[nsp-sec] Network Outreach Please
Rob Thomas
robt at cymru.com
Mon Jan 18 10:40:53 EST 2010
Hey, Tom.
> AS | IP | AS Name
> 27269 | 198.182.56 | SNPS-DMZ - Synopsys Inc.
> 8075 | 207.68.169 | MICROSOFT-CORP---MSN-AS-BLOCK - Microsoft Corp
> 2687 | 210.88.245 | ASATTCA AT&T Global Network Services - AP
> 4716 | 211.10.250 | POWEREDCOM KDDI Corporation
> 23326 | 216.31.211 | BROADCOM-CORP - Broadcom Corporation
I ran these as /24s since you didn't include the fourth octet. I found
that two of the /24s have one HTTP C&C in common, and perhaps this is
related to the abuse you're enduring:
www.ems.com.cn 211.156.193.130
AS | IP | BGP Prefix | CC | Registry |
Allocated | AS Name
24430 | 211.156.193.130 | 211.156.193.0/24 | CN | apnic |
2000-06-27 | CNNIC-CHINAPOST-AP CHINA STATE POST BUREAU
PEER_AS | IP | BGP Prefix | CC | Registry |
Allocated | AS Name
4808 | 211.156.193.130 | 211.156.193.0/24 | CN | apnic |
2000-06-27 | CHINA169-BJ CNCGROUP IP network China169 Beijing Province
Network
4847 | 211.156.193.130 | 211.156.193.0/24 | CN | apnic |
2000-06-27 | CNIX-AP China Networks Inter-Exchange
If you can share the specific /32s, we can do a more specific analysis.
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list