Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Russian Business Network study - bizeul.org
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Version 1.0.1<br />
RBN <strong>study</strong> – before and after<br />
David Bizeul<br />
That’s great, bots are precisely downloaded from those bullet-proof hosting provider.<br />
As a matter of fact, ISP threat and Banking industry threat are nearly the same. First ISP has to sustain bandwidth used<br />
by bots, abuse reports made against their customers when they’re infected and even support team time used to solve<br />
customers’ issues relating to their paralyzed Internet broadband access. Then banking industry has to sustain the costs<br />
that a precise trojan (may be the same malicious piece of malware that the ISP’s customer bot) has made to its<br />
customer.<br />
Banking industry and ISP have to work together, hand by hand for tackling cybercrime.<br />
Here are some commands that a legitimate company can apply on its edge router to prevent RBN IP networks and<br />
affiliates:<br />
access-list RBN deny 81.95.144.0 0.0.15.255<br />
access-list RBN_CUST deny 194.146.204.0 0.0.3.255<br />
access-list RBN_CUST deny 195.114.8.0 0.0.1.255<br />
access-list RBN_CUST deny 80.70.224.0 0.0.15.255<br />
access-list RBN_CUST deny 81.84.16.0 0.0.15.255<br />
access-list RBN_CUST deny 193.238.36.0 0.0.3.255<br />
access-list RBN_CUST deny 193.93.232.0 0.0.3.255<br />
access-list RBN_CUST deny 195.64.162.0 0.0.1.255<br />
access-list RBN_CUST deny 195.114.8.0 0.0.1.255<br />
access-list RBN_CUST deny 195.114.16.0 0.0.1.255<br />
access-list ELTEL2 deny 85.249.20.0 0.0.3.255<br />
access-list DATAPOINT deny 85.249.128.0 0.0.15.255<br />
access-list OTHER permit any any<br />
Here are some commands that an ISP can apply to prevent RBN and affiliates using BGP AS filtering:<br />
ip as-path access-list 20 deny _40989_<br />
ip as-path access-list 20 deny _34883_<br />
ip as-path access-list 20 deny _41731_<br />
ip as-path access-list 20 deny _41173_<br />
ip as-path access-list 20 deny _20807_<br />
ip as-path access-list 20 deny _28866_<br />
ip as-path access-list 20 deny _34596_<br />
ip as-path access-list 20 deny _39848_<br />
ip as-path access-list 20 deny _41108_<br />
ip as-path access-list 20 deny _41181_<br />
ip as-path access-list 20 deny _41187_<br />
ip as-path access-list 20 deny _42533_<br />
ip as-path access-list 20 deny _42577_<br />
ip as-path access-list 20 deny _30968_<br />
ip as-path access-list 20 deny _34883_<br />
# AS20807 Credolink ASN Credolink ISP Autonomous System St Petersburg*<br />
# AS28866 AKIMON AS Aki Mon Telecom*<br />
# AS34596 CONNECTCOM ConnectCom Ltd Autonomous System<br />
# AS39848 DELTASYS Delta Systems network*<br />
# AS40989 RBN AS R<strong>Business</strong> <strong>Network</strong>*<br />
# AS41108 OINVEST AS Online Invest group LLC*<br />
# AS41173 SBT AS SBT Telecom*<br />
# AS41181 RUSTELECOM AS Rustelecom AS*<br />
# AS41187 MICRONNET AS Micronnet LTD*<br />
# AS41731 NEVSKCC AS NEVACON LTD*<br />
# AS30968 DATAPOINT-NET1<br />
# AS34883 ELTEL2<br />
48