I decommissioned one of my vpses yesterday, as its billing period will be up today. So I have only two detection systems in operation for the time being. I also got hold of some domains suitable for greylisting last week. A lot of work need to be done before I can detect botnet computers with greylisting, but I have high hope for its detection capability.
detection period: 2010-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 2428
number of botnet IPs notified to network operators: 2013
number of blocked spams: 132822
recipient count of blocked spams: 4440382
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | HINET-NET | 529 |
| 2 | BSNLNET | 363 |
| 3 | AR-TEAR7-LACNIC | 76 |
| 4 | UKRTELNET | 52 |
| 5 | RCOM | 41 |
| 6 | 002.558.134/0001-58 | 40 |
| 7 | TRUENET | 36 |
| 8 | KORNET-KR | 35 |
| 9 | 000.065.376/0002-65 | 32 |
| 10 | TATACOMM-IN | 30 |
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country | # of suspected botnet IPs |
|---|---|---|
| 1 | Taiwan | 544 |
| 2 | India | 507 |
| 3 | China | 233 |
| 4 | Russian Federation | 181 |
| 5 | Brazil | 177 |
| 6 | Argentina | 135 |
| 7 | Thailand | 117 |
| 8 | Ukraine | 79 |
| 9 | South Korea | 53 |
| 10 | United States | 32 |
No comments:
Post a Comment