[Dshield] Domain Name Front Running
John Draper
lists at webcrunchers.com
Wed Jan 2 07:34:48 GMT 2008
Tom wrote:
> At 6:36 PM +0000 12/29/07, Paul Ferguson wrote:
>
>> YMMV: My experience has been pretty positive with the RIR WHOIS
>> data. :-)
>>
>
>
> Paul,
>
> In that case can you sprinkle your pixie dust and locate a valid
> contact that will do something about 216.244.139.206? This is a
> REALLY infected IP that has been infected by various trojans (I
> actually think the various gangs are warring over who 0n3s it) for
> over a year.
>
> Tom
>
>
>
About the only thing you can hope for is to obtain the upstream
provider, put pressure on them, but it sounds to me like they hacked
one of the upstream Cisco routers and assigned their own.
This happens more often then they want to admit.
John
More information about the list
mailing list