Check out my 'hnbl' at
http://web.they.org/software/mailfun/
hnbl stats from my current log file (top 10 hits listed):
count % regex
----- ---- -----
85 1.9% ^h-\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.[a-z0-9]+\.covad\.net$
126 2.8% ^h\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}...\.shawcable\.net$
135 3.0% .*\.dyn\.optonline\.net$
148 3.3% ^ac[0-9a-f]{6}\.ipt\.aol\.com$
160 3.5% .*\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}.*\.rr\.com$
174 3.8% .*\.client2\.attbi\.com$
205 4.5%
^adsl-\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.dsl\.[a-z0-9]{4,8}\.(pac|sw)bell\.net$
246 5.4% ^pcp\d+pcs\..*\.comcast\.net$
371 8.2% .*dip\.t-dialin\.net$
399 8.8% .*\.client\.comcast\.net$
4521 Total
2004-01-14 23:40:53.917574500
2004-01-19 16:30:05.112430500
I love watching the hits come in waves from ISPs around the globe. Its
almost intersting to see just how wide-spread the spam-trojan infection
is.
-Frank
On Tue, 20 Jan 2004, Peter J. Holzer wrote:
# Is there a plugin which matches client hostnames
# ($qp->connection->remote_host) against a regexp to block them?
#
# Given that lots of spam sources are hosted at comcast and other
# providers with easily identifyable naming schemes that might be useful.
# It's easy to write but I'd like to avoid reinventing the wheel.
#
# hp
#
#
--
Nobody snuggles with Max Power. You strap yourself in and feel the "G"s!
