North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

advise on network security report

  • From: Rick Wesson
  • Date: Mon Oct 30 11:54:59 2006


I would appreciate a bit of advise on a service I am about to deploy. I've spoken at different venues (including nanog) on global infection rates of bots and the general degradation of well behaved hosts.

I now track around 2.2M abuse events per day and now have the capability to produce reports for the community on which networks have the largest problems. I am prepared to make reports monthly to the community ordering networks by their volume of issues.

I'd like some hints of which might be the most valuable to the community.

o are hosts counts or issue counts more important

o is a 7 or 30 day window sufficient for aggregation?

o I'm not repaired for graphs yet so don't go there.

o should I post sub-reports for regions, by RIR?

o which kinds of abuse are more interesting.

I'm expecting to post a weekly report once a month to nanog, would this be disruptive? We have a mailing list set up for weekly reports, once finalized I'll post the location for its list manager.

The global report usually has about 6,000+ networks, the top 100 from last week are below.

again, thanks for your feedback.


-rick


Table 1. Networks with abuse, ordered by #incidents
+-------+-----------+------+-------------------------------------+
| asn | incidents | cc | left(asname,35) |
+-------+-----------+------+-------------------------------------+
| 4134 | 517830 | CN | CHINANET-BACKBONE |
| 9121 | 331955 | EU | TTNet |
| 4837 | 289984 | CN | CHINA169-Backbone |
| 3320 | 231516 | DE | Deutsche Telekom AG |
| 3352 | 211504 | ES | TELEFONICA-DATA-ESPANA Internet Acc |
| 5617 | 194685 | PL | TPNET |
| 3215 | 181686 | FR | AS3215 |
| 3269 | 175858 | EU | ASN-IBSNAZ |
| 4766 | 129722 | KR | KIXS-AS-KR |
| 19262 | 125003 | US | Verizon Internet Services |
| 8551 | 116014 | EU | ISDN-NET-AS |
| 3209 | 94981 | DE | UNSPECIFIED |
| 3462 | 82089 | TW | HINET |
| 9829 | 80538 | IN | BSNL-NIB |
| 8151 | 79223 | EU | Uninet S.A. de C.V. |
| 8359 | 73640 | RU | MTUONLINE |
| 5486 | 65757 | EU | Euronet Digital Communications |
| 12322 | 65638 | FR | PROXAD AS for Proxad ISP |
| 4788 | 53863 | MY | TMNET-AS-AP |
| 9116 | 53375 | IL | Goldenlines main autonomous system |
| 4814 | 52712 | CN | CHINA169-BBN |
| 22927 | 51899 | AR | Telefonica de Argentina |
| 4812 | 46462 | CN | CHINANET-SH-AP |
| 1680 | 45848 | IL | NETVISION |
| 9105 | 44450 | UK | TISCALI-UK |
| 15557 | 42792 | FR | LDCOMNET |
| 9498 | 42774 | IN | BBIL-AP |
| 8584 | 41914 | US | Barak AS |
| 2856 | 41820 | EU | BT-UK-AS |
| 13184 | 41688 | DE | HANSENET HanseNet Telekommunikation |
| 9318 | 40930 | KR | HANARO-AS |
| 12479 | 39009 | EU | UNI2-AS Uni2 Autonomous System |
| 6147 | 38716 | US | Telefonica del Peru S.A.A. |
| 3243 | 38586 | PT | RIPE NCC ASN block |
| 6713 | 35777 | EU | IAM-AS |
