[AusNOG] Conficker Infection Checking page [SEC=UNCLASSIFIED]

Kayne Naughton Kayne.Naughton at acma.gov.au
Tue Apr 7 09:57:04 EST 2009

As in "we know the IP address and times sighted of the nodes". There
being many thousands of domains used by Conficker means about a dozen
different organisations registered domains that Conficker may use to
update to its latest release. These organisations then pointed the
domains at sinkholes belonging to themselves or other CWG members.

All of the Conficker Working Group share their data but not all of them
integrate the data from other peoples sinkholes into their own reports,
so it can take a little bit of asking around to make sure you get close
to a full view of the Conficker data. Pretty sure we're reporting 95%+
of the Australian Confickers to their ISPs, but I think I'll get someone
to look into that today.

As previously stated on the list we don't know who the subscribers are
and we can't see any traffic ourselves. It's purely IP and timestamp
info we pass onto ISPs.


-----Original Message-----
From: Kim Davies [mailto:kim at cynosure.com.au]
Sent: Tuesday, 7 April 2009 3:40 AM
To: Kayne Naughton
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] Conficker Infection Checking page

Quoting Kayne Naughton on Monday April 06, 2009:
| I think we're covering most of the Conficker in Australia, at least as

| it's visible to working group members.

Could you explain a little what you mean by covering? In a
news-reporting sense, or in some kind of network sense?


If you have received this email in error, please notify the sender immediately and erase all copies of the email and any attachments to it. The information contained in this email and any attachments may be private, confidential and legally privileged or the subject of copyright. If you are not the addressee it may be illegal to review, disclose, use, forward, or distribute this email and/or its contents.
Unless otherwise specified, the information in the email and any attachments is intended as a guide only and should not be relied upon as legal or technical advice or regarded as a substitute for legal or technical advice in individual cases. Opinions contained in this email or any of its attachments do not necessarily reflect the opinions of ACMA.

More information about the AusNOG mailing list