[nsp-sec] Open proxy reports
Gabriel Iovino
giovino at ren-isac.net
Fri Jul 8 09:12:40 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/8/2011 2:22 AM, Jussi Eronen wrote:
> Hello,
>
> A Finnish hacker activated today in Twitter and posted about 3 listings
> of open proxies in pastebin. A fourth link did not work.
>
> https://twitter.com/theFailship?_escaped_fragment_=/theFailship#!/theFailship
>
> http://pastebin.com/LLEXx3wz
> http://pastebin.com/DzDkMqe4
> http://pastebin.com/vRZV5eN9
>
> I have not confirmed most of this data. The same data may have been
> posted in various fora. Data on possible proxies in .fi have been sent
> to respective ISP:s.
Looking at the IPs we consider to be ".edu", most appear to be PlanetLab
nodes:
> IP: 18.125.1.205 | PTR: SOLAB-RAYLEIGH.MIT.EDU.
> IP: 18.181.4.93 | PTR: XVM-FOUR-93.MIT.EDU.
> IP: 128.2.207.86 | PTR: COURSES-EXECED.ISRI.CMU.EDU.
> IP: 216.165.109.79 | PTR: planetx.scs.cs.nyu.edu.
> IP: 216.165.109.81 | PTR: planet1.scs.cs.nyu.edu.
> IP: 128.10.19.52 | PTR: planetlab1.cs.purdue.edu.
> IP: 128.10.19.52 | PTR: planetlab1.cs.purdue.edu.
> IP: 128.8.126.111 | PTR: salt.planetlab.cs.umd.edu.
> IP: 128.8.126.111 | PTR: salt.planetlab.cs.umd.edu.
> IP: 72.36.112.74 | PTR: planetlab4.cs.uiuc.edu.
> IP: 131.179.150.70 | PTR: Planetlab1.CS.UCLA.EDU.
> IP: 131.179.150.72 | PTR: Planetlab2.CS.UCLA.EDU.
> IP: 131.179.150.72 | PTR: Planetlab2.CS.UCLA.EDU.
> IP: 129.105.15.38 | PTR: planetlab3.ece.northwestern.edu.
> IP: 128.111.52.64 | PTR: planet4.cs.ucsb.edu.
> IP: 128.111.87.34 | PTR:
> IP: 128.119.41.211 | PTR: planetlab2.cs.umass.edu.
> IP: 206.207.248.34 | PTR: planetlab1.arizona-gigapop.net.
> IP: 140.247.60.126 | PTR: righthand.eecs.harvard.edu.
> IP: 207.62.217.252 | PTR:
> IP: 128.252.19.18 | PTR: vn5.cse.wustl.edu.
> IP: 143.215.131.206 | PTR: planet1.cc.gt.atl.ga.us.
> IP: 131.247.19.133 | PTR: usf264002.cutr.usf.edu.
> IP: 131.247.2.245 | PTR:
> IP: 128.220.231.4 | PTR:
> IP: 128.220.231.4 | PTR:
> IP: 128.220.231.4 | PTR:
> IP: 128.187.223.211 | PTR: planetlab1.byu.edu.
> IP: 128.187.223.212 | PTR: planetlab2.byu.edu.
> IP: 128.187.223.212 | PTR: planetlab2.byu.edu.
> IP: 192.68.112.205 | PTR:
> IP: 168.216.33.185 | PTR:
> IP: 168.216.38.240 | PTR:
> IP: 134.121.64.4 | PTR: planetlab1.eecs.wsu.edu.
> IP: 128.163.142.20 | PTR: planetlab1.netlab.uky.edu.
> IP: 198.7.244.73 | PTR: cismeet.rwu.edu.
> IP: 129.107.35.132 | PTR: planetlab2.uta.edu.
> IP: 129.110.125.51 | PTR: planetlab1.utdallas.edu.
> IP: 216.228.255.19 | PTR: opennms.byuh.edu.
> IP: 169.226.40.4 | PTR: node2.planetlab.albany.edu.
> IP: 129.15.78.31 | PTR: roam2.cs.ou.edu.
We'll look a little deeper into the machines that are not easily
associated with planetlab.
Thanks!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4XAkgACgkQwqygxIz+pTtN3wCfQTJIMArrdz+nym/WpOmUYQe9
mGEAn2nQMUvWRicVnh/gJQBL3c2ePklD
=Yn7J
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list