- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: (no name) (no email)
Date: Tue Aug 01 2006 - 11:19:56 EDT
This is a periodic public report from the ISOTF's affiliated group 'DA'
(Drone Armies (botnets) research and mitigation mailing list / TISF
DA) with the ISOTF affiliated ASreport project (TISF / RatOut).
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources, which may be incomplete.
Any responsible party that wishes to receive reports of botnet command
and control servers on their network(s) regularly and directly, feel
free to contact us.
For purposes of this report we use the following terms
open the host completed the TCP handshake
closed No activity detected
reset issued a RST
This month's survey is of 3639 unique, domains (or IPs) with
port suspect C&Cs. This list is extracted from the BBL which
has a historical base of 10895 reported C&Cs. Of the suspect C&Cs
surveyed, 658 reported as Open, 932 reported as closed,
and 570 issued resets to the survey instrument. Of the C&Cs
listed by domain name in the our C&C database, 4818 are mitigated.
Top 20 ASNes by Total suspect domains mapping to a host in the ASN.
These numbers are determined by counting the number of domains which
resolve to a host in the ASN. We do not remove duplicates and some of
the ASNs reported have many domains mapping to a single IP. Note the
Percent_resolved figure is calculated using only the Total and Open
counts and does not represent a mitigation effectiveness metric.
Percent_
ASN Responsible Party Total Open Resolved
19318 NJIIX-AS-1 - NEW JERSEY INTERN 71 16 77
13301 UNITEDCOLO-AS Autonomous System of 63 29 54
4766 KIXS-AS-KR 41 12 71
23522 CIT-FOONET 39 14 64
4134 CHINANET-BACKBONE 32 15 53
9318 HANARO-AS 27 8 70
8560 SCHLUND-AS 27 6 78
16265 LEASEWEB AS 27 19 30
4837 CHINA169-Backbone 25 11 56
3561 Savvis 25 4 84
12832 Lycos Europe 25 5 80
33597 InfoRelay Online Systems, Inc. 24 0 100
174 Cogent Communications 23 16 30
7132 SBC Internet Services 23 5 78
30315 Everyones Internet 22 8 64
19166 Alpha Red, INC 22 10 55
4314 IIS-64 I-55 INTERNET SERVICES 21 2 90
13213 UK2NET-AS UK-2 Ltd Autonomous Syste 20 0 100
30058 FDCSE FDCservers.net LLC 19 6 68
13749 EVRY Everyones Internet 19 1 95
Top 20 ASNes by number of active suspect C&Cs. These counts are
determined by the number of suspect domains or IPs located within
the ASN completed a connection request.
Percent_
ASN Responsible Party Total Open Resolved
13301 UNITEDCOLO-AS Autonomous System of 63 29 54
16265 LEASEWEB AS 27 19 30
174 Cogent Communications 23 16 30
19318 NJIIX-AS-1 - NEW JERSEY INTERN 71 16 77
4134 CHINANET-BACKBONE 32 15 53
30407 Velcom.com 16 15 6
23522 CIT-FOONET 39 14 64
9316 DACOM-PUBNETPLUS-AS-KR 14 13 7
35908 Krypt Technologies Inc. 17 13 24
4766 KIXS-AS-KR 41 12 71
4837 CHINA169-Backbone 25 11 56
19166 Alpha Red, INC 22 10 55
1659 ERX-TANET-ASN1 16 9 44
18942 WEBHO-3 WebHostPlus Inc 13 9 31
9318 HANARO-AS 27 8 70
30315 Everyones Internet 22 8 64
25761 STAMIN-2 Staminus Communications 14 8 43
31312 VNL Video Networks Limited 8 7 13
8560 SCHLUND-AS 27 6 78
9911 CONNECTPLUS-AP Singapore Telecom 9 6 33
Randal Vaughn Gadi Evron
Professor ge at linuxbox.org
Baylor University
Waco, TX
(254) 710 4756
randy_vaughn at baylor.edu
|
|
|