- Previous message: Marshall Eubanks: "Re: AT&T: 15 Mbps Internet connections "irrelevant""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: (no name) (no email)
Date: Sat Apr 01 2006 - 13:42:17 EST
This is a periodic public report from the ISOTF's affiliated group 'DA'
(Drone Armies (botnets) research and mitigation mailing list / TISF
DA) with the ISOTF affiliated ASreport project (TISF / RatOut).
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources, which may be incomplete.
Any responsible party that wishes to receive reports of botnet command
and control servers on their network(s) regularly and directly, feel
free to contact us.
For purposes of this report we use the following terms
open the host completed the TCP handshake
closed No activity detected
reset issued a RST
This month's survey is of 5621 unique, domains (or IPs) with
port suspect C&Cs. This list is extracted from the BBL which
has a historical base of 8182 reported C&Cs. Of the suspect C&Cs
surveyed, 674 reported as Open, 3507 reported as closed,
and 678 issued resets to the survey instrument. Of the C&Cs
listed by domain name in the our C&C database, 1739 are mitigated.
Top 20 ASNes by Total suspect domains mapping to a host in the ASN.
These numbers are determined by counting the number of domains which
resolve to a host in the ASN. We do not remove duplicates and some of
the ASNs reported have many domains mapping to a single IP. Note the
Percent_resolved figure is calculated using only the Total and Open
counts and does not represent a mitigation effectiveness metric.
Percent_
ASN Responsible Party Total Open Resolved
14744 PNAP Internap Network Services 118 17 86
10913 PNAP Internap Network Services 96 0 100
3356 Level 3 Communications, LLC 72 0 100
30058 FDCSE FDCservers.net LLC 65 9 86
25761 STAMIN-2 Staminus Communications 64 18 72
19318 AIC-81 Albany International Corp. 61 21 66
13301 UNITEDCOLO-AS Autonomous System of 57 35 39
14779 INKT Inktomi Corporation 56 0 100
4766 KIXS-AS-KR 46 8 83
12182 PNAP Internap Network Services 44 0 100
21844 THE PLANET 40 0 100
30315 Everyones Internet 34 10 71
13790 PNAP Internap Network Services 33 0 100
8972 INTERGENIA-ASN intergenia autonomou 30 17 43
21840 SAGONE Sago Networks 29 3 90
27595 ATRIV Atrivo 29 4 86
8560 SCHLUND-AS 28 4 86
3561 Savvis 27 2 93
8220 COLT COLT Telecommunications 26 14 46
6981 FDN.com 25 15 40
Top 20 ASNes by number of active suspect C&Cs. These counts are
determined by the number of suspect domains or IPs located within
the ASN completed a connection request.
Percent_
ASN Responsible Party Total Open Resolved
13301 UNITEDCOLO-AS Autonomous System of 57 35 39
19318 AIC-81 Albany International Corp. 61 21 66
25761 STAMIN-2 Staminus Communications 64 18 72
14744 PNAP Internap Network Services 118 17 86
8972 INTERGENIA-ASN intergenia autonomou 30 17 43
30407 Velcom.com 19 17 11
6981 FDN.com 25 15 40
8220 COLT COLT Telecommunications 26 14 46
19875 IPWORL IPWorld Networks 23 13 43
702 MCI EMEA - Commercial IP 22 13 41
23522 CIT-FOONET 18 12 33
15083 IIS-129 Infolink Information Servic 18 11 39
3462 HINET 24 10 58
9318 HANARO-AS 25 10 60
30315 Everyones Internet 34 10 71
174 Cogent Communications 14 10 29
30058 FDCSE FDCservers.net LLC 65 9 86
29073 COLINKS-AS Colinks web and game hos 9 9 0
19166 Alpha Red, INC 12 8 33
4766 KIXS-AS-KR 46 8 83
Randal Vaughn Gadi Evron
Professor ge at linuxbox.org
Baylor University
Waco, TX
(254) 710 4756
randy_vaughn at baylor.edu
|
|
|