[nsp-sec] Mebroot/Torpig null route (AS 32613, 10297)
Tom Fischer
tfischer at bfk.de
Mon Feb 23 06:07:51 EST 2009
Hi,
any chance to enforce a null route of the following Mebroot/Torpig
c&c IP addresses?
hbgigffs.com (115.124.109.144) - primary Mebroot c&c server
AS | IP | AS Name
32613 | 115.124.109.144 | IWEB-AS - iWeb Technologies Inc.
PEER_AS | IP | AS Name
174 | 115.124.109.144 | COGENT Cogent/PSI
3320 | 115.124.109.144 | DTAG Deutsche Telekom AG
3356 | 115.124.109.144 | LEVEL3 Level 3 Communications
5769 | 115.124.109.144 | VIDEOTRON - Videotron Telecom Ltee
6453 | 115.124.109.144 | GLOBEINTERNET TATA Communications
13768 | 115.124.109.144 | PEER1 - Peer 1 Network Inc.
avjttbef.com (207.182.141.42) - primary Torpig c&c server
AS | IP | AS Name
10297 | 207.182.141.42 | COLUMBUSNAP - The Columbus Network Access Point, Inc.
PEER_AS | IP | AS Name
3356 | 207.182.141.42 | LEVEL3 Level 3 Communications
3549 | 207.182.141.42 | GBLX Global Crossing Ltd.
10796 | 207.182.141.42 | SCRR-10796 - Road Runner HoldCo LLC
Thanks!
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list