You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/11/19 06:01:24 UTC
Top 10 ASN and CIDR's for 18 Nov
Seems the huge network of compromised machines that started earlier this
month are still going strong and appears to be growing. My spam input has
grown today by about 700%. Below are the top ASN's and CIDR's for todays
run:
Report date: Sat Nov 18 22:52:53 CST 2006
Total spams: 543
Total ASNs: 143
Rank Cum % Pct Spams ASN Description
---- ------ ---- ----- ----- -------------
1 28.9% 28.9% 157 4766 KIXS-AS-KR Korea Telecom
2 40.1% 11.2% 61 4134 CHINANET-BACKBONE No.31,Jin-rong Street
3 49.2% 9.0% 49 4713 OCN NTT Communications Corporation
4 54.1% 5.0% 27 4837 CHINA169-BACKBONE CNCGROUP China169
Backbone
5 56.7% 2.6% 14 9304 HUTCHISON-AS-AP Hutchison Global
Communications
6 58.2% 1.5% 8 9318 HANARO-AS Hanaro Telecom Inc.
6 59.7% 1.5% 8 17858 KRNIC-ASBLOCK-AP KRNIC
8 61.0% 1.3% 7 1680 NetVision Ltd.
9 62.1% 1.1% 6 2510 JPNIC-ASBLOCK-AP JPNIC
9 63.2% 1.1% 6 4716 POWEREDCOM KDDI Corporation
Report date: Sat Nov 18 22:53:00 CST 2006
Total spams: 543
Total CIDRs: 143
Rank Cum % Pct Spams CIDR AS & Description
---- ------ ---- ----- ----------------- ----------------
1 7.4% 7.4% 40 222.96.0.0/12 4766 KIXS-AS-KR Korea
Telecom
2 13.4% 6.1% 33 221.144.0.0/12 4766 KIXS-AS-KR Korea
Telecom
3 16.2% 2.8% 15 222.112.0.0/13 4766 KIXS-AS-KR Korea
Telecom
4 18.8% 2.6% 14 59.0.0.0/11 4766 KIXS-AS-KR Korea
Telecom
5 21.0% 2.2% 12 220.120.0.0/13 4766 KIXS-AS-KR Korea
Telecom
6 22.5% 1.5% 8 124.96.0.0/13 4713 OCN NTT Communications
Corporation
7 23.8% 1.3% 7 89.138.0.0/15 1680 NetVision Ltd.
7 25.0% 1.3% 7 122.16.0.0/12 4713 OCN NTT Communications
Corporation
9 26.2% 1.1% 6 218.144.0.0/12 4766 KIXS-AS-KR Korea
Telecom
9 27.3% 1.1% 6 220.80.0.0/13 4766 KIXS-AS-KR Korea
Telecom
9 28.4% 1.1% 6 220.92.0.0/14 4766 KIXS-AS-KR Korea
Telecom
9 29.5% 1.1% 6 221.184.0.0/13 4713 OCN NTT Communications
Corporation
Note: I thought I'd post this for anyone interested in where most of this
stuff is coming from.
--
Chris
Re: Top 10 ASN and CIDR's for 18 Nov
Posted by Matthias Leisi <ma...@leisi.net>.
Mick Pollard wrote:
> Chris wrote:
>> Seems the huge network of compromised machines that started earlier
>> this month are still going strong and appears to be growing. My spam
>> input has grown today by about 700%. Below are the top ASN's and
>> CIDR's for todays run:
>>
>> Report date: Sat Nov 18 22:52:53 CST 2006
>> Total spams: 543
>> Total ASNs: 143
>
> Just out of curiosity, what do you use to compile these stats ?
Only partially related to Chris' stats, but on the same topic: I wrote
an experimental SA plugin to add an X-Spam-ASN: header. Download at
http://matthias.leisi.net/archives/174-ASN-and-SpamAssassin.html
It's rather crude: parsing the generated _REPORT_ to get at the result
of a TXT query on the asn.routeviews.org zone. I would welcome hints for
a more elegant solution.
-- Matthias
Re: Top 10 ASN and CIDR's for 18 Nov
Posted by Mick Pollard <li...@lunix.com.au>.
Chris wrote:
> Seems the huge network of compromised machines that started earlier this
> month are still going strong and appears to be growing. My spam input has
> grown today by about 700%. Below are the top ASN's and CIDR's for todays
> run:
>
> Report date: Sat Nov 18 22:52:53 CST 2006
> Total spams: 543
> Total ASNs: 143
>
>
Hi,
Just out of curiosity, what do you use to compile these stats ?
Regards
Mick Pollard
Head Geek
Lunix Solutions