[152358] in North American Network Operators' Group
Re: Operation Ghost Click
daemon@ATHENA.MIT.EDU (Andrew Latham)
Thu Apr 26 18:01:40 2012
In-Reply-To: <CA+TcGd9uo1JyKmpy7n46kkkH4oHidME9O6Q3vDbhbY-sxbAgag@mail.gmail.com>
Date: Thu, 26 Apr 2012 18:00:59 -0400
From: Andrew Latham <lathama@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Apr 26, 2012 at 5:57 PM, Kyle Creyts <kyle.creyts@gmail.com> wrote:
> http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-=
malware.pdf
>
> On Apr 26, 2012 5:48 PM, "Leigh Porter" <leigh.porter@ukbroadband.com>
> wrote:
>>
>>
>> On 26 Apr 2012, at 22:47, "Andrew Latham"
>> <lathama@gmail.com<mailto:lathama@gmail.com>> wrote:
>>
>>
>> On Thu, Apr 26, 2012 at 5:38 PM, Jeroen van Aart
>> <jeroen@mompl.net<mailto:jeroen@mompl.net>> wrote:
>>
>> Yes its a major problem for the users unknowingly infected. =C2=A0To the=
m
>> it will look like their Internet connection is down. =C2=A0Expect ISPs t=
o
>> field lots of support s
>>
>> Is there a list of these temporary servers so I can see what customers a=
re
>> using them (indicating infection) and head off a support call with some
>> contact?
>>
>> --
>> Leigh
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
--=20
~ Andrew "lathama" Latham lathama@gmail.com http://lathama.net ~
