Since our run-in with Brobot a couple of weeks ago (See blog piece). We have had some requests to see if we had a list of what IPs are being used by Brobot. We do have a list of the offending IPs and its in the thousands, no surprise given its total power and to operate within TCP port 80 parameters, whereby it opens a TCP session transmits 1 character, then closes the session repeating this millions of times a second. You have to keep in mind these are not infected laptops and home PC’s these are servers that are bots and part of Brobot.
We took the large list of infected servers and grabbed the top 5,000 servers that were the most powerful or caused the most problems. We then ordered them by
Hosting provider. In other words which hosting/ISP’s had the most infected servers on their network’s out of the top 5,000 participating in Brobot.
Here they are:
| ASN
|
Country
|
Registry
|
AS Name
|
Total
|
Mbps
|
PPS
|
| 21788
|
US
|
ARIN
|
NOC-NetworkOperationsCenterInc.,US
|
73
|
436.8974
|
160472
|
| 36352
|
US
|
ARIN
|
AS-COLOCROSSING-ColoCrossing,US
|
56
|
509.4822
|
188632
|
| 43350
|
GB
|
RIPENCC
|
NFORCENFOrceEntertainmentBV,NL
|
25
|
172.4337
|
63200
|
| 33182
|
US
|
ARIN
|
DIMENOC-HostDime.com,Inc.,US
|
24
|
186.2226
|
68656
|
| 18978
|
US
|
ARIN
|
ENZUINC-US-EnzuInc,US
|
24
|
93.1144
|
34648
|
| 24940
|
DE
|
RIPENCC
|
HETZNER-ASHetznerOnlineAG,DE
|
19
|
146.1152
|
53896
|
| 40676
|
US
|
ARIN
|
AS40676-PsychzNetworks,US
|
19
|
41.9256
|
18664
|
| 36351
|
US
|
ARIN
|
SOFTLAYER-SoftLayerTechnologiesInc.,US
|
17
|
228.3533
|
85032
|
| 7643
|
VN
|
APNIC
|
VNPT-AS-VNVietnamPostsandTelecommunications(VNPT),VN
|
14
|
28.3722
|
11832
|
| Top 10 aggregate bandwidth 1.84 Gb/sec
|
| Top 10 aggregate Packets per second 685K
|
- Should you work with one of the named organizations above, contact us and we will send you the list of infected IPs on your network.
Mark Teolis
General Manager for DOSarrest Internet Security
