[unisog] IRC Bot list (cross posting)

Dave Dittrich dittrich at u.washington.edu
Wed Feb 9 06:08:48 GMT 2005


> > I found an irc channel with 3000+ irc bots in it including a few hundred
> > edu's.
> > I have it posted at
> >
> > http://www.albany.edu/~ja6447/hacked_bots8.txt
> >
>
> I started to sort them... Maybe I will finish when I get out of work or
> so. Here is the prettified/sorted list of the above...
> http://www.infiltrated.net/nanog-list-botlist

Let me take this opportunity to say I have a script that will
select IP addresses by CIDR block, and/or host names by domain.
The script is called "ipgrep" and is available here:

	http://staff.washington.edu/dittrich/tools/ipgrep-1.8.tar

Just add your CIDR blocks and domains to the default file and
filter away, or specify the domain/CIDR block on the command line like
this:

	$ ipgrep -m .mchsi.com nanog-list-botlist
	12-219-211-44.client.mchsi.com
	12-219-150-37.client.mchsi.com
	12-218-220-137.client.mchsi.com
	12-216-253-244.client.mchsi.com
	12-215-78-243.client.mchsi.com
	12-205-154-165.client.mchsi.com

See "ipgrep -h" for help:



usage: ipgrep {-h|--help|-V}
       ipgrep [options] [IP_address]

Revision 1.8

Options:
        -c
        --context
                Regardless of match/don't match selection, also print out
                all lines that do not even contain an IP address, to
                provide context.
        -d #
                Domain names must have at least # dots to be considered
                (default is 1)
        -v
        --revert-match
                Print only those lines that contain IP addresses that
                DO NOT match the listed CIDR blocks.
        -m list
        --match list
                Match on the list of comma separated CIDR blocks
                and/or domains with leading "." (e.g.,
                "-match 192.168.1.0/24,.example.net").

                This option is designed to be used for identifying
                specific hosts by CIDR block and/or domain, so it will
                over-ride any default networks usually used.  To also
                include the defaults, you must explicitly include them
                (see --networks option).
        -n file
        --networks file
                Match on the CIDR blocks or domain names listed in the
                referenced file.  Entries must occur one per line, and
                either use CIDR notation (e.g., "192.168.1.0/24") or
                leading dot followed by top level of domain
                (e.g., ".example.com")

                If "--match" is used and you want to also include the
                normal default networks, you must add them explicitly
                by also using "--networks /usr/local/etc/networks.txt".
        -g
                Match any IP address on a line if more than one
                present.
        -h
        --help
                Print out this message.


--
Dave Dittrich                           Information Assurance Researcher,
dittrich at u.washington.edu               The iSchool
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5



More information about the unisog mailing list