[nsp-sec] Metasploit DDoS IP -> ASN mappings
Chris Calvert
Chris.Calvert at telus.com
Mon Feb 9 15:34:08 EST 2009
As (bad)luck would have it, that IP is in a bit of the network that I have limited visibility into.
IP address: 75.152.62.151
Reverse DNS: c75.152.62-151.clta.globetrotter.net.
Reverse DNS authenticity: [Verified]
ASN: 852
ASN Name: ASN852
IP range connectivity: 22
Registrar (per ASN): ARIN
Country (per IP registrar): CA [Canada]
Country Currency: CAD [Canada Dollars]
Country IP Range: 75.152.0.0 to 75.159.255.255
Country fraud profile: Normal
City (per outside source): Burnaby, British Columbia
Country (per outside source): CA [Canada]
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 75.152.62.151
I'm seeing what I can dig up... Any luck digging up information since your email on potential C&C hosts, services, etc?
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Jose Nazario
> Sent: Monday, February 09, 2009 7:50 AM
> To: NSP nsp-security
> Subject: Re: [nsp-sec] Metasploit DDoS IP -> ASN mappings
>
> ----------- nsp-security Confidential --------
>
> and again, not attached. posted it here:
>
> http://monkey.org/~jose/tmp/metasploit_asns.txt
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> manager of security research arbor networks
> v: (734) 821 1427 http://asert.arbor.net/
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list