[nsp-sec] Update - Re: 130K+ Infected Ips on ~3600 ASNs
Stephen Gill
gillsr at cymru.com
Thu Oct 1 16:58:30 EDT 2009
Thanks to a couple folks for pointing out that it looks like a small
percentage of DNS traffic snuck in to the mix. I've added a filter to
remove that and re-run the list so that shouldn't cloud the overall picture.
-- steve
On 10/1/09 1:10 PM, "Brian Epstein" <bepstein at ias.edu> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ACK for AS26099. Both IPs are NAT addresses and both are UDP. I can't
> seem to correlate them with my flow data, though.
>
> Thanks,
> ep
>
> - --
> Brian Epstein <bepstein at ias.edu> +1 609-734-8179
> Network and Security Officer Institute for Advanced Study
> Key fingerprint = 128A 38F4 4CFA 5EDB 99CE 4734 6117 4C25 0371 C12A
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iD8DBQFKxQzLYRdMJQNxwSoRAn4fAJ9yyY7bc6JrlEdiMK0dSmSc5qGkmQCfaiXk
> USi5CCywT7LKoaT65c6/Z4o=
> =AjCC
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 630 230 5423 | gillsr at cymru.com
More information about the nsp-security
mailing list