[unisog] A little Storm data
mike.lococo at nyu.edu
Thu Jul 19 05:56:58 GMT 2007
> Can you run a reverse-dns report on the IP range, and then identify how
> many of these IPs either don't have any reverse-dns or are apparantly on
> regular consumer class dialup/DSL/cable modem connections?
Based on some rough traffic analysis I did on what I was seeing on my
network, it's a mix. There are a lot of non-resolving IP's, and a very
large number of obviously dynamic or dial in addresses. Some systems
with static-y looking names as well, though. The infection vectors are
similar to other outbreaks we've seen, and so it makes sense that the
infected population would look fairly normal.
I ran ~8 IP's through your block checker and it caught about half of them.
- Mike Lococo
More information about the unisog