EmergingThreats> Main Web>AllProjects>SnortConfSamples>RussianBusinessNetwork (2016-02-01, MattJonkman) EditAttach
Russian Business Network

"Call these hosts what you like, we see a large amount of hostile activity from these nets, and get little to no abuse response for takedown. Do what you will with this information." - Matt Jonkman

Emerging Threats Russian Business Network (RBN) Snort Intrusion Detection Rules:

* http://rules.emergingthreats.net/blockrules/emerging-rbn.rules

* http://rules.emergingthreats.net/blockrules/emerging-rbn-BLOCK.rules

Emerging Threats Firewall Rules:

* http://rules.emergingthreats.net/fwrules/

Russian Business Network background information compiled by JamesMcQuaid:

From JamesMcQuaid:

          RBN IP Block List:

  • RussianBusinessNetworkIPs.txt Updated 2-10-2012: IP address ranges from which the former customers of the RBN ISP, their malware marketing affiliate networks, emulators, and other organized crime groups exploit consumers. Block at will. Test for your production environment prior to utilization. In cases where a malicious domain occupies an IP address used by many domains, the IP address is not included in this list (due to false positives in Snort and Suricata). Those domains are included in the DNS Blackhole for Smoothwall at http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples

RBN IP List Update files:

Storm 2:

Crime Centric Hosting:

  • RBNRoutes.txt Dedicated criminal networks (listed in RBNRoutes.txt) 772 routes favored by criminals; roughly 10% of the entries in the RBN IP List.

  • RBNIdentities.txt Registrant nom de guerres associated malicious and infected domains (first half 2010).

From Jart Armin:

From Brian Krebs:

From Spamhaus:

From Dancho Danchev:

From David Bizeul:

From Shadowserver:

Wikipedia:

