North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Infected list
* Barrett G. Lyon: > Here is a list of the compromised machines used in this new botnet we > found in California. These are all web servers connected to good > bandwidth and they are attacking us, so as a nice little holiday gift > to me, please clean your network up if these are on your network. :) It's usually better not to run DNS resolution on the IP addresses you have because DNS is so volatile. Mapping host names to IP address is rather expensive, too, and the casual bot-hunter may not have the necessary tools. (And I doubt that many bot hunters work at web-hosting companies...) Timestamps are usually required to pin-point an attack, but if the compromised hosts are mostly largish web servers, they should have static IP addresses and some kind of accounting where you can see that something went terribly wrong.  I assume you have verified those host names using a forward lookup. Relying on PTR records alone is not a good idea.