Botnet List Discussed on NANOG

Peter Dambier peter at peter-dambier.de
Mon May 29 06:55:14 UTC 2006 

Hi Sat,

your mailer does not like me. If it is interesting for you,
please forward.

Kind regards
Peter and Karin Dambier


<Bianca.Miller at telecom.co.nz>:
146.171.13.195_does_not_like_recipient.
/Remote_host_said:_554_Service_unavailable;
_Client_host_[213.165.64.20]_blocked_using_dnsbl.sorbs.net;
_Spam_Received_See:
_http://www.sorbs.net/lookup.shtml?213.165.64.20/Giving_up_on_146.171.13.195./


Sat Mandri wrote:
>  
> 
> Hi Rick & Peter
> 
>  
> 
> We at Telecom NZ/Xtra are quite keen to learn from you guys how the 
> following Statistical Data on “Botnet” was gathered and what’s the 
> initiative driving it.
> 
>  
> 
> We look forward to hearing from you guys on this matter.
> 
>  
> 
> Kind Regards
> 
> Sat Mandri
> 
>  
> 
> ---------- Forwarded message ----------
> 
> Date: Fri, 26 May 2006 10:21:10 -0700
> 
> From: Rick Wesson <wessorh at ar.com>
> 
> To: peter at peter-dambier.de
> 
> Cc: nanog at merit.edu
> 
> Subject: Re: Are botnets relevant to NANOG?
> 
>  
> 
>  
> 
>  
> 
>>  Some people need whatever bandwidth they can get for ranting.
> 
>>  Of course routing reports, virus reports and botnet bgp statistics
> 
>>  take away a lot of valuable bandwidth that could otherwise be used
> 
>>  for nagging. On the other hand without Gadi's howling for the
> 
>>  wolves those wolves might be lost species and without the wolves
> 
>>  all the nagging and ranting would make less fun.
> 
>  
> 
> lets see, should we be concerned? here are a few interesting tables, the
> 
> cnt column is new IP addresses we have seen in the last 5 days. The
> 
> first table is Tier-2 ASNs as classified by Fontas's ASN Taxonomy paper
> 
> [1] The second table is Universities. The ASN concerned are just in the
> 
> announced by orgs in USA as to imply that they should be on NANOG.
> 
>  
> 
> Let me say it again the counts are NEW observations in the last 5 days.
> 
> also note I'm not Gati, and I've got much more data on everyones networks.
> 
>  
> 
> -rick
> 
>  
> 
>  
> 
> New compromised unique IP addresses (last 5 days) Tier-2 ASN
> 
> +-------+------------------------------------+-------+
> 
> | asnum | asname                             | cnt   |
> 
> +-------+------------------------------------+-------+
> 
> | 19262 | Verizon Internet Services          | 35790 |
> 
> | 20115 | Charter Communications             |  4453 |
> 
> |  8584 | Barak AS                           |  3930 |
> 
> |  5668 | CenturyTel Internet Holdings, Inc. |  2633 |
> 
> | 12271 | Road Runner                        |  2485 |
> 
> | 22291 | Charter Communications             |  2039 |
> 
> |  8113 | VRIS Verizon Internet Services     |  1664 |
> 
> |  6197 | BellSouth Network Solutions, Inc   |  1634 |
> 
> |  6198 | BellSouth Network Solutions, Inc   |  1531 |
> 
> |  *9325 | XTRA-AS Telecom XTRA, Auckland     |  1415* |
> 
> | 11351 | Road Runner                        |  1415 |
> 
> |  6140 | ImpSat                             |  1051 |
> 
> |  7021 | Verizon Internet Services          |   961 |
> 
> |  6350 | Verizon Internet Services          |   945 |
> 
> | 19444 | CHARTER COMMUNICATIONS             |   845 |
> 
> +-------+------------------------------------+-------+
> 
>  
> 
> Universities, new unique ip last 5 days
> 
> +-------+--------------------------------+-----+
> 
> | asnum | left(asname,30)                | cnt |
> 
> +-------+--------------------------------+-----+
> 
> |    14 | Columbia University            |  93 |
> 
> |     3 | MIT-2 Massachusetts Institute  |  45 |
> 
> |    73 | University of Washington       |  25 |
> 
> |  7925 | West Virginia Network for Educ |  24 |
> 
> |  4385 | RIT-3 Rochester Institute of T |  20 |
> 
> | 23369 | SCOE-5 Sonoma County Office of |  19 |
> 
> |  5078 | Oklahoma Network for Education |  18 |
> 
> |  3388 | UNM University of New Mexico   |  18 |
> 
> |    55 | University of Pennsylvania     |  13 |
> 
> |   159 | The Ohio State University      |  12 |
> 
> |   104 | University of Colorado at Boul |  12 |
> 
> |  4265 | CERFN California Education and |  11 |
> 
> |   693 | University of Notre Dame       |  10 |
> 
> |  2900 | Arizona Tri University Network |   9 |
> 
> |  2637 | Georgia Institute of Technolog |   9 |
> 
> +-------+--------------------------------+-----+
> 
>  
> 
>  
> 
>  
> 
> [1] http://www.ece.gatech.edu/research/labs/MANIACS/as_taxonomy/
> 
>  
> 
>  
> 
>  
> 


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

More information about the NANOG mailing list