If anyone is interested, here's what things look like from here for the past 3 days. dns2:~ wschultz$ gzcat /var/log/named.log.01262009.gz |awk '/\.\/NS\/ IN.*denied/{print $6}' |sed -e 's/#.*//g' |sort |uniq -c |sort -n 6 150.69.136.10 1387 76.9.16.171 2759 63.217.28.226 98680 206.71.158.30 dns2:~ wschultz$ gzcat /var/log/named.log.01272009.gz |awk '/\.\/NS\/ IN.*denied/{print $6}' |sed -e 's/#.*//g' |sort |uniq -c |sort -n 6 150.69.136.10 1387 76.9.16.171 2753 63.217.28.226 5521 206.71.158.30 dns2:~ wschultz$ cat /var/log/named.log |awk '/\.\/NS\/IN.*denied/ {print $6}' |sed -e 's/#.*//g' |sort |uniq -c |sort -n 2 150.69.136.10 279 67.192.144.0 296 76.9.16.171 6519 64.57.246.123 17207 64.57.246.146 20646 70.86.80.98 -wil On Jan 28, 2009, at 8:07 AM, Andrew Fried wrote:
Targeted victims, beginning 28-Jan-2009, as seen from my DNS server. GeoIP data for top two sites also below:
+----------------+-------------+------------+ | host | count(host) | Percentage | +----------------+-------------+------------+ | 202.104.106.49 | 51 | 0.1109 | | 210.21.218.138 | 51 | 0.1109 | | 64.57.246.123 | 3561 | 7.7421 | | 64.57.246.146 | 29530 | 64.2026 | | 67.192.144.0 | 991 | 2.1546 | | 70.86.80.98 | 11276 | 24.5157 | | 76.9.16.171 | 535 | 1.1632 | +----------------+-------------+------------+
GeoIP Location Information for IP: 64.57.246.146 Located in: Suwanee, GA (US) Latitude: 34.0535 Longitude: -84.0659 Area Code: 770 Postal Code: 30024
ARIN information for: 64.57.246.146 DNS PTR Record: Registrar: arin ASN Number: AS20141 Country: US Ip Starting Block: 64.57.240.0 IP Ending Block: 64.57.255.255 IP Block Size: 4096 Date Registered: 20051012 Block Status: allocated
BGP Peering Information for ASN20141:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 6983 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | ITCDELTA - ITC^Deltacom 14745 | 64.57.246.146 | 64.57.240.0/20 | US | arin | 2005-10-12 | INTERNAP-BLOCK-4 - Internap Network Services Corporation
GeoIP Location Information for IP: 70.86.80.98 Located in: Houston, TX (US) Latitude: 29.7523 Longitude: -95.3670 Area Code: 713 Postal Code: 77002
ARIN information for: 70.86.80.98 DNS PTR Record: 62.50.5646.static.theplanet.com. Registrar: arin ASN Number: AS21844 Country: US Ip Starting Block: 70.84.0.0 IP Ending Block: 70.87.255.255 IP Block Size: 262144 Date Registered: 20040729 Block Status: allocated
BGP Peering Information for ASN21844:
PEER_AS | IP | BGP Prefix | CC | Registry | Allocated | AS Name 2914 | 70.86.80.98 | 70.84.0.0/14 | US | arin | 2004-07-29 | NTT-COMMUNICATIONS-2914 - NTT America, Inc. 3356 | 70.86.80.98 | 70.84.0.0/14 | US | arin | 2004-07-29 | LEVEL3 Level 3 Communications 3549 | 70.86.80.98 | 70.84.0.0/14 | US | arin | 2004-07-29 | GBLX Global Crossing Ltd. 4565 | 70.86.80.98 | 70.84.0.0/14 | US | arin | 2004-07-29 | MEGAPATH2-US - MegaPath Networks Inc. 6461 | 70.86.80.98 | 70.84.0.0/14 | US | arin | 2004-07-29 | MFNX MFN - Metromedia Fiber Network
-- Andrew Fried andrew.fried@gmail.com