hello to all mikrotik developer
i follow this guide was post by omegga >>> http://wiki.mikrotik.com/wiki/Conficker-Virus-Blocking
i saw this 250 duplicated ip’s in my address list and im asking what is this means??
I’ve been getting that too.
OpenDns is actively blocking the conficker domains.
I’ve only been getting 2 different ip’s when I run the script. One is amazon and the other is opendns.
I’m wondering if there is a way to detect the domains on the list using dns cache.
Some script to check the dns cache for the domains on the list and generate an output to notify you.
or the alternative method would be to check for a duplicate IP before adding it to the list.
I’ll see if I can script up something to fix this and integrate it with the script currently list on the wiki.
I’m also doing a bunch more of the daily lists, I’m just copying and pasting them by hand at the moment as mikrotiks the only real scripting language I’ve ever needed to learn 
So, all waiting on me at the moment I guess.. sorry 
Expect to see an update in the next 12 hours.
Updates:
- Finished Conficker A/B lists up to April 30th
- Updated script to drop duplicate listings.
The following script will stop the addition of duplicate IP’s.
#resolve each new line and add to the address list daily-conficker. updated to list domain as comment
:if ( [:pick $line 0 1] != "\n" ) do={
:local entry [:pick $line 0 ($lineEnd ) ]
:if ( [:len $entry ] > 0 ) do={
:local listip [:resolve "$entry"]
:if ($listip != "failure" ) do={
:if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
/ip firewall address-list add list=daily-conficker address=$listip comment=$entry
:log info "$listip"
} else={:log info "duplicate IP $entry"}
}
}
}
} while ($lineEnd < $contentLen)
}
:log info "Address List Modification Complete"
#cleaning up
/file remove "$month-$day-$year.txt"
You should be able to see from the comments what it replaces, but if not I’ve updated the wiki entry to reflect the new script.
omega-00,
Appreciate all the time you’re spending on this.
Removing the duplicates is good.
My concern now is that since opendns is blocking the domains, we’re not getting a good ip back when resolved.
I’m only getting two different ip addresses…and opendns has been notifying me that my network may be infected. Probably due to the fact that I’m running the script once a day.
I believe that when the list is resolved, opendns is replying with the blocked page. Just a hunch.
I’m still leaning toward somehow bouncing the daily-list against the dns cache. Though I’m not sure I’d be able to identify where the dns request is originating.
I’m back to monitoring and logging tcp port 445 which has identified several positive hits.
Any chance the May month will be added on the http://www.epicwinrar.com/conficker/ site? Just curious. Thanks for all of your hard work this is great. I really needed to get this under control most of our users that are infected are hotel guests on our ISP.
Thanks again for you hard work.
-Sincerely,
DesertAdmin
lots of sys admin mostly in hotel combating this conficker hahaha!!!
i work also here as a sys admin one of the resort hotel of boracay island philippines, i notice if the guess connect to my hotspot and later on conficker will infect the host 
http://www.epicwinrar.com/conficker/domains.txt
The full list is there, I just havent’ had time to split them up into days and seeing as I’m not a coder I can’t just whip something up to do it for me
You just need to export them in a format similar to the previous files you can see in there and upload it to your own hosting then modify the script to suit, or if someone else is willing to do them for me and attach here or email to me I’ll upload them.
I might get around to looking at it later tonight (7 hours away) but i can’t gurantee anything sorry.
Regards,
omega-00
I finished the rest of the month of May in the format you have. Could you post them on to your site?
If so let me know your email address so that I can send them to you. Thanks. Send me a private msg. Thanks
-Sincerely,
DesertAdmin
i got sooo rickrolled just now
Mybad 
While you’re here can you get
:resolve
fixed pleeeeease
sings never gonna give you up!