...validating what some of us suspected. :-) Nice read.
- ferg [snip] Russian Business Network (RBN) In the last few months, there has been a significant amount of press coverage given to insidious cyber activity associated with the segment of the Internet known as the ÂRussian Business Network, or RBN. Previous studies have suggested that the RBN has ties to nearly every area of cybercrime, including: phishing, malware, DDOS activity, pornography, botnets, and anonymization. In November 2007, media reporting indicated that a large portion of the RBN Âwent dark. Since that time, the Shadowserver Foundation has been more closely analyzing outlying networks implicated as being associated with RBN. One of these suspected outliers is AS9121, known as TurkTelekom. SecurityZone.org reported in early December 2007 that while not everything in TurkTelekom appears to be malicious, there are some ranges that are Âparticularly bad and analysis of Shadowserver Foundation data agrees. Several subranges quickly stand out as being deeply involved in malicious cyber activity: 88.255.90.0/24 and 88.255.94.0/24. IP registration indicates these ranges are listed under the name ÂABDALLAH INTERNET HIZMETLERI (AIH). Abdallah Internet Hizmetleri (AIH) In one of the most thorough RBN studies to date, David Bizeul reported that AIH ranges 88.255.90.0/24 and 88.255.94.0/24 - are among the Âmost used network ranges used by RBN affiliates domain names. The purpose of this paper is to take a deeper look at these two class C ranges of AIH based out of Rize, Turkey, available information from the Internet, and statistics collected by the Shadowserver Foundation to provide further insight into the scope and depth of the RBN. [snip] http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080301 Paper: Direct Link: http://www.shadowserver.org/wiki/uploads/Information/RBN_Rizing.pdf - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
