[nsp-sec] conficker list
Tom Sands
tsands at rackspace.com
Thu Jan 15 16:23:56 EST 2009
ACK 15395
--------------------------------------------------------------------------------
Tom Sands
Chief Network Engineer
Rackspace
(210)312-4391
--------------------------------------------------------------------------------
Smith, Donald wrote:
> ----------- nsp-security Confidential --------
>
> A source that wishes to remain anonymous provided me apache logs for one of the systems conficker checks in with or downloads from. Beth Young at more.net also has a list and has offered to cross check these against her known infected systems.
>
>
> Here are two links to the list it contains over 700K uniq ips so it was TOO large to upload via the cymru web gui in a single file I had to split it.
>
> I only included the first time an IP checked in.
> Timezone is GMT -8:00
> link 1
> https://asn.cymru.com/nsp-sec/upload/1231957075.whois.txt
>
> link 2
> https://asn.cymru.com/nsp-sec/upload/1231958296.whois.txt
>
> Given the way I broke the list in half there is a very good chance your ASN will appear on both lists.
>
> H8Hz
> Donald.Smith at qwest.com gcia
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.
More information about the nsp-security
mailing list