I have been trying to detect botnets with greylisting recently. Today I sent a small batch of botnet notification based on greylisting's detection for the first time. Fake open relay will still be my primary detection mechanism. Greylisting will be used only for those bots not reported by fake open relay. The following statistics does not include bots detected by greylisting.
detection period: 2011-02-01 00:00-23:59 UTC
total number of suspected botnet IPs: 881
number of botnet IPs notified to network operators: 719
number of blocked spams: 170267
recipient count of blocked spams: 3523360
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | HINET-NET | 231 |
| 2 | CHINANET-GD | 144 |
| 3 | CHINANET-ZJ-WZ | 22 |
| 4 | RCOM | 17 |
| 5 | BSNLNET | 14 |
| 6 | 003.420.926/0002-05 | 10 |
| 7 | CHINANET-ZJ | 9 |
| 8 | 002.558.157/0001-62 | 9 |
| 9 | KORNET-KR | 7 |
| 10 | INTER-SAT | 7 |
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 259 |
| 2 | Taiwan | 236 |
| 3 | India | 57 |
| 4 | Brazil | 53 |
| 5 | Russian Federation | 46 |
| 6 | United States | 24 |
| 7 | Colombia | 19 |
| 8 | Indonesia | 16 |
| 9 | Poland | 14 |
| 10 | South Korea | 14 |
No comments:
Post a Comment