Not so much by greping, since they seem to be a a bit distributed across the internet, but Spamhaus maintains a list of IPs and networks they use.
http://www.spamhaus.org/rokso/sbl_listings.lasso?spammer=Russian%20Business%20Network&rokso_id=ROK The rbnetwork.com IPs stand out quite a bit though, so it's probably worth looking at those networks a bit more and making a decision from there. -db On 10/13/07, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > On 10/13/07, Paul Ferguson <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Most excellent. > > > > Brian Krebs writes in The Washington Post: > > > > [snip] > <Map if IP's> > http://blog.washingtonpost.com/securityfix/rbn.html > > Does anyone know what the color coding is representative of? I assume > RBN is the red ovoids, but would like to validate that. > > <sorry for the uninformed question but..> Is it easy to grep whois for > RBN? Is the way this reporter found out which IP's they are using > being kept secret due to some evasion technique? > > I would be willing to block them from 3 and 1/2 class B's if the > information was verifiable and reliable. Its a very large > representation of the Internet, but its a start. > > -JP<the cheesy> > > > > Law enforcement agencies say these kinds of Internet companies are able to > > thrive in countries where the rule of law is poorly established. "It is > > clear that organized cybercrime has taken root in countries that don't have > > response mechanisms, laws, infrastructure and investigative support set up > > to respond to the threat quickly," said Ronald K. Noble, secretary general > > of Interpol, an organization that facilitates transnational law enforcement > > cooperation. He declined to discuss the Russian Business Network > > specifically. > > > > The company isn't a mainstream Internet service provider, as Comcast and > > Verizon are. Rather, it specializes in offering Web sites that will remain > > reachable on the Internet regardless of efforts to shut them down by law > > enforcement officials -- so-called bulletproof hosting. > > > > Though there are thousands of Web sites that bear the Russian Business > > Network name on registration records, the company is unchartered and has no > > legal identity, computer security firms say. > > > > [snip] > > > > More: > > http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR200710120 > > 2461.html > > > > Also: > > "Taking on the Russian Business Network" > > http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_bu > > siness.html > > > > "Mapping the Russian Business Network" > > http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_busi > > ness_n.html > > > > Kudos to Brian on this in-depth exposé. > > > > - - ferg > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > > > wj8DBQFHEERIq1pz9mNUZTMRAsS/AJ9ZNT6kFuRClhybU9lse/foEGALigCeJc6x > > pLjb1z5wS45+uD7E/CJo9bY= > > =dFC1 > > -----END PGP SIGNATURE----- > > > > -- > > "Fergie", a.k.a. Paul Ferguson > > Engineering Architecture for the Internet > > fergdawg(at)netzero.net > > ferg's tech blog: http://fergdawg.blogspot.com/ > > > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
