US DOJ victim letter

PC paul4004 at gmail.com
Wed Feb 1 19:53:54 UTC 2012


I received one on an IP block that were SWIPed to me.

Has anyone written a regular expression which matches the rogue dns server
IP ranges in question?

   - 85.255.112.0 through 85.255.127.255;
   - 67.210.0.0 through 67.210.15.255;
   - 93.188.160.0 through 93.188.167.255;
   - 77.67.83.0 through 77.67.83.255;
   - 213.109.64.0 through 213.109.79.255;
   - 64.28.176.0 through 64.28.191.255;



On Wed, Feb 1, 2012 at 8:32 AM, TFML <mailinglist at theflux.net> wrote:

> If the IP list is pointing to DNS servers, they maybe referring to the
> following:
>
> http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
>
> On Jan 31, 2012, at 7:38 PM, Phil Dyer wrote:
>
> > On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis at lewis.org> wrote:
> >> On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
> >
> >>> Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
> >>
> >>
> >> It's definitely real, but seems like they're handling it as
> incompetently as
> >> possible.
> >
> >
> > Yep. That sounds about right.
> >
> > Man, I'm feeling left out. I kinda want one now.
> >
> > phil
> >
>
>
>



More information about the NANOG mailing list