North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Are botnets relevant to NANOG?
John Kristoff wrote:
On Fri, 26 May 2006 11:50:21 -0700 Rick Wesson <[email protected]> wrote:The longer answer is that we haven't found a reliable way to identify dynamic blocks. Should anyone point me to an authoritative source I'd
Tool to help you. Try natnum form the IASON tools. $ natnum echnaton.serveftp.com host_look("22.214.171.124","echnaton.serveftp.com","1420293736"). host_name("126.96.36.199","p54A7F668.dip.t-dialin.net"). You can feed natnum a hostname or an ip-address or even a long integer. If you want to dump an address range use name2pl. $ name2pl 188.8.131.52 8 host_name("184.108.40.206","p54A7F664.dip.t-dialin.net"). host_name("220.127.116.11","p54A7F665.dip.t-dialin.net"). ... host_name("18.104.22.168","p54A7F66A.dip.t-dialin.net"). host_name("22.214.171.124","p54A7F66B.dip.t-dialin.net"). Dumps you 8 ip-addresses starting from 126.96.36.199. Without the 8 you will get 256 http://iason.site.voila.fr/ http://www.kokoom.com/ Sorry the sourceforge still gives me hickups :) Sorry will compile and run on UNIX, BSD, Linux, MAC OS-X only.
None of these will be foolproof and the last one will probably only be good for cases where there is a service running where'd you'd rather there not be and you can test for it (e.g. open relays). There was at least one additional reference to related work in that paper, which leads to more still, but I'll let those interested to do their own research on additional ideas for themselves.also note that we are using TCP fingerprinting in our spamtraps and expect to have some interesting results published in the august/sept time frame. We won't be able to say that a block is dynamic but we
Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: [email protected] mail: [email protected] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/