Hey folks feeding the SpamAssassin spamtraps,
Last week I started forwarding SpamAssassin spamtrap data to the OPM dnsbl
analysis trap, with excellent results! Check it out... number 1 with a
bullet ;)
--j.
------- Forwarded Message
Date: 26 Jan 2003 07:30:07 +0000
From: Blitzed OPM Stats Thingy
Subject: [opm] Weekly Blitzed OPM Stats
Top 10 Open Proxy Reporters
Rank Proxies Reporter Type
-----------------------------------------------------------------------------
1 2958 SpamAssassin spamtrap
2 1598 IECC spamtrap
3 1458 irc1.us.ircnet.net (IRCNet) bopm
4 1338 irc.inet.tele.dk (EFnet) bopm
5 987 sackheads spamtrap
6 542 Andy Smith spamtrap
7 509 GALP spamtrap
8 349 NETGlobalis.irc.cl (irc.cl) bopm
9 277 axenet.org bopm
10 263 irc.inter.net.il (EFnet) bopm
A 'spamtrap' reporter gathers the addresses of possible open proxies from
unsolicited bulk email (UCE, spam, etc.) they have received. Most spamtrap
reporters bounce these emails to Blitzed so that Blitzed may process them.
Some, however, do process the emails themselves.
A 'bopm' reporter gathers addresses from nominations triggered when a client
using an open proxy connects to an Internet Relay Chat network protected by
the Blitzed Open Proxy Monitor or other similar software.
�
Breakdown of Open Proxy Types
Rank Proxies Type
-----------------------------------------------------------------------------
1 10465 HTTP CONNECT
2 7943 HTTP POST
3 5101 SOCKS v4
4 3192 SOCKS v5
5 369 Router
6 336 WinGate
WinGate - Commercial proxy software that offers basic telnet proxying.
SOCKS - Well-established proxy protocol for transparent TCP
connections to arbitrary ports.
HTTP CONNECT - How HTTP proxies support SSL connections. Can be used to
create a transparent TCP connection to arbitrary ports.
HTTP POST - Insecure proxying of POST method for HTML forms. Limited to
a single data payload and response, but can still be abused.
Router - Cisco routers with a default password, and pretty much
anything else that allows itself to be used as a telnet
proxy.
In both the above tables, "Proxies" refers to the number of insecure proxies
known to have been abused. Currently, Blitzed OPM knows of 13398 actively
abused proxies, and 43731 more IP addresses which once hosted insecure proxies
but have since been certified secure.
�
Top 10 Worst Open Proxy Offenders by AS Number
Rank Proxies Description ASN
-----------------------------------------------------------------------------
1 83 FLAG customers route - NOT maintained by FLAG AS9155
2 78 Red asignada a TASA AS22927
3 66 VSNL-DISHNET DELHI Routes AS10199
4 48 Terra Networks - Chile AS7418
5 46 Telefonica Mundo - Telsur AS14117
6 44 Proxy-registered route object for Sprint :-) AS5511
7 42 telentente-cust AS8151
8 41 Proxy-registered route object for Sprint :-) AS7738
9 35 UUNETDE-AGG-139.4 AS702
10 34 Verestar AS11908
_______________________________________________
opm-talk mailing list
[EMAIL PROTECTED]
http://lists.blitzed.org/listinfo/opm-talk
------- End of Forwarded Message
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
