Educause Security Discussion mailing list archives
Not so Nice Net
From: Jeff Moore <mail () JEFFMOORE COM>
Date: Wed, 8 Feb 2012 08:18:20 -0800
Hi all - Got a weird one here... Has anyone else noticed that almost all traffic from 91.x.x.x is of a "not so good" nature? We created a custom snort sig a while back to track the 91.x.x.x range because we saw that a majority of TORPIGs control servers were in that range and our institution rarely if ever gets traffic from that net. What we found interesting was that over the last year or more we have found that every single hit on that signature traced back to be "Not so Nice" hosts. for example: http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=91.43.140.23 (one from this morning. just mail rep on this one). We have also traced each of these down on our side and have found that the only traffic(initiated from our net) that was not virus/malware related was traffic from "Panda Download Manager" Which we also didn't want and is a shady-ish MP3 download engine. It astounds me that day in day out if we see traffic from this net it is always "Not so Nice"! I was just curious if you all have been seeing this as well and if not can ya take a peek to see if it rings true with your systems as well? Maybe I have just gotten lucky. Just a strange little oddity that I was curious if you all have seen. Thanks All! -- Jeff Moore Chemeketa Community College Desk (503) 877-4707 <https://www.google.com/voice?pli=1#phones> Cell (503) 9 <https://www.google.com/voice?pli=1#phones>10-0756 Jeff.Moore () chemeketa edu
Current thread:
- Not so Nice Net Jeff Moore (Feb 08)
- Re: Not so Nice Net Hanson, Mike (Feb 08)
- Re: Not so Nice Net Martin Manjak (Feb 08)
- Re: Not so Nice Net Jeff Moore (Feb 08)
- Re: Not so Nice Net David Gillett (Feb 08)
- Re: Not so Nice Net Heath Barnhart (Feb 09)
- Re: Not so Nice Net Brian Helman (Feb 10)
- Re: Not so Nice Net Michael Sinatra (Feb 10)
- Re: Not so Nice Net Jeff Moore (Feb 10)
- Re: Not so Nice Net Michael Sinatra (Feb 10)
- Message not available
- Not so Nice Net Jeff Moore (Feb 10)
- Re: Not so Nice Net Brian Helman (Feb 10)