AS4134 CHINANET-BACKBONE China Telecom Spam

11Oct09

According to Spamcop’s Top 200 targets of spam reports, many of China Telecom’s IPs are top spam senders. Andrzej Filip posts these stats in a daily basis on the Usenet newsgroup: NANAE (news.admin.net-abuse.email), as noted here. I am posting a bit of his post below, but not the entire entry:

Top 200 targets of spamcop.net spam reports
For *the week* ending Sun Oct 11 07:04:14 2009 UTC
– —————————————————-
Total spamcop.net spam reports volume: 149533216
Top200 share of all spamcop.net spam reports: 1.36% (2035629/149533216)
The worst country: 39.5% CN [CHINA]
The worst ASN: 19.0% AS4134 (CN)
The worst prefix: 16.0% 125.104.0.0/13 (CN AS4134)
The worst IP: 125.110.99.59 (CN AS4134 125.104.0.0/13)

*Top 5 IP Adresses (The Dirtiest Dozen)*
#IP;ASN;prefix;spamcop.net spam reports;age;duration;Country
#reverse DNS

1 125.110.99.59 AS4134 125.104.0.0/13 80833 3.4 d 4.0 d CN

2 125.110.99.211 AS4134 125.104.0.0/13 80358 3.4 d 4.0 d CN

3 125.110.114.61 AS4134 125.104.0.0/13 56616 3.4 d 3.9 d CN

4 125.110.102.112 AS4134 125.104.0.0/13 55744 3.0 h 3.1 d CN

5 125.110.99.152 AS4134 125.104.0.0/13 45731 3.4 d 3.9 d CN

As you see above, this netblock owner is a very large spam origin offender and has been for quite some time (spamming several years now). The top 5 spamming IPs are within the 125.104.0.0/13 range.

The WHOIS information on this China Telecom is:

inetnum:      125.110.0.0 - 125.110.255.255
netname:      CHINANET-ZJ-WZ
country:      CN
descr:        CHINANET-ZJ Wenzhou node network
descr:        Zhejiang Telecom
admin-c:      CZ4-AP
tech-c:       CW27-AP
status:       ALLOCATED NON-PORTABLE
changed:      auto-dbm@dcb.hz.zj.cn 20061031
mnt-by:       MAINT-CHINANET-ZJ
mnt-lower:    MAINT-CN-CHINANET-ZJ-WZ
source:       APNIC

role:         CHINANET ZHEJIANG
address:      No.378 Yan'an Road,Hangzhou,Zhejiang.310006
country:      CN
phone:        +86-571-87080702
fax-no:       +86-571-87027816
e-mail:       antispam@dcb.hz.zj.cn
trouble:      send spam reports to antispam@dcb.hz.zj.cn
trouble:      and abuse reports to antispam@dcb.hz.zj.cn
trouble:      Please include detailed information and times in UTC
admin-c:      CZ61-AP
tech-c:       CZ61-AP
nic-hdl:      CZ4-AP
remarks:      http://www.zjtelecom.com.cn
mnt-by:       MAINT-CHINANET-ZJ
changed:      hjh@dcb.hz.zj.cn 20050914
source:       APNIC

role:         CHINANET-ZJ Wenzhou
address:      No.2-1 Huancheng Road(East),Wenzhou,Zhejiang.325000
country:      CN
phone:        +86-577-88818629
fax-no:       +86-577-88818635
e-mail:       anti_spam@wz.zj.cn
trouble:      send spam reports to anti_spam@wz.zj.cn
trouble:      and abuse reports to anti_spam@wz.zj.cn
trouble:      Please include detailed information and times in UTC
admin-c:      CH117-AP
tech-c:       CH117-AP
nic-hdl:      CW27-AP
mnt-by:       MAINT-CHINANET-ZJ
changed:      master@dcb.hz.zj.cn 20031204
source:       APNIC

According to FixedOrbit, this provider AS4134 has over 70 million IP addresses, so it is definitely one of the largest of all internet networks. The CIDR report on AS4134 shows us its IP ranges, quite a few listed. At the Internet Storm Center, where users can voluntarily submit log files from their firewalls, AS4134 has a lot of malicious activity reported.

Another blog worth reading about the “Spam Crisis in China” is that of Gary Warner’s.

Advertisements


No Responses Yet to “AS4134 CHINANET-BACKBONE China Telecom Spam”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: