Re: short Botnet list and Cashing in on DoS

At 01:10 AM 07/10/2004, J. Oquendo wrote:

I've been slowly compiling a list of known botnets should

A lot of the IP addresses you have listed seem like they would change with some frequency based on the host names. The problem with using such a list is that it can quickly become out of date unless the entries are automatically aged. Think of a dialup zombie assigned a dynamic IP out of the netblock 192.168.0.0/24. Over time, 192.168.0.1 through .255 will become black listed as the user comes and goes. A quick cat list | sort | uniq | awk '{print "host "$1}' | sh shows 0.102.218.12.IN-ADDR.ARPA domain name pointer 12-218-102-0.client.mchsi.com 197.26.119.128.IN-ADDR.ARPA domain name pointer jqa-197.res.umass.edu 227.8.119.128.IN-ADDR.ARPA domain name pointer ja2-227.res.umass.edu Host not found. 76.84.36.128.IN-ADDR.ARPA domain name pointer yale128036084076.student.yale.edu 144.150.2.129.IN-ADDR.ARPA domain name pointer rkraft.student.umd.edu 205.153.64.130.IN-ADDR.ARPA domain name pointer resnet153-205.medford.tufts.edu 154.221.49.137.IN-ADDR.ARPA domain name pointer uhartford221154.hartford.edu 58.229.166.141.IN-ADDR.ARPA domain name pointer smh229058.richmond.edu 57.230.166.141.IN-ADDR.ARPA domain name pointer smh230057.richmond.edu 2.233.166.141.IN-ADDR.ARPA domain name pointer sfa233002.richmond.edu 87.236.166.141.IN-ADDR.ARPA domain name pointer sfa236087.richmond.edu 247.237.166.141.IN-ADDR.ARPA domain name pointer sfa237247.richmond.edu 168.130.216.150.IN-ADDR.ARPA domain name pointer tfk1116.students.ecu.edu 82.187.1.152.IN-ADDR.ARPA domain name pointer fahrmpc32.cvm.ncsu.edu Host not found. 222.128.112.195.IN-ADDR.ARPA domain name pointer proxy02.ada.net.tr 131.11.66.200.IN-ADDR.ARPA domain name pointer customer-MZT-11-131.megared.net.mx 102.214.253.206.IN-ADDR.ARPA domain name pointer construct.enic.cc 205.147.234.207.IN-ADDR.ARPA domain name pointer 207-234-147-205.ptr.primarydns.com Host not found. 198.173.54.213.IN-ADDR.ARPA domain name pointer p213.54.173.198.tisdip.tiscali.de 58.114.254.216.IN-ADDR.ARPA domain name pointer dsl254-114-058.nyc1.dsl.speakeasy.net 114.8.195.24.IN-ADDR.ARPA domain name pointer alb-24-195-8-114.nycap.rr.com Host not found. Host not found. Host not found. 163.26.167.62.IN-ADDR.ARPA domain name pointer adsl-62-167-26-163.adslplus.ch 248.180.65.62.IN-ADDR.ARPA domain name pointer irc-out.antik.sk 179.55.23.64.IN-ADDR.ARPA domain name pointer 64-23-55-179.ptr.skynetweb.com 7.156.37.64.IN-ADDR.ARPA domain name pointer patch-virt7.station.sony.com 156.238.110.65.IN-ADDR.ARPA domain name pointer coy.student.iastate.edu 163.75.210.66.IN-ADDR.ARPA domain name pointer wsip-66-210-75-163.lu.dl.cox.net 20.188.250.66.IN-ADDR.ARPA domain name pointer 66.250.188.20.chaincast.com 200.234.45.66.IN-ADDR.ARPA domain name pointer irc.ashenworlds.net Host not found, try again. 56.87.90.66.IN-ADDR.ARPA domain name pointer . 36.53.149.68.IN-ADDR.ARPA domain name pointer S0106000103a72199.ed.shawcable.net 146.173.41.69.IN-ADDR.ARPA domain name pointer unused.800hosting.com 60.89.42.69.IN-ADDR.ARPA domain name pointer irc.afraid.org 1.212.247.80.IN-ADDR.ARPA domain name pointer servicez.org Have you sent email to those edu abuse contacts ? Most of the universities I have worked with for abuse resolution are generally responsive. ---Mike