Back to the articleDemand #
Posted Thursday 8th November 2007 16:07 GMT
IP range please.
Controversial Russian Business Network drops offline
Upstream ISPs should act quicker #
Posted Thursday 8th November 2007 16:10 GMT
The upstream ISPs shouldn't have waited until the Washington Post started running articles about the problem. One would hope that ISPs would be more dilligent about ditching offenders like RBN.
Of course, if RBN moves to China, the ISPs there could fall foul of Beijing's head-rolling policy. This year the Chinese authorities executed a fellow for unauthorized use of the Chinese Olympics logo on pirated Windows CDs. Perhaps after a few heads roll the Chinese ISPs will boot RBN out, too.
Block their IP on every Router #
Posted Thursday 8th November 2007 18:56 GMT
Just block their networks on every border router you have (as we do) will sort that problem by it self.
Hoooray... #
Posted Thursday 8th November 2007 18:56 GMT
As a web site administrator who's usually faced with many fake registrations, which mostly push porn, drugs, dodgy loans and so on, I've noticed a big fall off in these registrations in the last couple of days.
Hopefully these guys will be off line for ever. (Wishful thinking I fear).
IP Addresses for the RBN #
Posted Thursday 8th November 2007 18:56 GMT
http://it.slashdot.org/comments.pl?sid=327367&cid=20971557
Slashdot had a story about this. The linked comment is a complete list of the IP ranges turned into a list of iptables commands.
Interesting... #
Posted Thursday 8th November 2007 18:56 GMT
On reading this i checked my spam box - and lo and behold i havn't had 'your account was accessed/blocked' emails from natwest bank/(royal) bank of scotland today - normally i get about 15-20 of them.
(I'm not a customer of either bank which makes it slightly amusing)
This may be like playing.... #
Posted Thursday 8th November 2007 19:37 GMT
...Wackomole. My web forum has been getting signup requests from the Panama Branch of the RBN. IP range is 81.95.148.0 - 81.95.151.255. Do a 'whois' on that range and see details.
DROPRBN #
Posted Thursday 8th November 2007 22:53 GMT
cat /etc/firewall/DROPRBN
#!/bin/bash
/usr/bin/curl -s http://www.spamhaus.org/drop/drop.lasso |/bin/grep ^[1-9]|/usr/bin/cut -f 1 -d ' ' |/usr/bin/xargs -iX -n 1 /sbin/iptables -A INPUT -s X -i eth0 -j DROP
spammers #
Posted Friday 9th November 2007 07:49 GMT
Take a look at www.fspamlist.com, especially under export.
RBN Offline Really? #
Posted Friday 9th November 2007 12:12 GMT
I must admit sometimes I get really depressed about the standard of journalism and commercial bias with Internet security issues nowadays.
What started as Washington Post blog article concerning the dropping of “some” RBN IP addresses and another “regular” shift of their operation bases. Within 48 hours Trend Micro reporting the RBN has “no” internet connectivity, to grab a few clicks and as Johnny Come Lately hint to claim the credit, here The Register just copies this fabricated story.
For Anonymous Coward, the reason there has been a drop off over the last few days is Bleeding Threats RBN blacklist going into operation, http://doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork
Just yesterday for example the on average 130,000 internet users per day still visited the RBN’s fake, anti-spyware and anti-malware products http://rbnexploit.blogspot.com/2007/11/rbn-fake-tools-rogue-software-bank-of.html .
How come? The RBN have been using alternative DNS routing and name servers for four years.
So everyone now believes 60-70% of all the current online exploits have gone away? Who gains by this stupidity? – Ah... Trend Micro, Symantec, MS$, security journalists? et. al . – Come on you mugs keep buying the products which can maybe put your PC right “after” exploitation!
@Double Dekkers #
Posted Friday 9th November 2007 14:16 GMT
You know, the guy who can understand what you wrote and what to do with it probably doesn't need to read it here in the first place.
Could someone translate that into English ?
This isn't a real hit for RBN... #
Posted Friday 9th November 2007 14:16 GMT
Lets face it, they have more assigned IP's than just this one AS which doesn't get peered anymore.
AS40989 is gone, true:
http://www.cidr-report.org/cgi-bin/as-report?as=AS40989
Which gets rid of AS28866 (AkiMon), another of there networks, but what about AS41731/AS41173? They have a loads of ASN's, and simply blocking one range isn't going to really help.
This really isn't the last we will hear!
@Pascal Monett #
Posted Friday 9th November 2007 16:19 GMT
Actually, I never thought of it so it's good to read it here :)
It downloads the "Spamhaus Don't Route Or Peer List" parses the IP addresses and adds them to the firewall.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- New storage architectures make SSDs more cost-effective
High-performance, cost-efficient storage infrastructures - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Buyer's Guide: ERP Systems
ERP, a strategic investment - Comparison Guide: IP Phones
Exact details on specific IP Phone features such as function buttons, display resolution, weight and price - Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Initial investment payback analysis summary report - System x iDataPlex Brochure
Keep up with power required for Web2.0, HPC and corporate data processin
