[nsp-sec] Hijacked DNS Flows towards 85.255.112.0/24 (ASN 36445)
White, Gerard
Gerard.White at aliant.ca
Mon Feb 25 10:17:10 EST 2008
Greetings
After a 96 hr "analysis", its _easier_ to list the /32's in this /24
that are NOT involved in Hijacked DNS
Flows:
85.255.112.0 - 85.255.112.4
85.255.112.14
85.255.112.17
85.255.112.18
85.255.112.22
85.255.112.27 - 85.255.112.59
85.255.112.67 - 85.255.112.69
85.255.112.72
85.255.112.74
85.255.112.79
85.255.112.80
85.255.112.100
85.255.112.105
85.255.112.113
85.255.112.114
85.255.112.120
85.255.112.121
85.255.112.136
85.255.112.145 - 85.255.112.147
85.255.112.160 - 85.255.112.164
85.255.112.182
85.255.112.191 - 85.255.112.193
85.255.112.199
85.255.112.204
85.255.112.208 - 85.255.112.211
85.255.112.215 - 85.255.112.217
85.255.112.219
85.255.112.224
85.255.112.227
85.255.112.229
85.255.112.233
85.255.112.235
85.255.112.238 - 85.255.112.255
3 other prefixes coming from 27595:
85.255.113.0/24
85.255.114.0/23
85.255.116.0/23 (only the 85.255.116.0/24 subnet is fausty)
Have their share of /32's as well, but nothing _close_ to the density of
flows towards 85.255.112.0/24
Computing the Evil ratio for this 85.255.112.0/24 prefix is left as an
exercise for the reader ;)
GW
855 - Bell Aliant
More information about the nsp-security
mailing list