Fwd: Code red infected customers

10 Aug 2001


      FYI, these are the IP's I've collected to date that are in the NZ domain, 
some of these will be on dynamic dialup accounts, if you would like the 
actual log entries which should include times they were online let me know, 
i'll probably clear off the log files and restart the collection at a later 
date as the time on the server was out by an hour <self fwap>
...
Date: Sat, 11 Aug 2001 18:57:54 +1200
From: root 
To: steve(a)nz.asiaonline.net
Subject: Code red infected customers
Code Red Infected customers on our network trying to infect remote sites..
202.154.128.18 : 18.128.154.202.IN-ADDR.ARPA domain name pointer 
ak-d18.connections.net.nz
202.180.111.174 : 174.111.180.202.IN-ADDR.ARPA domain name pointer 
202-180-111-174.nas3.chc.attica.net.nz
202.180.111.18 : 18.111.180.202.IN-ADDR.ARPA domain name pointer 
202-180-111-18.nas3.chc.attica.net.nz
202.180.111.77 : 77.111.180.202.IN-ADDR.ARPA domain name pointer 
202-180-111-77.nas3.chc.attica.net.nz
202.180.111.95 : 95.111.180.202.IN-ADDR.ARPA domain name pointer 
202-180-111-95.nas3.chc.attica.net.nz
202.180.68.127 : 127.68.180.202.IN-ADDR.ARPA domain name pointer 
202-180-68-127.nas1.wgn.attica.net.nz
202.180.68.40 : 40.68.180.202.IN-ADDR.ARPA domain name pointer 
202-180-68-40.nas1.wgn.attica.net.nz
202.180.69.248 : 248.69.180.202.IN-ADDR.ARPA domain name pointer 
202-180-69-248.ipn1.attica.net.nz
202.180.71.36 : 36.71.180.202.IN-ADDR.ARPA domain name pointer 
202-180-71-36.nas4.akl.attica.net.nz
202.180.90.163 : 163.90.180.202.IN-ADDR.ARPA domain name pointer 
202-180-90-163.nas7.akl.attica.net.nz
202.37.167.38 : 38.167.37.202.IN-ADDR.ARPA domain name pointer 
nwp-38.world-net.co.nz
202.37.68.193 : 193.68.37.202.IN-ADDR.ARPA domain name pointer 
nw3-193.world-net.co.nz
202.49.144.221 : 221.144.49.202.IN-ADDR.ARPA domain name pointer 
storefrontmail.viatx.com
202.49.144.225 : 225.144.49.202.IN-ADDR.ARPA domain name pointer 
stage.viatx.com
202.50.111.114 :
202.50.111.91 :
202.50.111.97 :
203.109.193.163 : 163.193.109.203.IN-ADDR.ARPA domain name pointer 
203-109-193-163.ihug.net
203.109.203.103 : 103.203.109.203.IN-ADDR.ARPA domain name pointer 
203-109-203-103.nzl.ihugultra.co.nz
203.167.132.64 : 64.132.167.203.IN-ADDR.ARPA domain name pointer 
203-167-132-64.dialup.clear.net.nz
203.167.161.144 : 144.161.167.203.IN-ADDR.ARPA domain name pointer 
203-167-161-144.dialup.clear.net.nz
203.167.164.208 : 208.164.167.203.IN-ADDR.ARPA domain name pointer 
203-167-164-208.dialup.clear.net.nz
203.167.166.71 : 71.166.167.203.IN-ADDR.ARPA domain name pointer 
203-167-166-71.dialup.clear.net.nz
