August 2005: Drone Army Botnet C&C listing
Keeping is step with Gadi's language from last month: Below is a periodic public report from the Drone Army(DA)/Botnet Research and mitigation mailing list. For this report it should be noted that we base our analysis on the data we have accumulated from various sources. According to our analysis of information we have conducted thus far, we are now publishing our regular reports, with some additional information, which may vary from time to time, as needed. As of this July 2005, any responsible party that wishes to receive information about botnet C&C's in their net space can contact us and be added to our notification list. The principle contact is Paul Ferguson (Fergie). - ferg ==== Special appreciation is due to Staminus who took quick action to resolve the suspect C&Cs of the last report and rapidly resolved all of the suspect C&Cs which appeared during this current survey. AS responsible Parties ranked by top 10 open unresolved suspect C&Cs: ASN Responsible Party Total Open 30058 FDCSERVERS - FDCservers.net LL 123 43 21840 SAGONET-TPA - Sago Networks 53 26 13680 AS13680 Hostway Corporation Ta 23 23 15083 INFOLINK-MIA-US - Infolink Inf 37 21 6461 MFNX MFN - Metromedia Fiber Ne 28 17 8560 SCHLUND-AS Schlund + Partner A 26 17 30083 SERVER4YOU - Server4You Inc. 37 16 13237 LAMBDANET-AS European Backbone 15 12 9800 UNICOM CHINA UNICOM 14 11 27645 ASN-NA-MSG-01 - Managed Soluti 18 11 Historical Report ranked by past suspect C&Cs mapping into the AS: ASN Responsible Party Total Open Percent Resolved 14742 INTERNAP-BLOCK-4 - Internap Ne 142 2 99% 14744 30058 FDCSERVERS - FDCservers.net LL 123 43 65% 10913 INTERNAP-BLK - Internap Networ 84 0 100% 25761 STAMINUS-COMM - Staminus Commu 58 0 100% 21840 SAGONET-TPA - Sago Networks 53 26 51% 3356 LEVEL3 Level 3 Communications 43 5 88% 21844 THEPLANET-AS - THE PLANET 38 5 87% 30083 SERVER4YOU - Server4You Inc. 37 16 57% 15083 INFOLINK-MIA-US - Infolink Inf 37 21 43% 11739 DIGITAL-FOREST-NW - digital.fo 29 0 100% 16237 NXS Nxs Internet BV 29 0 100% The report summary includes a Percent Resolved Column in order to recognize the mitigation efforts of the AS Responsible Parties. The Opens Unresolved column represents the number of unique C&C which reported as open to the survey's connection attempts and which have neither been investigated nor cleared by the Responsible Party (to the extent of our knowledge). The Total mapping count may include multiple names mapping to a single IP within an AS. We count each mapping count as a unique C&C. Stats for the DA group compiled by: Randal Vaughn Professor Information Systems Baylor University Randy_Vaughn (at) Baylor.edu -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
participants (1)
-
Fergie (Paul Ferguson)