[nsp-sec] Botnet info? (Attn: AS30506)
Daniel Adinolfi
dra1 at postoffice9.mail.cornell.edu
Wed Oct 22 08:37:12 EDT 2008
Folks,
We're seeing some bad IRC traffic heading toward 66.249.128.230.
230.128.249.66.in-addr.arpa domain name pointer 66-249-128-230-
btl.blacksun.net.
AS | IP | AS Name
30506 | 66.249.128.230 | BLACKSUN-1 - Blacksun Technologies LLC
PEER_AS | IP | AS Name
22298 | 66.249.128.230 | SPNW - Secured Private Network
[ Informations about 66.249.128.230 ]
IP range : 66.249.128.0 - 66.249.143.255
Network name : BSTTECH
Infos : Blacksun Technologies LLC
Infos : 530 W. 6th St.
Infos : Suite 805
Infos : Los Angeles
Infos : CA
Infos : 90014
Country : United States (US)
Abuse E-mail : daniel at blacksun.net
Source : ARIN
The signature we're seeing looks like this:
PING :irc.priv8n
et.com··:CDXPiiy
LiFebuZ!sabb at 128
.253.96.17 PRIVM
SG CDXPiiyLiFebu
Anyone have any clues as to what the nature of this botnet might be?
Also, can someone at Blacksun or someone upstream bonk this server on
the head?
Thanks.
-Dan
_________________
Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 at cornell.edu phone: 607-255-7657
More information about the nsp-security
mailing list