| 12876 | 35068 | FR | AS12876 |
| 6739 | 32639 | ES | ONO-AS |
| 8228 | 32352 | FR | CEGETEL-AS CEGETEL ENTREPRISES |
| 1267 | 31869 | IT | ASN-INFOSTRADA Infostrada S.p.A. |
| 7418 | 30221 | EU | Terra Networks Chile S.A. |
| 5462 | 28861 | UK | CABLEINET Telewest Broadband |
| 8708 | 28236 | EU | RDSNET |
| 5430 | 27245 | DE | FREENETDE |
| 7470 | 24729 | TH | ASIAINFO-AS-AP |
| 5610 | 24279 | CZ | CZECHTELECOM CZECH TELECOM, a.s |
| 16338 | 23956 | ES | AUNA_Telecom-AS |
| 4713 | 23650 | JP | OCN NTT Communications Corporation |
| 12424 | 22932 | ES | JAZZASN Autonomous System |
| 5089 | 21322 | EU | NTL NTL Group Limited |
| 17813 | 20792 | IN | MTNL-AP Mahanagar Telephone Nigam L |
| 5483 | 20511 | EU | HTC-AS Hungarian Telecom |
| 4755 | 19673 | UK | VSNL-AS |
| 8764 | 19571 | LT | TELECOMLT-AS |
| 28725 | 18369 | CZ | CZ-EUROTEL-AS AS of Eurotel Praha |
| 6830 | 18360 | HU | UPC |
| 12542 | 17893 | PT | TVCABO Autonomous System |
| 9299 | 17854 | PH | IPG-AS-AP |
| 18101 | 17325 | IN | RIL-IDC Reliance Infocom Ltd Intern |
| 3257 | 16918 | DE | TISCALI-BACKBONE |
| 1257 | 16418 | FI | TELE2 AB |
| 8881 | 15944 | DE | VERSATEL |
| 5713 | 15566 | XX | Telkom SA Ltd. |
| 6855 | 15420 | SK | SK SLOVAK TELECOM, AS6855 |
| 9304 | 15311 | HK | HUTCHISON-AS-AP |
| 5391 | 14937 | EU | T-HT T-Com Croatia Internet network |
| 9583 | 14785 | IN | SIFY-AS-IN |
| 209 | 14678 | US | Qwest |
| 22047 | 14499 | XX | VTR BANDA ANCHA S.A. |
| 6849 | 14419 | EU | UKRTELNET |
| 24863 | 13616 | EU | LINKDOTNET-AS LINKdotNET AS number |
| 8167 | 13184 | BR | TELESC - Telecomunicacoes de Santa |
| 20838 | 12898 | ES | YIF-AS |
| 6400 | 12563 | XX | Codetel |
| 2860 | 12467 | PT | NOVIS Novis Telecom, S.A. |
| 13285 | 12347 | UK | OPALTELECOM-AS |
| 18403 | 12230 | VN | FPT-AS-AP The Corporation for Finan |
| 7132 | 12031 | US | SBC Internet Services |
| 20115 | 11683 | US | Charter Communications |
| 8452 | 11507 | EU | TEDATA TEDATA |
| 4230 | 11385 | BR | Embratel |
| 5384 | 10946 | EU | EMIRATES-INTERNET |
| 1221 | 10629 | AU | ASN-TELSTRA |
| 28573 | 10475 | BR | NET Servicos de Comunicao S.A. |
| 8866 | 10434 | BG | BTC-AS |
| 9506 | 10126 | SG | MAGIX-SG-AP |
| 8997 | 10123 | RU | ASN-SPBNIT SPBNIT-RU Autonomous Sys |
| 8404 | 9941 | EU | CABLECOM |
| 7693 | 9719 | TH | COMNET-TH |
| 12880 | 9663 | IR | DCI-AS |
| 6057 | 9432 | XX | Administracion Nacional de Telecomu |
| 8402 | 9224 | RU | CORBINA-AS |
| 6478 | 8943 | XX | AT&T WorldNet Services |
| 5603 | 8913 | SI | SIOL-NET SiOL Internet d.o.o. |
| 6327 | 8912 | CA | Shaw Communications Inc. |
| 3303 | 8823 | CH | SWISSCOM |
| 7552 | 8770 | VN | VIETEL-AS-AP Vietel Corporation |
| 11427 | 8757 | XX | Road Runner |
| 5466 | 8736 | IE | EIRCOM Eircom |
| 6799 | 8634 | GR | OTENET-GR OTEnet S.A. Multiprotocol |
| 10318 | 8526 | XX | CABLEVISION S.A. |
+-------+-----------+------+-------------------------------------+