I use both fake open relay and greylisting to detect botnets and compile their IP list. But only fake open relay has non-zero blocked spams. The reason: acting as open relay, it has to accept everything in its SMTP port. My greylisting never accept spam. It either rejects the mail temporarily, or if the sender retries, rejects the recipients permanently. I only count spam accepted as "blocked spam."
This might cause some discrepancies between different lists. If a certain country is mostly detected by greylisting, it might be high on the country list, but no so high on lists of both blocked spams and blocked recipients. I did not forsee this problem when I started incorporating greylisting into my statistics.
I do not intend to change my way of counting for the time being.
detection period: 2011-05-01 00:00 - 2011-05-31 23:59 UTC
total number of suspected botnet IPs: 46494
number of blocked spams: 2036931
recipient count of blocked spams: 63221233
The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
Rank | Country | # of suspected botnet IPs |
---|---|---|
1 | China | 15696 |
2 | Taiwan | 6309 |
3 | India | 4851 |
4 | Russian Federation | 2235 |
5 | Brazil | 1905 |
6 | South Korea | 1638 |
7 | Ukraine | 1073 |
8 | Indonesia | 988 |
9 | Viet Nam | 943 |
10 | Argentina | 774 |
11 | Pakistan | 625 |
12 | United States | 616 |
13 | Poland | 516 |
14 | Belarus | 439 |
15 | Colombia | 391 |
16 | Romania | 350 |
17 | Kazakhstan | 335 |
18 | Chile | 317 |
19 | Spain | 308 |
20 | Serbia | 296 |
21 | Philippines | 256 |
22 | Saudi Arabia | 253 |
23 | Germany | 220 |
24 | Peru | 216 |
25 | Morocco | 195 |
The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:
Rank | Country | # of blocked spams |
---|---|---|
1 | China | 556899 |
2 | Taiwan | 243573 |
3 | Brazil | 193970 |
4 | Russian Federation | 92351 |
5 | United States | 91660 |
6 | India | 86549 |
7 | France | 67563 |
8 | Colombia | 62517 |
9 | Indonesia | 34684 |
10 | Germany | 34366 |
11 | Thailand | 31767 |
12 | Mexico | 31042 |
13 | Ukraine | 30977 |
14 | Poland | 25883 |
15 | South Korea | 24982 |
16 | Iran | 23624 |
17 | Argentina | 23285 |
18 | Italy | 19292 |
19 | Philippines | 18619 |
20 | Kazakhstan | 16441 |
21 | Canada | 16370 |
22 | Singapore | 16190 |
23 | Chile | 16117 |
24 | Viet Nam | 12880 |
25 | Hong Kong | 12554 |
The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:
Rank | Country | recipient count of blocked spams |
---|---|---|
1 | China | 14265994 |
2 | Taiwan | 6720196 |
3 | Brazil | 6655135 |
4 | United States | 3162593 |
5 | Russian Federation | 3129275 |
6 | India | 2961235 |
7 | France | 2356125 |
8 | Colombia | 2144002 |
9 | Germany | 1186905 |
10 | Indonesia | 1164338 |
11 | Mexico | 1079780 |
12 | Thailand | 1062320 |
13 | Ukraine | 1047584 |
14 | Poland | 841282 |
15 | South Korea | 836183 |
16 | Iran | 797950 |
17 | Argentina | 790602 |
18 | Italy | 670122 |
19 | Philippines | 649631 |
20 | Singapore | 565605 |
21 | Canada | 556573 |
22 | Kazakhstan | 553643 |
23 | Chile | 551695 |
24 | Hong Kong | 435970 |
25 | Japan | 430650 |
The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
Rank | Network | # of suspected botnet IPs |
---|---|---|
1 | HINET-NET | 6077 |
2 | CHINANET-GD | 4961 |
3 | BSNLNET | 2415 |
4 | UNICOM-HA | 2408 |
5 | CTTNET | 2051 |
6 | UNICOM-GD | 1515 |
7 | KORNET-KR | 884 |
8 | CRTC | 858 |
9 | UNICOM-BJ | 668 |
10 | VNPT-VNNIC-VN | 595 |
11 | PTCL | 569 |
12 | CHINANET-JS | 553 |
13 | TELKOMNET | 471 |
14 | RCOM | 442 |
15 | UKRTELNET | 430 |
16 | BHARTI-IN | 406 |
17 | AR-TEAR7-LACNIC | 403 |
18 | 002.558.134/0001-58 | 383 |
19 | BY-BELPAK-20091210 | 358 |
20 | 000.065.376/0002-65 | 324 |
21 | TATACOMM-IN | 300 |
22 | 002.558.157/0001-62 | 275 |
23 | MTNLISP | 254 |
24 | 076.535.764/0326-90 | 224 |
25 | CHINANET-SH | 192 |
The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:
Rank | Network | # of blocked spams |
---|---|---|
1 | HINET-NET | 228134 |
2 | CHINANET-ZJ-WZ | 116289 |
3 | CHINANET-GD | 50592 |
4 | UNICOM-GD | 47502 |
5 | CO-ACSA-LACNIC | 42253 |
6 | CHINANET-ZJ | 40865 |
7 | CHINANET-JS | 35032 |
8 | OVH | 31998 |
9 | 000.065.376/0002-65 | 30078 |
10 | UNICOM-SD | 29891 |
11 | FR-OVH-20060920 | 29071 |
12 | 033.530.486/0001-29 | 27686 |
13 | 003.420.926/0002-05 | 26243 |
14 | RCOM | 17325 |
15 | TATACOMM-IN | 15364 |
16 | 002.558.157/0001-62 | 15303 |
17 | BSNLNET | 15245 |
18 | 004.027.547/0001-31 | 14157 |
19 | 002.558.134/0001-58 | 13966 |
20 | UNICOM-HA | 12935 |
21 | TELKOMNET | 12074 |
22 | THAINET-TH | 11988 |
23 | CHINANET-JX | 11858 |
24 | CHINANET-AH | 10690 |
25 | CHINANET-SH | 10367 |
The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:
Rank | Network | recipient count of blocked spams |
---|---|---|
1 | HINET-NET | 6263385 |
2 | CHINANET-ZJ-WZ | 1782063 |
3 | CO-ACSA-LACNIC | 1473929 |
4 | CHINANET-GD | 1380910 |
5 | CHINANET-JS | 1185468 |
6 | OVH | 1119645 |
7 | 000.065.376/0002-65 | 1043476 |
8 | FR-OVH-20060920 | 1014718 |
9 | UNICOM-SD | 967811 |
10 | 033.530.486/0001-29 | 956293 |
11 | CHINANET-ZJ | 945880 |
12 | 003.420.926/0002-05 | 903726 |
13 | RCOM | 597857 |
14 | TATACOMM-IN | 532914 |
15 | 002.558.157/0001-62 | 521188 |
16 | BSNLNET | 516173 |
17 | 004.027.547/0001-31 | 489296 |
18 | 002.558.134/0001-58 | 478172 |
19 | UNICOM-HA | 418453 |
20 | TELKOMNET | 414404 |
21 | THAINET-TH | 410271 |
22 | CHINANET-JX | 390436 |
23 | CHINANET-AH | 373580 |
24 | CHINANET-SH | 354330 |
25 | IT-IUNET-961209 | 352398 |
No comments:
Post a Comment