EditAttachPrintable
r282 - 14 Dec 2011 - 12:54:45 - JamesMcQuaidYou are here: TWiki >  Main Web > AllProjects > SnortConfSamples > RussianBusinessNetwork
Russian Business Network

"Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown. Do what you will with this information." - Matt Jonkman

Emerging Threats Russian Business Network (RBN) Snort Intrusion Detection Rules:

* http://rules.emergingthreats.net/blockrules/emerging-rbn.rules

* http://rules.emergingthreats.net/blockrules/emerging-rbn-BLOCK.rules

Emerging Threats Firewall Rules:

* http://rules.emergingthreats.net/fwrules/

Russian Business Network background information compiled by JamesMcQuaid:

From JamesMcQuaid:

          RBN IP Block List:

  • RussianBusinessNetworkIPs.txt Updated 12-14-2011: IP address ranges from which the former customers of the RBN ISP, their malware marketing affiliate networks, emulators, and other organized crime groups exploit consumers. Block at will. Test for your production environment prior to utilization. In cases where a malicious domain occupies an IP address used by many domains, the IP address is not included in this list (due to false positives in Snort and Suricata). Those domains are included in the DNS Blackhole for Smoothwall at http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples

RBN IP List Update files:

Storm 2:

Crime Centric Hosting:

  • RBNRoutes.txt Dedicated criminal networks (listed in RBNRoutes.txt) 772 routes favored by criminals; roughly 10% of the entries in the RBN IP List.

  • RBNIdentities.txt Registrant nom de guerres associated malicious and infected domains (first half 2010).

From Jart Armin:

From Brian Krebs:

From Spamhaus:

From Dancho Danchev:

From David Bizeul:

From Shadowserver:

Wikipedia:

