[nsp-sec] 130K+ Infected Ips on ~3600 ASNs
Brian Epstein
bepstein at ias.edu
Thu Oct 1 17:02:28 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/01/2009 04:10 PM, Brian Epstein wrote:
> ACK for AS26099. Both IPs are NAT addresses and both are UDP. I can't
> seem to correlate them with my flow data, though.
Ah yes, factoring daylight savings time into my search shows the
connections.
I verified that both our connections were our DNS servers doing
nslookups. We had no TCP connections to the host at this time.
Thanks!
ep
- --
Brian Epstein <bepstein at ias.edu> +1 609-734-8179
Network and Security Officer Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE 4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iD8DBQFKxRjkYRdMJQNxwSoRAt9HAJ9hDpE8fWJd6cNdA9MzK20vFyqbGwCgsDsf
DCdWQggMg2Ih2Q/L7o1aShg=
=ySeq
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list