ASN     Responsible Party               Total   Open    Percent Resolved
14742   INTERNAP-BLOCK-4 - Internap Ne  142     2       99%
14744                           
30058   FDCSERVERS - FDCservers.net LL  123     43      65%
10913   INTERNAP-BLK - Internap Networ  84      0       100%
25761   STAMINUS-COMM - Staminus Commu  58      0       100%
21840   SAGONET-TPA - Sago Networks     53      26      51%
3356    LEVEL3 Level 3 Communications   43      5       88%
21844   THEPLANET-AS - THE PLANET       38      5       87%
30083   SERVER4YOU - Server4You Inc.    37      16      57%
15083   INFOLINK-MIA-US - Infolink Inf  37      21      43%
11739   DIGITAL-FOREST-NW - digital.fo  29      0       100%
16237   NXS Nxs Internet BV             29      0       100%

The report summary includes a Percent Resolved Column in order to
recognize the mitigation efforts of the AS Responsible Parties.

The Opens Unresolved column represents the number of unique C&C
which reported as open to the survey's connection attempts and
which have neither been investigated nor cleared by the Responsible
Party (to the extent of our knowledge).

The Total mapping count may include multiple names mapping to a
single IP within an AS. We count each mapping count as a unique C&C.

Stats for the DA group compiled by:

Randal Vaughn
Professor
Information Systems
Baylor University
Randy_Vaughn (at) Baylor.edu


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [email protected] or [email protected]
 ferg's tech blog: http://fergdawg.blogspot.com/