[unisog] DCC Botnet at 69.31.65.245

Casey Lee casey at tulane.edu
Thu Aug 26 19:56:06 GMT 2004


Tim -

May be we want to create fortinet rules to prevent irc traffic from
going to these ip addresses.

-Casey

On Thu, 2004-08-26 at 13:33, Florian Weimer wrote:
> * Eric Pancer:
> 
> > There's a growing botnet offering copyrighted files at
> > 69.31.65.245:6667.
> 
> Hi Eric! 8-)
> 
> Both irc.kamikazee.org and irc.zerolimit.net point to that IP address:
> 
> irc.kamikazee.org   A   69.31.65.245
> irc.zerolimit.net   A   69.31.65.245
> 
> This means that there are a few more IP addresses involved:
>                          
> irc.kamikazee.org   A   69.31.76.197
> irc.kamikazee.org   A   69.50.161.247
> irc.kamikazee.org   A   69.50.174.240
> irc.kamikazee.org   A   209.103.191.246
> irc.kamikazee.org   A   209.126.201.117
> irc.kamikazee.org   A   216.127.92.231
> irc.kamikazee.org   A   217.112.88.43
> irc.kamikazee.org   A   62.132.1.25
> irc.kamikazee.org   A   65.110.56.220
> irc.kamikazee.org   A   66.78.33.95
> irc.kamikazee.org   A   66.111.59.140
> irc.kamikazee.org   A   69.31.65.245
> 
> irc.zerolimit.net   A   69.50.174.240
> irc.zerolimit.net   A   69.93.150.54
> irc.zerolimit.net   A   204.8.218.204
> irc.zerolimit.net   A   204.8.222.151
> irc.zerolimit.net   A   209.126.201.117
> irc.zerolimit.net   A   213.187.219.146
> irc.zerolimit.net   A   217.112.88.43
> irc.zerolimit.net   A   62.132.1.25
> irc.zerolimit.net   A   66.111.59.141
> irc.zerolimit.net   A   69.31.65.245
> irc.zerolimit.net   A   69.31.76.197
> 
> Sorted by origin ASN:
> 
> 286     | 62.132.1.25      | KPN Eurorings Backbone AS     
> 3246    | 213.187.219.146  | SONGNETWORKS Song Networks    
> 10439   | 209.126.201.117  | CRI-17 California Regional Int
> 13749   | 216.127.92.231   | EVRY Everyones Internet, Inc. 
> 14361   | 209.103.191.246  | HOPO HopOne Internet Corporati
> 21698   | 204.8.218.204    | NEBRIX Nebrix Communications I
> 21698   | 204.8.222.151    | NEBRIX Nebrix Communications I
> 21698   | 66.78.33.95      | NEBRIX Nebrix Communications I
> 21840   | 65.110.56.220    | SAGONE Sago Networks          
> 21840   | 66.111.59.140    | SAGONE Sago Networks          
> 21840   | 66.111.59.141    | SAGONE Sago Networks          
> 21844   | 69.93.150.54     | THEPL-1 THE PLANET            
> 27595   | 69.31.65.245     | ATRIV Atrivo                  
> 27595   | 69.31.76.197     | ATRIV Atrivo                  
> 27595   | 69.50.161.247    | ATRIV Atrivo                  
> 27595   | 69.50.174.240    | ATRIV Atrivo                  
> 29550   | 217.112.88.43    | POUNDHOST-AS PoundHost Interne
> 
> Florian
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog




More information about the unisog mailing list