[unisog] Cleaning up those networks

Michael Holstein michael.holstein at csuohio.edu
Tue Feb 20 19:09:46 GMT 2007


Brings up an interesting point .. there's been talk over on NANOG about 
creating a BGP feed for misbehaving hosts/nets so they could be 
automagically blackholed on a border router.

Is anyone doing this (internally), and if so, how?

I'd love to see a public route-server for that info, but suspect it'd 
get sued out of existence like some of the dnsBLs for spam.

~Mike.

J. Oquendo wrote:
> Greetings all. For those who I've dealt with before many thanks on the 
> help you'd given. For the past three months I've been compiling 
> information from hosts that have been brute force ssh attacking servers 
> that are running a program I have written called "Shapener". 
> (http://www.infiltrated.net/scripts/sharpener) I have sorted out the 
> information and traced back those IP address that fall under 
> Academialand and have compiled the following list of Universities which 
> have possible compromised machines.
> 
> Rather than post those address (to avoid having misguided individuals 
> who may be on this list), I am posting the Universities in hopes 
> admins/engineers of these institutions will contact me back for the 
> information on the host that is attacking, along with the date and 
> timestamps of the attacks. My hopes are to minimize intrusions, malware, 
> spyware, etc., and solely inform other engineers of issues coming out of 
> their networks. I sincerely hope those contacted will assist. The entire 
> list of attacking IP addresses is in the 47k range with 38 host 
> reporting on a 5 minute basis to a repository I've set up. Here are the 
> Universities.
> 
> Some folks may have been contacted already so apologies in advance. I 
> will give the Universities 15 business days to respond for those that 
> don't they will continue to be listed as threats and their networks will 
> be blocked from 38 individual networks 8 of which are /17's. For those 
> who respond, I will promptly remove the addresses.
> 
> California State University at Fresno
> Carnegie Mellon University
> Carroll College
> Emory University
> Florida Atlantic University
> Florida Information Resource Network
> Georgia Institute of Technology
> Gonzaga University
> Howard University
> Illinois Institute of Technology
> Indiana University - Purdue University Fort
> Louisiana State University
> Marquette University
> Massachusetts Institute of Technology
> NTT America, Inc.
> New York University
> Ohio State University
> Purdue University
> SUNY College at Fredonia
> San Diego County Office of Education
> San Francisco State University
> Stanford University
> State University of New York at
> Texas A&M University
> The Drexel University Campus
> Universite Laval
> University of California, Los Angeles
> University of Georgia
> University of Illinois
> University of Lethbridge
> University of Massachusetts
> University of Medicine and Dentistry of
> University of Michigan
> University of Missouri-Columbia
> University of Mobile
> University of Oklahoma
> University of Pennsylvania
> University of Puerto Rico
> University of Rhode Island
> University of Texas at Austin
> University of Texas at San Antonio
> University of Virginia
> University of Washington
> University of Wyoming
> Vanderbilt University
> Walla Walla College
> Washington University
> Westnet
> York University
> 
> 
> Respectfully,
> Jesus Oquendo / sil
> 
> ====================================================
> J. Oquendo
> GPG Key http://www.infiltrated.net/sil.key
> The happiness of society is the end of government.
> John Adams
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog


More information about the unisog mailing list