[149323] in North American Network Operators' Group
Re: US DOJ victim letter
daemon@ATHENA.MIT.EDU (PC)
Wed Feb 1 14:54:48 2012
In-Reply-To: <FE8E6728-7DDA-4CC6-8ADA-F448C53117DE@theflux.net>
Date: Wed, 1 Feb 2012 12:53:54 -0700
From: PC <paul4004@gmail.com>
To: TFML <mailinglist@theflux.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I received one on an IP block that were SWIPed to me.
Has anyone written a regular expression which matches the rogue dns server
IP ranges in question?
- 85.255.112.0 through 85.255.127.255;
- 67.210.0.0 through 67.210.15.255;
- 93.188.160.0 through 93.188.167.255;
- 77.67.83.0 through 77.67.83.255;
- 213.109.64.0 through 213.109.79.255;
- 64.28.176.0 through 64.28.191.255;
On Wed, Feb 1, 2012 at 8:32 AM, TFML <mailinglist@theflux.net> wrote:
> If the IP list is pointing to DNS servers, they maybe referring to the
> following:
>
> http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
>
> On Jan 31, 2012, at 7:38 PM, Phil Dyer wrote:
>
> > On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis <jlewis@lewis.org> wrote:
> >> On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
> >
> >>> Bit odd, if it's a phish. Even more odd if it's actually from the Fed.
> >>
> >>
> >> It's definitely real, but seems like they're handling it as
> incompetently as
> >> possible.
> >
> >
> > Yep. That sounds about right.
> >
> > Man, I'm feeling left out. I kinda want one now.
> >
> > phil
> >
>
>
>
