[154636] in North American Network Operators' Group
Re: DNS Changer items
daemon@ATHENA.MIT.EDU (Nick Semenkovich)
Fri Jul 6 17:45:39 2012
In-Reply-To: <72F9A69DCF990443B2CEC064E605CE064A8179@Pascal.zaphodb.org>
From: Nick Semenkovich <semenko@alum.mit.edu>
Date: Fri, 6 Jul 2012 16:44:28 -0500
To: "Tomas L. Byrnes" <tomb@byrneit.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>
> We've been doing this for subscribers (including free community ones)
> since we got the sinkhole IPs from Andrew @ SIE/MAAWG.
>
At least now, the the ranges are publicly outlined in
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
85.255.112.0 through 85.255.127.255
67.210.0.0 through 67.210.15.255
93.188.160.0 through 93.188.167.255
77.67.83.0 through 77.67.83.255
213.109.64.0 through 213.109.79.255
64.28.176.0 through 64.28.191.255
These also return the "RED" dnschanger page:
$ dig +short @64.28.180.1 dns-ok.us
38.68.193.97
- Nick
--
Nick Semenkovich
Laboratory of Dr. Jeffrey I. Gordon
Medical Scientist Training Program
School of Medicine
Washington University in St. Louis
http://web.mit.edu/semenko/
