In this context, 'ASN' stands for 'Autonomous System Number'; broadly speaking, this tells us who is responsible for a particular IP address (or, technically speaking, who is ultimately responsible for getting IP packets to it).

There's a number of who other ways to tell who owns an IP address (querying whois.arin.net and then other registrars, for example), but there are two attractions of ASNs for this purpose:

• there are comprehensive IP to ASN databases that are easily queried by relatively simple programs. All of the other IP ownership lookup things are much harder to use.
• since an IP address's ASN determines how packets get to it, it's necessary to get it right. By contrast, nothing usually breaks if a registry's IP ownership information is out of date or outright wrong.

Chris's Nth law of information sources is 'if it doesn't have to be accurate for things to keep working, sooner or later it won't be'. (There is a well-known application of this to comments in source code.)

Instead of trying to run the numbers by frequency of attempted connection, I've looked here at how many different IP addresses from each ASN have been rejected at connection time by us over the past 28 and some change days. This is a good indication of how widespread of a problem a particular ASN is to us.

# of different IPs	ASN	(owner)
2831	AS4766	Korea Telecom
1580	AS9318	Hanaro Telecom (Korea)
1323	AS4837	CNCGROUP China169 Backbone
951	AS6478	AT&T WorldNet Services
777	AS4134	CHINANET-BACKBONE
775	AS19262	Verizon Internet Services
706	AS33287	Comcast Cable Communications, Inc.
650	AS22909	Comcast Cable Communications, Inc.
595	AS6830	UPC Distribution Services (Europe)
512	AS7738	Telecomunicacoes da Bahia S.A. (Brazil)
512	AS7018	AT&T WorldNet Services
499	AS9277	THRUNET (Korea)
488	AS17676	Softbank BB Corp. (Japan)
481	AS3786	DACOM Corporation (Korea)
480	AS20115	Charter Communications
479	AS22047	VTR BANDA ANCHA S.A. (Chile)
474	AS12322	Proxad ISP (France)
428	AS5617	TPNET Polish Telecom
415	AS10318	CABLEVISION S.A. (Argentina)
411	AS9304	Hutchison Global Communications (Hong Kong)

Some organizations have multiple ASNs for various reasons, as you can see with Comcast and AT&T Worldnet.

Korea is our largest problem source, followed rapidly by China. UPC is the 'chello.*' people, eg chello.nl, chello.at, and so on, who are a Europe-wide plague of zombies.

Part of this is entirely predictable; because we expect little legitimate email from the Far East (and to a lesser extent Europe), I am far more willing to be aggressive when blocking those areas, and it is not surprising that they score high in the list. (Significant swatches of China don't even get as far as connect-time rejection, as they're blocked by kernel IP filters.)

I suppose the most solid conclusion I can take away from this is that our problems come from all over. Just in the top-20 list alone we've hit most of the world's general areas with decent network infrastructure.