RussianBusinessNetwork < Main

r146 - 27 Jan 2010 - 01:52:40 - JamesMcQuaidYou are here: TWiki >

Main Web > AllProjects > SnortConfSamples > RussianBusinessNetwork

Emerging Threats Russian Business Network (RBN) Snort Intrusion Detection Rules:

* http://www.emergingthreats.net/rules/emerging-rbn.rules

* http://www.emergingthreats.net/rules/emerging-rbn-BLOCK.rules

"Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown. Do what you will with this information." - Matt Jonkman

Russian Business Network background information compiled by JamesMcQuaid:

From JamesMcQuaid:

RussianBusinessNetworkIPs.txt Updated 1-21-2010: IP address ranges from which the criminal organization, their franchises, affiliates and customers exploit consumers. Block at will. Test for your production environment prior to utilization.
RBNIdentities.txt Updated 12-13-2009. Registrant information associated malicious and infected domains.

From Jart Armin: http://rbnexploit.blogspot.com

From Brian Krebs:

From Spamhaus:

From Dancho Danchev: http://ddanchev.blogspot.com/

From David Bizeul: http://isc.sans.org/presentations/RBN_study.pdf

From Shadowserver: 'Clarifying the "guesswork" of Criminal Activity': http://www.shadowserver.org/wiki/uploads/Information/RBN-AS40989.pdf

Wikipedia: http://en.wikipedia.org/wiki/Russian_Business_Network

-- JamesMcQuaid - 11 August 2009

Topic attachments
I	Attachment	Action	Size	Date	Who
txt	RBNIdentities.txt	manage	82.2 K	13 Dec 2009 - 19:26	JamesMcQuaid
txt	RussianBusinessNetworkIPs.txt	manage	86.6 K	27 Jan 2010 - 01:52	JamesMcQuaid
txt	ZeusMalwareIPs.txt	manage	16.0 K	02 Dec 2009 - 12:03	JamesMcQuaid

Main

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback