[nsp-sec] Botnet info? (Attn: AS30506)
Rob Thomas
robt at cymru.com
Wed Oct 22 10:49:40 EDT 2008
Hey, Dan.
> We're seeing some bad IRC traffic heading toward 66.249.128.230.
>
> 230.128.249.66.in-addr.arpa domain name pointer
> 66-249-128-230-btl.blacksun.net.
>
> AS | IP | AS Name
> 30506 | 66.249.128.230 | BLACKSUN-1 - Blacksun Technologies LLC
> PEER_AS | IP | AS Name
> 22298 | 66.249.128.230 | SPNW - Secured Private Network
>
> [ Informations about 66.249.128.230 ]
>
> IP range : 66.249.128.0 - 66.249.143.255
> Network name : BSTTECH
> Infos : Blacksun Technologies LLC
> Infos : 530 W. 6th St.
> Infos : Suite 805
> Infos : Los Angeles
> Infos : CA
> Infos : 90014
> Country : United States (US)
> Abuse E-mail : daniel at blacksun.net
> Source : ARIN
>
> The signature we're seeing looks like this:
>
> PING :irc.priv8n
> et.com··:CDXPiiy
> LiFebuZ!sabb at 128
> .253.96.17 PRIVM
> SG CDXPiiyLiFebu
>
> Anyone have any clues as to what the nature of this botnet might be?
> Also, can someone at Blacksun or someone upstream bonk this server on
> the head?
>
> Thanks.
>
> -Dan
>
>
> _________________
> Daniel Adinolfi, CISSP
> Senior Security Engineer, IT Security Office
> Cornell University - Office of Information Technologies
> email: dra1 at cornell.edu phone: 607-255-7657
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list