[AusNOG] Botnet??

Andrew Paternoster Andrew at screwloose.com.au
Sat Jul 28 22:35:38 EST 2012


Hi List

Just a heads up we noticed a sharp increase in our DNS requests tonight. I found a lot of requests for the domains spl.com and dgtl.ws. like a 1000's a sec from a few ips. I blocked them then more ips took over from them.
The intensity seems to have dropped of there are still a few getting through tho.

Here is a list that I have blocking in a access-list now. ( in case it save anyone else some typing. )

deny ip host 173.80.164.209 any
deny ip host 31.214.137.254 any
deny ip host 94.123.205.20 any
deny ip host 5.39.59.69 any
deny ip host 209.212.144.109 any
deny ip host 92.13.92.34 any
deny ip host 81.147.176.77 any
deny ip host 115.188.219.29 any
deny ip host 178.33.163.9 any
deny ip host 207.32.189.252 any
deny ip host 89.44.246.136 any
deny ip host 66.197.194.181 any
deny ip host 99.198.122.110 any
deny ip host 90.42.54.182 any
deny ip host 46.228.201.200 any
deny ip host 84.248.109.80 any
deny ip host 5.135.4.231  any
deny ip host 77.36.64.4  any
deny ip host 188.177.203.2  any
deny ip host 94.23.203.218  any
deny ip host 66.190.22.204 any
deny ip host 216.59.240.74  any
deny ip host 79.167.167.155  any
deny ip host 92.232.197.217   any
deny ip host 46.4.21.69  any
deny ip host 77.36.64.4   any
deny ip host 109.76.162.11    any
deny ip host 217.160.231.84    any
deny ip host 83.226.87.76    any
deny ip host 86.147.63.91    any
deny ip host 174.36.145.158    any
deny ip host 86.147.63.91    any
deny ip host 82.255.6.87   any
deny ip host 86.147.63.91    any
deny ip host 75.64.34.34   any
deny ip host 217.160.231.84   any
deny ip host 66.197.194.181  any
deny ip host 37.142.111.180  any
deny ip host 31.186.84.26   any
deny ip host 122.108.192.131   any
deny ip host 92.140.28.225    any
deny ip host 69.162.122.74    any
deny ip host 176.31.106.52     any

Thank you
Andrew Paternoster

[cid:image001.png at 01CD6D10.F99B47E0]

Andrew Paternoster
Screwloose

Tel: (03) 9095-7290
Email: Andrew at screwloose.com.au<mailto:Andrew at screwloose.com.au>
Site: http://www.screwloose.com.au










-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120728/7c90e2b6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 12944 bytes
Desc: image001.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120728/7c90e2b6/attachment.png>


More information about the AusNOG mailing list