We experienced an intentional GCI flood over several days. These IPs are infected (or participated voluntarily in a DDoS).
If this of of use to anyone, it includes the IP and host name. http://tqmcube.com/files/ddos-data.bz2 This is an incomplete list of unique IPs that were participants. Some of these IPs hit us several hundred times each. Oh, and I added a new zone - EXPLOIT.TQMCUBE.COM to one of the mirrors (primarily for the removal script to query). If it's of any practical value, feel free. All of these are already included in the spam list anyway. As you might expect - many are also dynamic. BTW, this had no negative impact - whatsoever - on the blacklist or its distribution. -- "Black Hole": The Effect of Administering a DNSBL Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com Don't Subsidize Criminals: http://boulderpledge.org