203.167.171.155 : 155.171.167.203.IN-ADDR.ARPA domain name pointer 
203-167-171-155.dialup.clear.net.nz
203.167.214.50 :
203.167.247.214 : 214.247.167.203.IN-ADDR.ARPA domain name pointer 
cf4-acld.auckland.clix.net.nz
203.167.254.136 : 136.254.167.203.IN-ADDR.ARPA domain name pointer 
napr-m36.dialup.inhb.co.nz
203.79.102.72 : 72.102.79.203.IN-ADDR.ARPA domain name pointer 
203-79-102-72.tnt14.paradise.net.nz
203.79.103.179 : 179.103.79.203.IN-ADDR.ARPA domain name pointer 
203-79-103-179.tnt14.paradise.net.nz
203.96.106.59 : 59.106.96.203.IN-ADDR.ARPA domain name pointer 
203-96-106-59.dialup.xtra.co.nz
203.96.110.172 : 172.110.96.203.IN-ADDR.ARPA domain name pointer 
203-96-110-172.dialup.xtra.co.nz
203.96.110.66 : 66.110.96.203.IN-ADDR.ARPA domain name pointer 
203-96-110-66.dialup.xtra.co.nz
203.96.62.201 : 201.62.96.203.IN-ADDR.ARPA domain name pointer 
203-96-62-201-tollfree.actrix.co.nz
203.96.62.53 : 53.62.96.203.IN-ADDR.ARPA domain name pointer 
203-96-62-53-tollfree.actrix.co.nz
203.97.85.108 : 108.85.97.203.IN-ADDR.ARPA domain name pointer 
a004-m001-u108.chch.clear.net.nz
210.48.102.170 : 170.102.48.210.IN-ADDR.ARPA domain name pointer 
ip-210-48-102-170.iconz.net.nz
210.48.103.150 : 150.103.48.210.IN-ADDR.ARPA domain name pointer 
ip-210-48-103-150.iconz.net.nz
210.48.103.4 : 4.103.48.210.IN-ADDR.ARPA domain name pointer 
ip-210-48-103-4.iconz.net.nz
210.48.81.19 : 19.81.48.210.IN-ADDR.ARPA domain name pointer 
p19.pool1.staticadsl.iconz.net.nz
210.54.121.65 : 65.121.54.210.IN-ADDR.ARPA domain name pointer 
210-54-121-65.adsl.xtra.co.nz
210.54.199.115 : 115.199.54.210.IN-ADDR.ARPA domain name pointer 
210-54-199-115.dialup.xtra.co.nz
210.54.201.186 : 186.201.54.210.IN-ADDR.ARPA domain name pointer 
210-54-201-186.dialup.xtra.co.nz
210.54.201.49 : 49.201.54.210.IN-ADDR.ARPA domain name pointer 
210-54-201-49.dialup.xtra.co.nz
210.54.217.216 : 216.217.54.210.IN-ADDR.ARPA domain name pointer 
ppp-15.satlan.co.nz
210.54.221.186 : 186.221.54.210.IN-ADDR.ARPA domain name pointer 
210-54-221-186.ipnets.xtra.co.nz
210.54.221.194 : 194.221.54.210.IN-ADDR.ARPA domain name pointer 
210-54-221-194.ipnets.xtra.co.nz
210.54.224.235 : 235.224.54.210.IN-ADDR.ARPA domain name pointer 
210-54-224-235.adsl.xtra.co.nz
210.54.229.174 : 174.229.54.210.IN-ADDR.ARPA domain name pointer 
210-54-229-174.dialup.xtra.co.nz
210.54.233.174 : 174.233.54.210.IN-ADDR.ARPA domain name pointer 
210-54-233-174.adsl.xtra.co.nz
210.54.242.194 : 194.242.54.210.IN-ADDR.ARPA domain name pointer 
210-54-242-194.adsl.xtra.co.nz
210.54.247.251 : 251.247.54.210.IN-ADDR.ARPA domain name pointer 
smtp.carolineeve.co.nz
210.54.254.97 : 97.254.54.210.IN-ADDR.ARPA domain name pointer 
