Looking at Greylist and Incidents Statistics, March data seem to be quite stable in comparison with the previous month. The total count of incidents did not drop significantly from February as the difference is about 100k incidents. The total number of incidents in February, divided by the number of days in the month and then multiplied by 30.36 (average number of days in a month) is 20,543,356.40. For March, using the same rules, we get 20,461,799.03.
We can see that there are many port hits probably caused by Transmission BitTorrent client again. But this time it is not the API, but the default port used for data transfers. Other commonly used ports for connecting BitTorrent clients (6881, 6889) are also on top. That makes sense. Misconfigured clients can attract a lot of different IPs that will eventually get stopped on firewall. But apart from that, we see once again a rising popularity of searching for open ports belonging to Windows shares. The previous analysis prompted us to take the opportunity to rework the list of port descriptions. We decided to add entries that are not listed on Wikipedia. From now on, we will fill in additional details in the table whenever we find a probable cause that made the port appear in our statistics.
The number of tries for popular passwords dropped significantly. No idea why. Even the Iranian network that is trying random passwords is slowed down. But they are still there, although due to being less active, we got some expected passwords back in the top of the chart.