CME-24/BlackWorm email notifications + top-7 unreachable AS's
Below are the top-7 ASN's that *we* have not been able to reach with our email notifications of CME-24/BlackWorm infected machines: 5416 | BATELCO-BH 6412 | KW Gulfnet International 8781 | QA-ISP Qatar Telecom (Q-Tel) 10029 | SPECTRANET FIRST FIBRE BROADBA 12486 | Teleyemen - YNET Autonomous Nu 20759 | ISU-JED KACST/ISU Jeddah Auton 34105 | ARIAVESATCOM-AS Ariave Satcom If you know of a contact for these or did not receive a notification and would like to make sure your network is clean, please contact me off list. Thanks, Gadi.
Below are the top-7 ASN's that *we* have not been able to reach with our email notifications of CME-24/BlackWorm infected machines:
5416 | BATELCO-BH 6412 | KW Gulfnet International 8781 | QA-ISP Qatar Telecom (Q-Tel) 10029 | SPECTRANET FIRST FIBRE BROADBA 12486 | Teleyemen - YNET Autonomous Nu 20759 | ISU-JED KACST/ISU Jeddah Auton 34105 | ARIAVESATCOM-AS Ariave Satcom
If you know of a contact for these or did not receive a notification and would like to make sure your network is clean, please contact me off list.
I can get 6412 Kuwaiti Gulfnet. Do you have a URL or something you want them to look at? The rest are up and operational. Perhaps trying the role accounts for abuse, sysop, root, etc. or the APNIC/RIPE database for contacts might be useful. -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of the Technical Staff Network Operations hannigan@renesys.com
At 01:53 AM 2/1/2006 +0200, Gadi Evron wrote:
8781 | QA-ISP Qatar Telecom (Q-Tel)
Try Furhan Moidiin FURHANM@qtel.com.qa. Doug Pearson PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc Research and Education Networking ISAC 24x7 Watch Desk: +1(317)278-6630, ren-isac@iu.edu web: http://www.ren-isac.net
Gadi Evron wrote:
Below are the top-7 ASN's that *we* have not been able to reach with our email notifications of CME-24/BlackWorm infected machines:
5416 | BATELCO-BH 6412 | KW Gulfnet International 8781 | QA-ISP Qatar Telecom (Q-Tel) 10029 | SPECTRANET FIRST FIBRE BROADBA 12486 | Teleyemen - YNET Autonomous Nu 20759 | ISU-JED KACST/ISU Jeddah Auton 34105 | ARIAVESATCOM-AS Ariave Satcom
Here are the next TOP unreachable ASN's to OUR notification attempts: 1215 ORACLE-NA-AS - Oracle Corporat 3215 AS3215 France Telecom Transpac 4776 "ANET-TH-AP A-Net Co. Ltd." 5080 ARAMCO-AS - Aramco 5087 ERX-LANKA-COM Lanka Communicat 6125 RNP / Centro Regional do Distr 6197 BATI-ATL - BellSouth Network S 6423 EASYSTREET-ONLINE - EasyStreet 7151 BAYAREA-AS - Bay Area Internet 7616 JINET-BKK-AS-AP Jasmine Intern 7633 SOFTNET-AS-AP Software Technol 8140 Instituto Federal Electoral (I 9038 NETS Autonomous System 9051 IDM Autonomous System 9326 CENTRIN-AS-AP PT Centrin Utama 9340 "INDONET-AS-AP INDO Internet P" 9730 BHARTITELESONIC-AS-IN-AP Bhart 9830 SWIFTONLINE-AS-AP SWIFT ONLINE 10029 SPECTRANET FIRST FIBRE BROADBA 10031 IASPIRE-ASN iASPire.net Pte Lt 10201 DWL-AS-IN Dishnet Wireless Lim 10217 NTT-NET-ID-AS PT. NTT Indonesi 12735 ASNETONE Netone Bilgi Ve Ileti 12978 DOGAN-ONLINE Dogan Iletisim El 14025 "EZL-DOT-COM - ezl dot com inc" 14710 COX-OMAHA - Cox Communications 14962 NCR-252 - NCR Corporation 15764 PEGASUS 15802 DIC-AS1 Dubai Internet City 