This is a periodic public report from the ISOTF's affiliated group 'DA' (Drone Armies (botnets) research and mitigation mailing list / TISF DA) with the ISOTF affiliated ASreport project (TISF / RatOut). For this report it should be noted that we base our analysis on the data we have accumulated from various sources, which may be incomplete. Any responsible party that wishes to receive reports of botnet command and control servers on their network(s) regularly and directly, feel free to contact us. For purposes of this report we use the following terms open the host completed the TCP handshake closed No activity detected reset issued a RST This month's survey is of 3020 unique, domains (or IPs) with port suspect C&Cs. This list is extracted from the BBL which has a historical base of 9826 reported C&Cs. Of the suspect C&Cs surveyed, 666 reported as Open, 734 reported as closed, and 587 issued resets to the survey instrument. Of the C&Cs listed by domain name in the our C&C database, 4597 are mitigated. Top 20 ASNes by Total suspect domains mapping to a host in the ASN. These numbers are determined by counting the number of domains which resolve to a host in the ASN. We do not remove duplicates and some of the ASNs reported have many domains mapping to a single IP. Note the Percent_resolved figure is calculated using only the Total and Open counts and does not represent a mitigation effectiveness metric. Percent_ ASN Responsible Party Total Open Resolved 19318 AIC-81 Albany International Corp. 58 15 74 13301 UNITEDCOLO-AS Autonomous System of 54 37 31 30058 FDCSE FDCservers.net LLC 43 17 60 8972 INTERGENIA-ASN intergenia autonomou 40 23 43 3561 Savvis 34 5 85 4134 CHINANET-BACKBONE 32 13 59 30315 Everyones Internet 28 11 61 13749 EVRY Everyones Internet 28 8 71 23522 CIT-FOONET 27 14 48 4766 KIXS-AS-KR 26 4 85 30407 Velcom.com 24 20 17 33597 InfoRelay Online Systems, Inc. 23 0 100 8560 SCHLUND-AS 22 5 77 4314 IIS-64 I-55 INTERNET SERVICES 21 2 90 7132 SBC Internet Services 21 4 81 30083 Server4You Inc. 20 6 70 12832 Lycos Europe 20 0 100 174 Cogent Communications 20 14 30 27595 ATRIV Atrivo 19 2 89 13213 UK2NET-AS UK-2 Ltd Autonomous Syste 19 0 100 Top 20 ASNes by number of active suspect C&Cs. These counts are determined by the number of suspect domains or IPs located within the ASN completed a connection request. Percent_ ASN Responsible Party Total Open Resolved 13301 UNITEDCOLO-AS Autonomous System of 54 37 31 8972 INTERGENIA-ASN intergenia autonomou 40 23 43 30407 Velcom.com 24 20 17 30058 FDCSE FDCservers.net LLC 43 17 60 19318 AIC-81 Albany International Corp. 58 15 74 174 Cogent Communications 20 14 30 23522 CIT-FOONET 27 14 48 4134 CHINANET-BACKBONE 32 13 59 29073 COLINKS-AS Colinks web and game hos 15 12 20 19166 Alpha Red, INC 16 12 25 30315 Everyones Internet 28 11 61 7018 AT&T WorldNet Services 14 9 36 4713 OCN NTT Communications Corporation 15 9 40 9911 CONNECTPLUS-AP Singapore Telecom 13 8 38 3462 HINET 19 8 58 9121 TTNet 10 8 20 13749 EVRY Everyones Internet 28 8 71 16265 LEASEWEB AS 13 7 46 32748 NOZON NoZone 13 7 46 12322 PROXAD AS for Proxad ISP 7 7 0 Randal Vaughn Gadi Evron Professor ge at linuxbox.org Baylor University Waco, TX (254) 710 4756 randy_vaughn at baylor.edu