Russian Business Network study - bizeul.org

More documents

Recommendations

Info

Version 1.0.1 RBN study – before and after David Bizeul 3. Evolution RBN, as a hosting provider will have to evolve in order to come back on the Internet but also to prevent being lightened again. With their multiple skills RBN could evolve this way: • Register IP netblocks at RIR (Regional Internet Registries): This could allow RBN to possess innocent new IP address. • Build a new AS Path: This AS path could be used to reach those new IP addresses; • Settle new peering agreements: This would be used to be reached by the rest of the world. This solution is a simple evolution of the previous RBN model. It is sure that multiple fake registrant names would be used everywhere in order to hide tracks and to prevent RBN from being flashed once again. RBN could also evolve to a botnet based model: • Malware installation: New methods can be used to spread malicious code such as bots. Advertisement can even be used to do this [ 51 ]. • Fast flux botnet: This new technique is very powerful. The honeynet Project released a very good document on this subject [ 52 ]. This model would be very difficult to thwart. Indeed, malicious content is hosted on zombies PCs and even if this PC is closed, another one will be a new relay. The key of this model is the mothership server. Once the mothership server is closed, the whole scheme fails. May be the reality will be a mix of the two models above. In this hybrid model, fast flux botnets could be used and mothership servers could be hosted in different netblocks registered by RBN. Will RBN succeed its transformation from moth living in the dark and fearing bright lights to phoenix back to life from ashes 51 http://www.eweek.com/article2/0,1759,2216618,00.aspkc=EWRSS03119TX1K000 52 http://www.honeynet.org/papers/ff/fast-flux.html 44
Version 1.0.1 RBN study – before and after David Bizeul Mitigation strategies This chapter is composed of two parts applying the precept “think big, act small”. 4. Think big to understand the threat impact and to predict evolution Considering bank issues, a merge of all elements exposed in this document can be represented on the following picture: This figure shows that victim is at the center of this puzzle. This victim has a trust relation with his bank but this trust relation can be eroded because of malware/phishing. Those malicious activities are located on hosting companies. Some of these companies are legitimate companies but they lack in control/detection system. Some of these companies are bad companies dedicated to provide bullet proof services so that it can be a shelter for malicious activities. 45
Page 1 and 2: Russian Business Network study Vers
Page 3 and 4: Version 1.0.1 RBN study - before an
Page 33 and 34: Version 1.0.1 New York,NY,US 10019
Page 35 and 36: Version 1.0.1 New York, NY 10018,-,
Page 41 and 42: Version 1.0.1 City map RBN study -
Page 43: Version 1.0.1 RBN study - before an
Page 47 and 48: Version 1.0.1 Filtering bad network
Page 53 and 54: Version 1.0 David Bizeul RBN study

Russian Business Network study - bizeul.org

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?