15897 RTNET RTNET Autonomous System 16422 NEWSKIES-NETWORKS - New Skies 16642 OGILVY-MATHER-EU AS for Ogilvy 17439 NETMAGIC-AP Netmagic Datacente 17443 ESTELCOM-AP International Inte 17445 INTER-AS-QNET Lensodatacom Co. 17464 TMIDC-AP Hosting Services (MYL 17501 WLINK-NEPAL-AS-AP WorldLink Co 17625 BLAZENET-IN-AP BlazeNet_s Netw 17648 HECL-AS HUGHES ESCORTS COMMUNI 17747 ZIML-AP ZEE INTERACTIVE MUTIME 17754 EXCELL-AS Excellmedia 17884 UNINET-AP PT. Uninet Media Sak 17885 JKTXLNET-AS-AP PT Excelcomindo 18101 RIL-IDC Reliance Infocom Ltd I 18105 KARNET-AP Karuturi Networks Lt 18156 BITNET-ID-AP BITNET ISP AS 21050 FAST-TELCO kw.fast-telco Autno 21575 Millicom Peru S.A. 23679 NUSANET-AS-ID Media Antar Nusa 24020 "UITM-AS-AP University IT Sha" 24195 DHECYBER-AS-ID Dhecyber Flow I 24802 KEYCAB-AS KEYCAB AS for announ 26593 Telespazio Argentina 29918 AFRINIC African Network Inform 30998 Know of a working contact for these? Please contact me off-list. Thanks, Gadi.
--On February 1, 2006 3:09:08 AM +0200 Gadi Evron <ge@linuxbox.org> wrote:
Gadi Evron wrote:
Below are the top-7 ASN's that *we* have not been able to reach with our email notifications of CME-24/BlackWorm infected machines:
<...>
Know of a working contact for these? Please contact me off-list.
For any you do get ahold of but-not-via-their ASN/Whois information, please politely ask them to update that on the community's behalf if they can :)
On 2/1/06, Gadi Evron <ge@linuxbox.org> wrote:
29918 AFRINIC African Network Inform
Er, AFRINIC is the RIR for the whole african continent. If you get a referral to AFRINIC go lookup whois.afrinic.net
10029 | SPECTRANET FIRST FIBRE BROADBA 5087 ERX-LANKA-COM Lanka Communicat 7633 SOFTNET-AS-AP Software Technol 9730 BHARTITELESONIC-AS-IN-AP Bhart 9830 SWIFTONLINE-AS-AP SWIFT ONLINE 10029 SPECTRANET FIRST FIBRE BROADBA 10201 DWL-AS-IN Dishnet Wireless Lim 17439 NETMAGIC-AP Netmagic Datacente 17443 ESTELCOM-AP International Inte 17501 WLINK-NEPAL-AS-AP WorldLink Co 17625 BLAZENET-IN-AP BlazeNet_s Netw 17648 HECL-AS HUGHES ESCORTS COMMUNI 17747 ZIML-AP ZEE INTERACTIVE MUTIME 17754 EXCELL-AS Excellmedia 18101 RIL-IDC Reliance Infocom Ltd I 18105 KARNET-AP Karuturi Networks Lt
No surprise - lots of networks from the indian subcontinent - blackworm mostly spreading through india as you say. Post on sanog@sanog.org asking about contacts, you'll find people on that list. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh Ramasubramanian wrote:
On 2/1/06, Gadi Evron <ge@linuxbox.org> wrote:
29918 AFRINIC African Network Inform
Er, AFRINIC is the RIR for the whole african continent. If you get a referral to AFRINIC go lookup whois.afrinic.net
Been hoping for something more like...
18105 KARNET-AP Karuturi Networks Lt
No surprise - lots of networks from the indian subcontinent - blackworm mostly spreading through india as you say. Post on sanog@sanog.org asking about contacts, you'll find people on that list.
Only actual contacts that won't over-extend us further. If you are on that list, can you please forward this message?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Thanks Suresh. Gadi.
participants (5)
-
Doug Pearson
-
Gadi Evron
-
Martin Hannigan
-
Michael Loftis
-
Suresh Ramasubramanian