-- JamesMcQuaid - 21 June 2010

Attachments Attachments
Topic attachments
I Attachment Action Size Date Who Comment
Texttxt AS6851_BKCNET.txt manage 50.8 K 2011-01-02 - 23:04 JamesMcQuaid  
Texttxt Emerging-frequent_malvertisers.txt manage 0.3 K 2011-07-03 - 16:23 JamesMcQuaid  
Texttxt RBNIPListOptional.txt manage 1.5 K 2010-04-02 - 15:43 JamesMcQuaid  
Texttxt RBNIdentities.txt manage 82.2 K 2009-12-13 - 19:26 JamesMcQuaid  
Texttxt RBNRoutes.txt manage 12.5 K 2011-05-10 - 01:01 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-12-2011.txt manage 9.4 K 2011-02-03 - 00:55 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-18-2011.txt manage 67.5 K 2011-02-03 - 00:56 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-2-2011.txt manage 6.1 K 2011-02-03 - 01:11 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-20-2011.txt manage 8.6 K 2011-01-20 - 12:26 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-22-2011.txt manage 72.5 K 2011-01-23 - 00:06 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-23-2011.txt manage 21.2 K 2011-01-23 - 18:07 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-24-2011.txt manage 12.6 K 2011-01-24 - 12:02 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-27-2011.txt manage 5.1 K 2011-01-27 - 12:24 JamesMcQuaid  
Texttxt RBN_IP_List_Update_1-29-2011.txt manage 28.9 K 2011-01-29 - 22:11 JamesMcQuaid  
Texttxt RBN_IP_List_Update_10-27-2011.txt manage 2.3 K 2011-10-27 - 12:11 JamesMcQuaid  
Texttxt RBN_IP_List_Update_10-6-2011.txt manage 7.7 K 2011-10-06 - 11:45 JamesMcQuaid  
Texttxt RBN_IP_List_Update_11-17-2011.txt manage 0.3 K 2011-11-18 - 04:07 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-14-2010.txt manage 27.5 K 2011-02-03 - 01:16 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-14-2011.txt manage 15.6 K 2011-12-14 - 12:53 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-19-2010.txt manage 65.8 K 2011-02-03 - 01:14 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-2-2010.txt manage 10.3 K 2011-02-03 - 01:15 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-22-2010.txt manage 5.6 K 2011-02-03 - 01:13 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-23-2010.txt manage 5.7 K 2011-02-03 - 01:13 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-29-2010.txt manage 127.1 K 2011-02-03 - 01:12 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-30-2010.txt manage 17.4 K 2011-02-03 - 01:12 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-6-2010.txt manage 42.5 K 2011-02-03 - 01:15 JamesMcQuaid  
Texttxt RBN_IP_List_Update_12-8-2010.txt manage 9.7 K 2011-02-03 - 01:15 JamesMcQuaid  
Texttxt RBN_IP_List_Update_2-10-2012.txt manage 9.0 K 2012-02-10 - 13:35 JamesMcQuaid  
Texttxt RBN_IP_List_Update_2-13-2011.txt manage 66.8 K 2011-02-14 - 01:23 JamesMcQuaid  
Texttxt RBN_IP_List_Update_2-22-2011.txt manage 38.8 K 2011-02-22 - 04:46 JamesMcQuaid  
Texttxt RBN_IP_List_Update_2-4-2011.txt manage 21.0 K 2011-02-04 - 10:39 JamesMcQuaid  
Texttxt RBN_IP_List_Update_2-6-2011.txt manage 44.6 K 2011-02-06 - 22:03 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-11-2011.txt manage 36.8 K 2011-03-11 - 15:40 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-13-2011.txt manage 32.9 K 2011-03-13 - 17:04 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-2-2011.txt manage 16.3 K 2011-03-03 - 03:47 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-20-2011.txt manage 68.4 K 2011-03-20 - 17:29 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-4-2011.txt manage 13.4 K 2011-03-04 - 12:56 JamesMcQuaid  
Texttxt RBN_IP_List_Update_3-6-2011.txt manage 96.7 K 2011-03-07 - 00:03 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-10-2011.txt manage 121.3 K 2011-04-11 - 03:43 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-12-2011.txt manage 20.6 K 2011-04-12 - 11:43 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-17-2011.txt manage 180.4 K 2011-04-17 - 20:30 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-25-2011.txt manage 101.3 K 2011-04-26 - 04:05 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-27-2011.txt manage 8.7 K 2011-04-27 - 11:12 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-28-2011.txt manage 3.5 K 2011-04-28 - 11:32 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-3-2011.txt manage 84.4 K 2011-04-03 - 23:08 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-30-2011.txt manage 49.5 K 2011-05-01 - 00:06 JamesMcQuaid  
Texttxt RBN_IP_List_Update_4-7-2011.txt manage 31.3 K 2011-04-07 - 12:02 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-10-2011.txt manage 47.7 K 2011-05-10 - 11:34 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-14-2011.txt manage 57.4 K 2011-05-15 - 03:13 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-17-2011.txt manage 42.1 K 2011-05-17 - 04:52 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-2-2011.txt manage 6.8 K 2011-05-02 - 11:45 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-20-2011.txt manage 160.2 K 2011-05-20 - 03:24 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-21-2011.txt manage 52.1 K 2011-05-21 - 21:01 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-22-2011.txt manage 8.1 K 2011-05-22 - 17:19 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-25-2011.txt manage 34.0 K 2011-05-25 - 14:41 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-27-2011.txt manage 8.1 K 2011-05-27 - 18:23 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-4-2011.txt manage 5.2 K 2011-05-04 - 11:40 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-5-2011.txt manage 33.9 K 2011-05-06 - 03:59 JamesMcQuaid  
Texttxt RBN_IP_List_Update_5-9-2011.txt manage 54.2 K 2011-05-09 - 11:00 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-1-2011.txt manage 35.0 K 2011-06-01 - 04:07 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-11-2011.txt manage 24.5 K 2011-06-12 - 03:45 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-13-2011.txt manage 6.3 K 2011-06-13 - 16:00 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-14-2011.txt manage 18.0 K 2011-06-14 - 11:52 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-19-2011.txt manage 57.9 K 2011-06-19 - 20:25 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-21-2011.txt manage 18.1 K 2011-06-21 - 18:23 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-28-2011.txt manage 40.5 K 2011-06-28 - 14:20 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-6-2011.txt manage 11.9 K 2011-06-06 - 04:40 JamesMcQuaid  
Texttxt RBN_IP_List_Update_6-9-2011.txt manage 14.2 K 2011-06-09 - 11:24 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-13-2011.txt manage 6.3 K 2011-07-13 - 11:34 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-15-2011.txt manage 47.3 K 2011-07-15 - 04:27 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-18-2011.txt manage 28.3 K 2011-07-18 - 13:15 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-21-2011.txt manage 22.5 K 2011-07-21 - 11:37 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-3-2011.txt manage 447.9 K 2011-07-03 - 16:22 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-5-2011.txt manage 12.2 K 2011-07-05 - 10:36 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-6-2011.txt manage 17.5 K 2011-07-06 - 11:06 JamesMcQuaid  
Texttxt RBN_IP_List_Update_7-8-2011.txt manage 8.8 K 2011-07-08 - 11:52 JamesMcQuaid  
Texttxt RBN_IP_List_Update_8-29-2011.txt manage 0.2 K 2011-08-29 - 11:05 JamesMcQuaid  
Texttxt RBN_IP_List_Update_9-18-2011.txt manage 1.2 K 2011-09-18 - 19:22 JamesMcQuaid  
Texttxt RBN_Observations_2nd_Quarter_2010.txt manage 1121.9 K 2010-07-06 - 01:20 JamesMcQuaid  
Texttxt Storm_2_IP_addresses_3-12-2011.txt manage 4.2 K 2011-03-13 - 01:34 JamesMcQuaid  
Texttxt Storm_2_domain_objects_3-11-2011.txt manage 41.1 K 2011-03-13 - 01:34 JamesMcQuaid  
Texttxt as29073_ECATEL-AS.txt manage 190.1 K 2011-01-02 - 23:04 JamesMcQuaid  
Texttxt as51554_LYAHOV-AS_Lyahovich_Maksim.txt manage 82.6 K 2011-01-02 - 23:04 JamesMcQuaid  
Texttxt emerging-rbn-malvertisers.txt manage 0.6 K 2011-11-18 - 10:37 JamesMcQuaid  
Texttxt emerging-rbn-malvertising_update_7-15-2011.txt manage 8.2 K 2011-07-15 - 04:28 JamesMcQuaid  
Texttxt hounds_to_the_hunters.txt manage 90.6 K 2011-01-25 - 11:45 JamesMcQuaid  
Texttxt includes_skynet.txt manage 93.3 K 2011-01-25 - 11:45 JamesMcQuaid  
Edit | Attach | Print version | History: r284 < r283 < r282 < r281 < r280 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r284 - 2016-02-01 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats