Wednesday, August 18, 2010

Hello World!

We have been pretty quiet recently.

In fact, we spent some time over the last two weeks digging into our mail logs, extracting IP addresses, locating their origins, checking and validating their behaviours, and prepare a report for our internal use.

Now we present you one of the pie charts from the report.

Top 15 Helos

Now, the funny part is, other than a few countries that we know we have business with, there are somehow tons of SMTP helos coming from all over the world. If you are looking for numbers, it is actually 21764 unique IP addresses from 168 countries.

Out of all traffics coming into the server, there are some obvious illegitimate sources (58.94%) such as Egypt, Nigeria, Ukraine, Kazakhstan, and etc. Helos originated from these sources are trying extremely hard in spoofing, requesting for relay, or acting funny in some ways (such as guessing password with brute force). It is fun to see all of their miserable attempts failed miserably.

So, what are we going to do with these script kiddies? Well, nothing at all. We do however, encourage that instead of trying hard to fail, they should really be joining some charity associations and spend their time there, which is far more meaningful.


* Data was collected on two 7-day periods, i.e. 18/Jul - 24/Jul and 01/Aug - 07/Aug.

No comments:

Post a Comment