[148622] in North American Network Operators' Group
Re: US DOJ victim letter
daemon@ATHENA.MIT.EDU (Lane Powers)
Thu Jan 19 16:28:38 2012
X-RC-FROM: <lane.powers@swat.coop>
Date: Thu, 19 Jan 2012 15:27:43 -0600
From: Lane Powers <lane.powers@swat.coop>
To: Chris Adams <cmadams@hiwaay.net>,
"nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <20120119211922.GG32702@hiwaay.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We took the CIDR blocks listed here;
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-ma
lware.pdf
And ran them against net flow data from our external links and were able
to generate a list of subscriber IP addresses that were using the rogue
DNS servers.
Lane
--
Lane Powers
Southwest Arkansas Tel
On 1/19/12 3:19 PM, "Chris Adams" <cmadams@hiwaay.net> wrote:
>Once upon a time, Andrew D. Dibble <adibble@quantcast.com> said:
>> FBI seems to have a list of netblocks hosting rogue DNS servers here:
>> https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS
>
>So should I try to type in all the IPs on my network, one at a time? Oh
>wait, that page requires Javascript to check an IP; like I'm going to
>allow the FBI to run JS on my computer.
>
>--
>Chris Adams <cmadams@hiwaay.net>
>Systems and Network Administrator - HiWAAY Internet Services
>I don't speak for anybody but myself - that's enough trouble.
>
>
