[nsp-sec] skunkx bots - sinkhole data
Jose Nazario
jose at arbor.net
Tue Apr 26 15:14:51 EDT 2011
past 24h of sinkholing the skunkx ddos bot associated with the domain name "imageshak.biz". you can read about it here:
http://asert.arbornetworks.com/2011/03/skunkx-ddos-bot-analysis/
total uniq IPs seen in the past day: 28732
top ASNs by count:
7559 AS45595 | PKTELECOM-AS-PK Pakistan Telecom Company Limited
2772 AS9829 | BSNL-NIB National Internet Backbone
1880 AS24560 | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
831 AS17813 | MTNL-AP Mahanagar Telephone Nigam Ltd.
787 AS17974 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
732 AS17803 | BSES-AS-AP BSES TeleCom Limited
702 AS38264 | WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment
650 AS23693 | TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
600 AS38710 | WORLDCALL-AS-LHR Worldcall Broadband Limited
510 AS55740 | TATAINDICOM-IN TATA TELESERVICES LTD - TATA INDICOM - CDMA DIVISION
data enclosed, format is ASN, IP, CC, UTC timestamp of last observation, and network name
Bulk mode; whois.cymru.com [2011-04-26 19:09:57 +0000]
NA | 203.193.142.37 | IN | 1303820354 | NA
12 | 128.122.68.176 | US | 1303844808 | NYU-DOMAIN - New York University
12 | 128.122.92.104 | US | 1303844807 | NYU-DOMAIN - New York University
...
hope this helps. data may be shared per list conditions with relevant parties for remediation purposes.
_____________________________
jose nazario, ph.d. jose at arbor.net
sr. manager of security research, arbor networks
http://asert.arbor.net/
More information about the nsp-security
mailing list