Russian Business Network study - bizeul.org

More documents

Recommendations

Info

Version 1.0.1 RBN study – before and after David Bizeul Nevacon Nevacon is an RBN affiliate with a huge role in malware control (update, C&C). Nevacon is on a different netblock than TCS. Nevacon owns 194.146.204.0/22 IP address block. Actually, Nevacon is directly hosted on RBN network. Silvernet Silvernet seem to be the semi-legitimate ISP used to connect SBT and RBN to a main internet access (IXP). Connections between Silvernet and SBT are discreet because if this weak link would be shutdown, SBT might be blind (not for too long…). Silvernet owns many IP address spaces. Silvernet is a member of SPB-IX and is connected to a lot of other Russian ISP Linkey Linkey is a legitimate ISP which might have the same role as Silvernet: give a worldwide connectivity to SBT. Linkey spread a network zone: as-linkeycus in which RBN affiliates are all indicated. It may be possible that this zone is given to Linkey via Silvernet as both of them exchange together. Linkey connects to SPB-IX. Eltel2 Eltel2 is a very interesting network because it is managed by Eltel which is supposed to be a legitimate Russian telecom company but Eltel2 is also an active partner with RBN through as-joy. Actually, the description of Eltel2 is “JOY Network” Eltel2 has already broadcasted IP address space 85.249.20.0/22. What is interesting is that this address space belongs to LugLink. Luglink Luglink is a legitimate ISP but it seems to be involved into RBN activities through Eltel2. Luglink owns 85.249.16.0/21 (and so Eltel2) and this address space is also managed by Eltel. Eltel Eltel is a telecom company which manages Luglink, Eltel2 and many others. Eltel owns several IP address space such as: 81.222.192.0/18 (16384) ELTEL net 85.249.224.0/19 (8192) ELTEL MAN Saint Petersburg 89.112.0.0/19 (8192) ELTEL net 81.9.0.0/20 (4096) ELTEL net 81.9.32.0/20 (4096) ELTEL net 81.9.96.0/20 (4096) ELTEL net 81.222.128.0/20 (4096) ELTEL net 217.170.64.0/20 (4096) ELTEL net 217.170.80.0/20 (4096) ELTEL net 85.249.8.0/21 (2048) Telix 22
Version 1.0.1 RBN study – before and after David Bizeul It is highly probable that Eltel is being used (allegedly or not) to broadcast some address space it owns to RBN affiliates for short time operations. Other affiliates Other RBN affiliates do not have a precise role. Some of them seem to be dedicated in spam, other in pornography hosting. Some of these affiliates do not always broadcast IP address space. Credolink : 80.70.224.0/20 & 81.94.16.0/20 ConnnectCom 193.238.36.0/22 Deltasys 193.93.232.0/22 MicronNet 195.114.16.0/23 [ 32 ] Oinsinvest : 195.64.162.0/23 [ 33 ] Rustelecom : 195.114.8.0/23 32 http://www.spamhaus.org/sbl/sbl.lassoquery=SBL51155 33 http://www.spamhaus.org/sbl/sbl.lassoquery=SBL51154 23
Page 1 and 2: Russian Business Network study Vers
Page 3 and 4: Version 1.0.1 RBN study - before an
Page 21: Version 1.0.1 RBN study - before an
Page 33 and 34: Version 1.0.1 New York,NY,US 10019
Page 35 and 36: Version 1.0.1 New York, NY 10018,-,
Page 41 and 42: Version 1.0.1 City map RBN study -
Page 47 and 48: Version 1.0.1 Filtering bad network
Page 53 and 54: Version 1.0 David Bizeul RBN study

Russian Business Network study - bizeul.org

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?