[unisog] IRC Bot list (cross posting)

Dave Dittrich dittrich at u.washington.edu
Wed Feb 9 06:08:48 GMT 2005

> > I found an irc channel with 3000+ irc bots in it including a few hundred
> > edu's.
> > I have it posted at
> >
> > http://www.albany.edu/~ja6447/hacked_bots8.txt
> >
> I started to sort them... Maybe I will finish when I get out of work or
> so. Here is the prettified/sorted list of the above...
> http://www.infiltrated.net/nanog-list-botlist

Let me take this opportunity to say I have a script that will
select IP addresses by CIDR block, and/or host names by domain.
The script is called "ipgrep" and is available here:


Just add your CIDR blocks and domains to the default file and
filter away, or specify the domain/CIDR block on the command line like

	$ ipgrep -m .mchsi.com nanog-list-botlist

See "ipgrep -h" for help:

usage: ipgrep {-h|--help|-V}
       ipgrep [options] [IP_address]

Revision 1.8

                Regardless of match/don't match selection, also print out
                all lines that do not even contain an IP address, to
                provide context.
        -d #
                Domain names must have at least # dots to be considered
                (default is 1)
                Print only those lines that contain IP addresses that
                DO NOT match the listed CIDR blocks.
        -m list
        --match list
                Match on the list of comma separated CIDR blocks
                and/or domains with leading "." (e.g.,

                This option is designed to be used for identifying
                specific hosts by CIDR block and/or domain, so it will
                over-ride any default networks usually used.  To also
                include the defaults, you must explicitly include them
                (see --networks option).
        -n file
        --networks file
                Match on the CIDR blocks or domain names listed in the
                referenced file.  Entries must occur one per line, and
                either use CIDR notation (e.g., "") or
                leading dot followed by top level of domain
                (e.g., ".example.com")

                If "--match" is used and you want to also include the
                normal default networks, you must add them explicitly
                by also using "--networks /usr/local/etc/networks.txt".
                Match any IP address on a line if more than one
                Print out this message.

Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5

More information about the unisog mailing list