[61894] in North American Network Operators' Group
Re: dns.exe virus?
daemon@ATHENA.MIT.EDU (Richard Cox)
Mon Sep 8 18:11:26 2003
Date: Mon, 08 Sep 2003 23:10:16 +0100
From: Richard Cox <Richard@mandarin.com>
To: nanog@merit.edu
Reply-To: Richard@mandarin.com
In-Reply-To: <001201c3764b$2575d590$1809d440@cpq>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 8 Sep 2003 13:52:41 -0700
"Christopher J. Wolff" <chris@bblabs.com> wrote:
| Here is an example of what the two hosts .3 and .4 were up to.
{snipped}
The list of hosts they were accessing is ... well, interesting!
24.221.129.4 aztutmux01.az.sprintbbd.net
24.221.129.5 aztutmns01.az.sprintbbd.net
63.210.142.26 unknown.Level3.net
63.215.198.78 unknown.Level3.net
63.240.144.98 a63.240.144.98.deploy.akamaitechnologies.com
63.240.15.245 [CERFnet]
64.215.170.28 [Akamai Technologies/Dallas]
64.24.79.2 [StarNet]
64.24.79.3 [StarNet]
64.24.79.5 [StarNet]
65.102.83.43 ns2.granitecanyon.com
128.121.26.10 [Verio]
166.90.208.166 a166-90-208-166.deploy.akamaitechnologies.com
192.26.92.30 c.gtld-servers.net
192.31.80.30 d.gtld-servers.net
192.35.51.30 f.gtld-servers.net
192.36.148.17 i.root-servers.net
192.41.162.30 l.gtld-servers.net
192.43.172.30 i.gtld-servers.net
192.48.79.30 j.gtld-servers.net
192.5.6.30 a.gtld-servers.net
192.52.178.30 k.gtld-servers.net
192.55.83.30 m.gtld-servers.net
205.166.226.38 ns1.granitecanyon.com
213.161.66.159 213-161-66-159.akamai.com
216.239.32.10 ns1.google.com
216.239.38.10 ns4.google.com
216.74.14.155 [XO]
(Where no rDNS existed, the Netblock owner is shown in [])
--
Richard Cox
%% HELO - the first word of every Email transaction - is in Welsh! %%
