[79318] in North American Network Operators' Group
Re: botted hosts
daemon@ATHENA.MIT.EDU (Petri Helenius)
Sun Apr 3 13:12:12 2005
Date: Sun, 03 Apr 2005 20:12:08 +0300
From: Petri Helenius <pete@he.iki.fi>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Nanog <nanog@nanog.org>
In-Reply-To: <Pine.LNX.4.44.0504031733500.17446-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog@merit.edu
Stephen J. Wilcox wrote:
>On Sun, 3 Apr 2005, Petri Helenius wrote:
>
>
>
>>I run some summaries about spam-sources by country, AS and containing
>>BGP route.
>>These are from a smallish set of servers whole March aggregated.
>>Percentage indicates incidents out of total.
>>Conclusion is that blocking 25 inbound from a handful of prefixes would
>>stop >10% of spam.
>>
>>
>
>and your second highest is 4.0.0.0/8 your advice is blocking it would help your
>email?
>
>
>
The abuse from 4/8 seems to be coming from the first quarter of the
address space. To be fair, 24.0.0.0/8 should get equal treatment to
4.0.0.0/8, whichever the reader feels appropriate.
There are worse populations on other /8's but none of them are
controlled by a single entity.
Pete
>Steve
>
>
>
>>+---------+------+
>>| 26.8013 | US |
>>| 25.6489 | KR |
>>| 11.2896 | CN |
>>| 4.3139 | FR |
>>| 2.8045 | BR |
>>
>>+---------+----------+
>>| 11.3916 | 4766 |
>>| 6.3791 | 9318 |
>>| 5.1094 | 4134 |
>>| 3.3910 | 7132 |
>>| 3.1717 | 29963 |
>>
>>+--------+------------------+
>>| 2.0754 | 207.182.144.0/20 |
>>| 1.7184 | 4.0.0.0/8 |
>>| 1.3054 | 82.224.0.0/11 |
>>| 1.1116 | 221.144.0.0/12 |
>>| 1.0963 | 207.182.136.0/21 |
>>| 0.9943 | 61.78.37.0/24 |
>>| 0.9586 | 218.144.0.0/12 |
>>| 0.9484 | 222.96.0.0/12 |
>>| 0.7394 | 222.65.0.0/16 |
>>| 0.7343 | 211.200.0.0/13 |
>>
>>Pete
>>
>>
>>
>>
>
>
>
