We took the CIDR blocks listed here; http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-ma lware.pdf
And ran them against net flow data from our external links and were able to generate a list of subscriber IP addresses that were using the rogue DNS servers. Lane -- Lane Powers Southwest Arkansas Tel On 1/19/12 3:19 PM, "Chris Adams" <cmad...@hiwaay.net> wrote: >Once upon a time, Andrew D. Dibble <adib...@quantcast.com> said: >> FBI seems to have a list of netblocks hosting rogue DNS servers here: >> https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS > >So should I try to type in all the IPs on my network, one at a time? Oh >wait, that page requires Javascript to check an IP; like I'm going to >allow the FBI to run JS on my computer. > >-- >Chris Adams <cmad...@hiwaay.net> >Systems and Network Administrator - HiWAAY Internet Services >I don't speak for anybody but myself - that's enough trouble. > >
