North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Botnet List Discussed on NANOG
- From: Peter Dambier
- Date: Mon May 29 02:56:16 2006
Hi Sat,
your mailer does not like me. If it is interesting for you,
please forward.
Kind regards
Peter and Karin Dambier
<[email protected]>:
146.171.13.195_does_not_like_recipient.
/Remote_host_said:_554_Service_unavailable;
_Client_host_[213.165.64.20]_blocked_using_dnsbl.sorbs.net;
_Spam_Received_See:
_http://www.sorbs.net/lookup.shtml?213.165.64.20/Giving_up_on_146.171.13.195./
Sat Mandri wrote:
Hi Rick & Peter
We at Telecom NZ/Xtra are quite keen to learn from you guys how the
following Statistical Data on “Botnet” was gathered and what’s the
initiative driving it.
We look forward to hearing from you guys on this matter.
Kind Regards
Sat Mandri
---------- Forwarded message ----------
Date: Fri, 26 May 2006 10:21:10 -0700
From: Rick Wesson <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Are botnets relevant to NANOG?
Some people need whatever bandwidth they can get for ranting.
Of course routing reports, virus reports and botnet bgp statistics
take away a lot of valuable bandwidth that could otherwise be used
for nagging. On the other hand without Gadi's howling for the
wolves those wolves might be lost species and without the wolves
all the nagging and ranting would make less fun.
lets see, should we be concerned? here are a few interesting tables, the
cnt column is new IP addresses we have seen in the last 5 days. The
first table is Tier-2 ASNs as classified by Fontas's ASN Taxonomy paper
[1] The second table is Universities. The ASN concerned are just in the
announced by orgs in USA as to imply that they should be on NANOG.
Let me say it again the counts are NEW observations in the last 5 days.
also note I'm not Gati, and I've got much more data on everyones networks.
-rick
New compromised unique IP addresses (last 5 days) Tier-2 ASN
+-------+------------------------------------+-------+
| asnum | asname | cnt |
+-------+------------------------------------+-------+
| 19262 | Verizon Internet Services | 35790 |
| 20115 | Charter Communications | 4453 |
| 8584 | Barak AS | 3930 |
| 5668 | CenturyTel Internet Holdings, Inc. | 2633 |
| 12271 | Road Runner | 2485 |
| 22291 | Charter Communications | 2039 |
| 8113 | VRIS Verizon Internet Services | 1664 |
| 6197 | BellSouth Network Solutions, Inc | 1634 |
| 6198 | BellSouth Network Solutions, Inc | 1531 |
| *9325 | XTRA-AS Telecom XTRA, Auckland | 1415* |
| 11351 | Road Runner | 1415 |
| 6140 | ImpSat | 1051 |
| 7021 | Verizon Internet Services | 961 |
| 6350 | Verizon Internet Services | 945 |
| 19444 | CHARTER COMMUNICATIONS | 845 |
+-------+------------------------------------+-------+
Universities, new unique ip last 5 days
+-------+--------------------------------+-----+
| asnum | left(asname,30) | cnt |
+-------+--------------------------------+-----+
| 14 | Columbia University | 93 |
| 3 | MIT-2 Massachusetts Institute | 45 |
| 73 | University of Washington | 25 |
| 7925 | West Virginia Network for Educ | 24 |
| 4385 | RIT-3 Rochester Institute of T | 20 |
| 23369 | SCOE-5 Sonoma County Office of | 19 |
| 5078 | Oklahoma Network for Education | 18 |
| 3388 | UNM University of New Mexico | 18 |
| 55 | University of Pennsylvania | 13 |
| 159 | The Ohio State University | 12 |
| 104 | University of Colorado at Boul | 12 |
| 4265 | CERFN California Education and | 11 |
| 693 | University of Notre Dame | 10 |
| 2900 | Arizona Tri University Network | 9 |
| 2637 | Georgia Institute of Technolog | 9 |
+-------+--------------------------------+-----+
[1] http://www.ece.gatech.edu/research/labs/MANIACS/as_taxonomy/
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
|