210-54-254-97.adsl.xtra.co.nz
210.54.76.237 : 237.76.54.210.IN-ADDR.ARPA domain name pointer 
210-54-76-237.dialup.xtra.co.nz
210.54.77.98 : 98.77.54.210.IN-ADDR.ARPA domain name pointer 
210-54-77-98.dialup.xtra.co.nz
210.54.80.49 : 49.80.54.210.IN-ADDR.ARPA domain name pointer 
210-54-80-49.adsl.xtra.co.nz
210.54.80.78 : 78.80.54.210.IN-ADDR.ARPA domain name pointer 
210-54-80-78.adsl.xtra.co.nz
210.54.8.148 :
210.54.83.179 : 179.83.54.210.IN-ADDR.ARPA domain name pointer 
210-54-83-179.adsl.xtra.co.nz
210.54.84.137 : 137.84.54.210.IN-ADDR.ARPA domain name pointer 
210-54-84-137.adsl.xtra.co.nz
210.54.84.211 : 211.84.54.210.IN-ADDR.ARPA domain name pointer 
210-54-84-211.adsl.xtra.co.nz
210.54.89.14 : 14.89.54.210.IN-ADDR.ARPA domain name pointer 
smtp.insteplimited.com
14.89.54.210.IN-ADDR.ARPA domain name pointer smtp.hanmerinstitute.com
210.54.98.43 : 43.98.54.210.IN-ADDR.ARPA domain name pointer 
210-54-98-43.dialup.xtra.co.nz
210.54.99.167 : 167.99.54.210.IN-ADDR.ARPA domain name pointer 
210-54-99-167.dialup.xtra.co.nz
210.55.103.213 : 213.103.55.210.IN-ADDR.ARPA domain name pointer 
port55-103-213.jetstart.win.co.nz
210.55.106.10 : 10.106.55.210.IN-ADDR.ARPA domain name pointer 
ip210-55-106-10.ip.maxnet.co.nz
210.55.106.136 : 136.106.55.210.IN-ADDR.ARPA domain name pointer 
ip210-55-106-136.ip.maxnet.co.nz
210.55.123.35 : 35.123.55.210.IN-ADDR.ARPA domain name pointer 
210-55-123-35.dialup.xtra.co.nz
210.55.146.39 : 39.146.55.210.IN-ADDR.ARPA domain name pointer 
210-55-146-39.dialup.xtra.co.nz
210.55.146.83 : 83.146.55.210.IN-ADDR.ARPA domain name pointer 
210-55-146-83.dialup.xtra.co.nz
210.55.159.221 : 221.159.55.210.IN-ADDR.ARPA domain name pointer 
210-55-159-221.ipnets.xtra.co.nz
210.55.159.222 : 222.159.55.210.IN-ADDR.ARPA domain name pointer 
210-55-159-222.ipnets.xtra.co.nz
210.55.178.166 : 166.178.55.210.IN-ADDR.ARPA domain name pointer 
210-55-178-166.dialup.xtra.co.nz
210.55.228.173 : 173.228.55.210.IN-ADDR.ARPA domain name pointer 
adsl-173.world-net.co.nz
210.55.57.45 : 45.57.55.210.IN-ADDR.ARPA domain name pointer 
210-55-57-45.adsl.xtra.co.nz
210.55.9.105 :
210.86.24.203 : 203.24.86.210.IN-ADDR.ARPA domain name pointer 
210-86-24-203.adsl.xtra.co.nz
210.86.24.254 : 254.24.86.210.IN-ADDR.ARPA domain name pointer 
210-86-24-254.adsl.xtra.co.nz
210.86.25.142 : 142.25.86.210.IN-ADDR.ARPA domain name pointer 
210-86-25-142.adsl.xtra.co.nz
Total customers Code Red infected so far counted at :     79
--
Steve
Systems Admin, Asia Online (NZ)

---------
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz
where the body of your message reads:
unsubscribe nznog

Steve Phillips

Craig Whitmore

tags

participants (2)