The drone army (DA) research group surveys, conducted during random time
intervals over the past 6 months, associated 3724 unique, apparently active
hosts, which were, in some manner, associated with a suspect C&C domain.
Naturally, any such association contains peculiarities of measurement such as
false positives and attempted "Joe-Jobs" against legitimate hosts.
None-the-less, the association is of some interest (probably only to crusty
academics) in that unique IP counts combined with DA's monthly rankings reveal a
more precise, and likely truer, picture of C&C network demographics. The DA
monthly rankings, located on <http://isotf.org/ccreport.html> includes duplicate
host reports resulting from multiple domains and ports mapping to a single host.
This host duplication tends to inflate estimated host counts within a network.
Comparing the "Open" count for a network contained in DA report "Top 20 ASNes
by Total suspect domains" with the Uniq IP count contained in the included "Top
Forty Unique IP" list should give a better indication of the overall
effectiveness of the success of the network's C&C removal efforts.
Top forty Unique IP counts within Autonomous System:
ASN Uniq IPs Responsible Party
30058 113 FDCSERVERS - FDC Servers.net
25761 86 STAMINUS-COMM - Staminus Communications
23522 85 IPNAP-ES - Ecomdevel (CIT-FOONET)
19318 78 NJIIX-AS-1 - NEW JERSEY INTERN
4837 72 CHINA169-Backbone
4766 69 KIXS-AS-KR Korea Telecom
4134 66 CHINANET-BACKBONE No.31
13301 63 UNITEDCOLO-AS Autonomous System of unitedcolo.de
7132 59 SBC Internet Services
24989 47 IXEUROPE-DE-FRANKFURT-ASN IX Europe Germany AS
NA** 43 (No applicable network - Mitigation Address space)
3462 39 HINET Data Communication Business Group
12832 39 LYCOS-EUROPE Lycos Europe GmbH
9318 36 HANARO-AS Hanaro Telecom Inc.
3320 33 DTAG Deutsche Telekom AG
14779 33 INKTOMI-LAWSON - Inktomi Corporation
28753 32 NETDIRECT AS NETDIRECT Frankfurt
8560 31 ONEANDONE-AS 1&1 Internet AG
9121 31 TTNET TTnet Autonomous System
35916 27 Multa
577 26 BACOM - Bell Canada
16265 26 OCOM OCOM AS
3786 25 LGDACOM LG DACOM Corporation
8972 23 INTERGENIA-ASN intergenia autonomous system
14780 21 INKTOMI-LAWSON - Inktomi Corporation
20115 21 CHARTER-NET-HKY-NC - Charter Communications
8376 20 GO-JOR Autonomous System
36420 20 ev1.net
174 19 COGENT Cogent/PSI
3269 19 ASN-IBSNAZ TELECOM ITALIA
10316 19 ABACUS-NET-AS - Abacus America Inc.
22927 19 Telefonica de Argentina
31103 19 KEYWEB-AS Keyweb AG
1668 18 AOL-ATDN - AOL Transit Data Network
2119 18 TELENOR-NEXTEL T.net
3561 18 SAVVIS - Savvis
9155 18 QualityNet AS number
9800 18 UNICOM CHINA UNICOM
19262 18 Verizon Internet Services
1659 17 ERX-TANET-ASN1 Tiawan Academic Network (TANet)
Best regards
Randy Vaughn gadi evron
Randy_Vaughn (at) baylor.edu ge (at) linuxbox.org