-- JamesMcQuaid - 21 June 2010

Topic attachments
I Attachment Action Size Date Who Comment
txttxt AS6851_BKCNET.txt manage 50.8 K 02 Jan 2011 - 23:04 JamesMcQuaid  
txttxt Emerging-frequent_malvertisers.txt manage 0.3 K 03 Jul 2011 - 16:23 JamesMcQuaid  
txttxt RBNIPListOptional.txt manage 1.5 K 02 Apr 2010 - 15:43 JamesMcQuaid  
txttxt RBNIdentities.txt manage 82.2 K 13 Dec 2009 - 19:26 JamesMcQuaid  
txttxt RBNRoutes.txt manage 12.5 K 10 May 2011 - 01:01 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-12-2011.txt manage 9.4 K 03 Feb 2011 - 00:55 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-18-2011.txt manage 67.5 K 03 Feb 2011 - 00:56 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-2-2011.txt manage 6.1 K 03 Feb 2011 - 01:11 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-20-2011.txt manage 8.6 K 20 Jan 2011 - 12:26 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-22-2011.txt manage 72.5 K 23 Jan 2011 - 00:06 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-23-2011.txt manage 21.2 K 23 Jan 2011 - 18:07 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-24-2011.txt manage 12.6 K 24 Jan 2011 - 12:02 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-27-2011.txt manage 5.1 K 27 Jan 2011 - 12:24 JamesMcQuaid  
txttxt RBN_IP_List_Update_1-29-2011.txt manage 28.9 K 29 Jan 2011 - 22:11 JamesMcQuaid  
txttxt RBN_IP_List_Update_10-27-2011.txt manage 2.3 K 27 Oct 2011 - 12:11 JamesMcQuaid  
txttxt RBN_IP_List_Update_10-6-2011.txt manage 7.7 K 06 Oct 2011 - 11:45 JamesMcQuaid  
txttxt RBN_IP_List_Update_11-17-2011.txt manage 0.3 K 18 Nov 2011 - 04:07 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-14-2010.txt manage 27.5 K 03 Feb 2011 - 01:16 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-14-2011.txt manage 15.6 K 14 Dec 2011 - 12:53 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-19-2010.txt manage 65.8 K 03 Feb 2011 - 01:14 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-2-2010.txt manage 10.3 K 03 Feb 2011 - 01:15 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-22-2010.txt manage 5.6 K 03 Feb 2011 - 01:13 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-23-2010.txt manage 5.7 K 03 Feb 2011 - 01:13 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-29-2010.txt manage 127.1 K 03 Feb 2011 - 01:12 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-30-2010.txt manage 17.4 K 03 Feb 2011 - 01:12 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-6-2010.txt manage 42.5 K 03 Feb 2011 - 01:15 JamesMcQuaid  
txttxt RBN_IP_List_Update_12-8-2010.txt manage 9.7 K 03 Feb 2011 - 01:15 JamesMcQuaid  
txttxt RBN_IP_List_Update_2-13-2011.txt manage 66.8 K 14 Feb 2011 - 01:23 JamesMcQuaid  
txttxt RBN_IP_List_Update_2-22-2011.txt manage 38.8 K 22 Feb 2011 - 04:46 JamesMcQuaid  
txttxt RBN_IP_List_Update_2-4-2011.txt manage 21.0 K 04 Feb 2011 - 10:39 JamesMcQuaid  
txttxt RBN_IP_List_Update_2-6-2011.txt manage 44.6 K 06 Feb 2011 - 22:03 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-11-2011.txt manage 36.8 K 11 Mar 2011 - 15:40 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-13-2011.txt manage 32.9 K 13 Mar 2011 - 17:04 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-2-2011.txt manage 16.3 K 03 Mar 2011 - 03:47 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-20-2011.txt manage 68.4 K 20 Mar 2011 - 17:29 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-4-2011.txt manage 13.4 K 04 Mar 2011 - 12:56 JamesMcQuaid  
txttxt RBN_IP_List_Update_3-6-2011.txt manage 96.7 K 07 Mar 2011 - 00:03 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-10-2011.txt manage 121.3 K 11 Apr 2011 - 03:43 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-12-2011.txt manage 20.6 K 12 Apr 2011 - 11:43 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-17-2011.txt manage 180.4 K 17 Apr 2011 - 20:30 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-25-2011.txt manage 101.3 K 26 Apr 2011 - 04:05 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-27-2011.txt manage 8.7 K 27 Apr 2011 - 11:12 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-28-2011.txt manage 3.5 K 28 Apr 2011 - 11:32 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-3-2011.txt manage 84.4 K 03 Apr 2011 - 23:08 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-30-2011.txt manage 49.5 K 01 May 2011 - 00:06 JamesMcQuaid  
txttxt RBN_IP_List_Update_4-7-2011.txt manage 31.3 K 07 Apr 2011 - 12:02 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-10-2011.txt manage 47.7 K 10 May 2011 - 11:34 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-14-2011.txt manage 57.4 K 15 May 2011 - 03:13 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-17-2011.txt manage 42.1 K 17 May 2011 - 04:52 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-2-2011.txt manage 6.8 K 02 May 2011 - 11:45 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-20-2011.txt manage 160.2 K 20 May 2011 - 03:24 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-21-2011.txt manage 52.1 K 21 May 2011 - 21:01 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-22-2011.txt manage 8.1 K 22 May 2011 - 17:19 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-25-2011.txt manage 34.0 K 25 May 2011 - 14:41 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-27-2011.txt manage 8.1 K 27 May 2011 - 18:23 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-4-2011.txt manage 5.2 K 04 May 2011 - 11:40 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-5-2011.txt manage 33.9 K 06 May 2011 - 03:59 JamesMcQuaid  
txttxt RBN_IP_List_Update_5-9-2011.txt manage 54.2 K 09 May 2011 - 11:00 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-1-2011.txt manage 35.0 K 01 Jun 2011 - 04:07 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-11-2011.txt manage 24.5 K 12 Jun 2011 - 03:45 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-13-2011.txt manage 6.3 K 13 Jun 2011 - 16:00 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-14-2011.txt manage 18.0 K 14 Jun 2011 - 11:52 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-19-2011.txt manage 57.9 K 19 Jun 2011 - 20:25 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-21-2011.txt manage 18.1 K 21 Jun 2011 - 18:23 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-28-2011.txt manage 40.5 K 28 Jun 2011 - 14:20 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-6-2011.txt manage 11.9 K 06 Jun 2011 - 04:40 JamesMcQuaid  
txttxt RBN_IP_List_Update_6-9-2011.txt manage 14.2 K 09 Jun 2011 - 11:24 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-13-2011.txt manage 6.3 K 13 Jul 2011 - 11:34 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-15-2011.txt manage 47.3 K 15 Jul 2011 - 04:27 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-18-2011.txt manage 28.3 K 18 Jul 2011 - 13:15 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-21-2011.txt manage 22.5 K 21 Jul 2011 - 11:37 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-3-2011.txt manage 447.9 K 03 Jul 2011 - 16:22 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-5-2011.txt manage 12.2 K 05 Jul 2011 - 10:36 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-6-2011.txt manage 17.5 K 06 Jul 2011 - 11:06 JamesMcQuaid  
txttxt RBN_IP_List_Update_7-8-2011.txt manage 8.8 K 08 Jul 2011 - 11:52 JamesMcQuaid  
txttxt RBN_IP_List_Update_8-29-2011.txt manage 0.2 K 29 Aug 2011 - 11:05 JamesMcQuaid  
txttxt RBN_IP_List_Update_9-18-2011.txt manage 1.2 K 18 Sep 2011 - 19:22 JamesMcQuaid  
txttxt RBN_Observations_2nd_Quarter_2010.txt manage 1121.9 K 06 Jul 2010 - 01:20 JamesMcQuaid  
txttxt RussianBusinessNetworkIPs.txt manage 137.3 K 14 Dec 2011 - 12:53 JamesMcQuaid  
txttxt Storm_2_IP_addresses_3-12-2011.txt manage 4.2 K 13 Mar 2011 - 01:34 JamesMcQuaid  
txttxt Storm_2_domain_objects_3-11-2011.txt manage 41.1 K 13 Mar 2011 - 01:34 JamesMcQuaid  
txttxt as29073_ECATEL-AS.txt manage 190.1 K 02 Jan 2011 - 23:04 JamesMcQuaid  
txttxt as51554_LYAHOV-AS_Lyahovich_Maksim.txt manage 82.6 K 02 Jan 2011 - 23:04 JamesMcQuaid  
txttxt emerging-rbn-malvertisers.txt manage 0.6 K 18 Nov 2011 - 10:37 JamesMcQuaid  
txttxt emerging-rbn-malvertising_update_7-15-2011.txt manage 8.2 K 15 Jul 2011 - 04:28 JamesMcQuaid  
txttxt hounds_to_the_hunters.txt manage 90.6 K 25 Jan 2011 - 11:45 JamesMcQuaid  
txttxt includes_skynet.txt manage 93.3 K 25 Jan 2011 - 11:45 JamesMcQuaid  
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r282 < r281 < r280 < r279 < r278 | More topic actions
 
Emerging Threats
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback