Slashdot Mirror
Profile of the Russian Business Network
The Washington Post has an article detailing what is known of the workings of the Russian Business Network, a shadowy entity based in St. Petersburg that hosts a good fraction of the world's spammers, identity thieves, bot herders, and phishers. RBN is not incorporated anywhere and may not technically even be violating Russian law. It provides "bulletproof hosting" for about $600 a month to a wide range of bad guys.The author of the Post story, Brian Krebs, supplements it with two blog posts. One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results. The other post maps some of the RBN's upstream suppliers and details the extent of the RBN's involvement in recent cyber-attacks: "Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers" in the RBN.
I'm hoping the next Slashdot story on this topic is that some drunk driver crashed a propane truck into the RBN datacenter hehehe. Or maybe a nuclear plant will just blow up within close proximity to it lol. Seriously, there's a lot of bad things that could happen to it in Russia! Here's to hoping something does!
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
are we for or against data havens these days?
I checked the Wikipedia article just for kicks. These guys are definitely pretty shady. But I think the real question here is: Does it run Linux?
The Spamhaus project has a list of Russian Business Network addresses, for what it's worth.
I wonder if anyone has every found a remote exploit that will get past iptables -j DROP recently.
I wish the article had links to the ranges so we could block this stuff.
Although I have to say over the last ~2 weeks it's been down quite a bit.
The ADDRESS please? I really believe these people are the worst kind of people. Right along with murderers. Seriously, who else thinks its funny to load down the worlds computers with antivirus and antispam programs. Everyday they waste large sums of money in lost time and electricity. Not to mention when their poorly written code does things like makes you lose a hard drive. Hehehe, maybe you'd better not give me the address.
In Soviet Russia, business networks you!
In Soviet Russia, the law breaks you!
How many of us have to do business with Russian sites? So block the whole range of Russian IPs until the Russian government wants to do something about it. Same thing with Nigeria and so on. The amount of crap coming from these countries is dis-proportionally larger than the number of useful, legitimate sites located there. Until those countries figure out how to control their spammers and phishers, they'll just have to spam each other and steal each other's identities as much as they please, we have our own crap to take care of.
I think a lot of us would like to block these asshats. POST THE IP Ranges!
. . . get a handle on this if he'd like .ru to still be a part of the Internet in the next few years. Or perhaps when he rolls Russia and the satellite states back to the U.S.S.R. days, he'll take some pages from China's playbook. China seems to get along just fine with most of their address space behind Cisco censorship routers and/or in spam blacklists.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
From TFA:
Danny McPherson, chief research officer at Arbor Networks, a Lexington, Mass.-based company that provides network security services to some of the world's largest Internet providers, said most providers shy away from blocking whole networks. Instead, they choose to temporarily block specific problem sites.
"Who decides what the acceptable threshold is for stopping connectivity to an entire network? Also, if you're an AT&T or Verizon and you block access to a sizable portion of the Internet, it's very likely that some consumer rights advocacy group is going to come after you."
First... who's saying anything about blocking "a sizable portion of the Internet"? We're talking about being able to identify bad-actors and doing something about it for a change. From some recent articles I've read, AT&T doesn't seem to have any problems blocking their users from accessing the Internet when they don't like what they're doing... they'll just drop you if they don't like you. Why do they have issues blocking real criminals from doing real criminal activities. Can anyone honestly say that these networks are hosting content that anyone legitimate would want to get to?
If there are legit companies doing business with these guys, and maybe if the networks were blocked, or the providers refused to carry routes to those networks, they would "shy away from" doing business with the RBN. Or is that too much of a free-market approach to the problem... block the criminals, and if you're associated with them, you can't do business either. Hmmm...
Second, as to who decides... the market decides! This is pretty cut-and-dry. If there's a company somewhere that specializes in hosting this crap, then shut it down! It will only benefit legitimate business. This is so easy... there isn't a free-speech or access issue here... nothing for anyone to get upset about. The cancer has been identified... cut it out of the body.
The time for reactive measures is over. The article got one thing right... this problem has been allowed to grow and fester beyond the point where half-measures are going to work. $150 million is real money and it's time to take the ability for these goons to do this away from them.
It makes a lot of sense to use the Spamhaus RBL to block things in a firewall. If a site is black listed for sending spam, then I don't want any traffic from that site, not email, not web traffic, anything. However, I am not aware of a system that ties an iptables DROP rule to an RBL.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
In Soviet Russia, the Business Network profiles you!
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
I think Cisco may be one step ahead of you. With their purchase of Ironport they get a lot of stuff from Senderbase they can incorporate to do this.
His name's Doe. John Doe. He's easy enough to find. (Or at least that's what his toe tag will say once RBN is finished with him)
Part of the problem is that their activities bring in hard currency. Also, the local authorities probably figure its better that the crooks direct their activities outside the country, rather than against other Russians. Its the same problem as with the 419'ers.
Second, as to who decides... the market decides! Exactly. Mod parent up!
In Soviet Russia, Internets download you!
sigs... don't talk to me about sigs....
I mean, if Russia is a haven for spammers, couldn't we just block most Russian traffic?
This is my sig.
A plethora of bad guys, rather.
Why not solve the Microsoft problem the same way? What, you mean to say mass murder is only ok if it's in somebody else's country?
Sam ty sig.
They say we need to reduce our nuke stockpile. Can't fault me for trying.
GWB
Like I want AT&T to be able to decide what parts of the internet are "off-limits" to me? Like there's any reasonable way of doing this anyway? The Internet was developed with the goal of routing around broken segments in mind. This is not a problem with a market solution. This is a problem where the U.N. tells Russia to get its shit together, and stop these guys from doing things that piss off the rest of the world. Nigeria can get the same treatment. If there's some other group behind all the foreign lottery scams that are apparently being sent out by botnet, then I'd like to get them locked down too.
I see your informative link, and raise you a pithy comment.
If this was not a network in Russia, but oh, say AOL, the fact that lots of its hosts were bots for the bad guys would not change the fact that banning the whole network is censorship. But, of course, all Russian businessmen are mobsters, right? So it's Ok to do this to a network in Russia. Right! How is this article missing a censorship tag?
Yeah, yeah, let's get funny with all the "in soviet blah, blah, blah." If you don't think you are being suckered into the new xenophobia based on old world paradigms, you are being suckered good. Blocking a Russian network because some of its hosts are used by the mob is like boycotting every Italian restaurant because some of them are used to launder money by the mob.
Any guest worker system is indistinguishable from indentured servitude.
> AT&T doesn't seem to have any problems blocking their users from accessing
> the Internet when they don't like what they're doing... they'll just drop
> you if they don't like you. Why do they have issues blocking real criminals
> from doing real criminal activities.
I suggest that the primary reason why ISPs like AT&T don't block this stuff is because it generates revenue for them.
they make their profits from data usage, and, as you know, these botnets generate massive amounts of data usage.
From a business perspective, AT&T would be stupid to cut out the primary driver behind the creator of such a large generator of increased revenue/data usage for them.
RBN addresses (and assorted other nasties) are also listed in the Spamhaus DROP (Don't Route Or Peer) list. IMO, it's a useful thing to drop (pun intended) into your firewall...
Oh, no! You have walked into the slavering fangs of a lurking grue!
IMO, I'd rather do the blocking myself than have AT&T do it for me. That being said, I don't hesitate to block RBN traffic.
Oh, no! You have walked into the slavering fangs of a lurking grue!
There is a good line in Dune -- "You control a mentat by controlling his information." The religious crowd is easily aroused by "think of the children." Apparently, the slashdot crowd needs to hear "think of the spam." This is how the world network for all-to-free an exchange of information will be fractured. You just need to find a hot-button issue for every crowd and they'll scream for the separation along national borders on their own (thinking it's their own idea).
A good number of the posts so far propose blocking Russia altogether. Because there is no "business" done with Russia. Aha. But that means no Russian news. No access to chats with Americans for Russians. Hell, the new Russian order couldn't dream of a better situation. Not only do they get not to have their citizens interact with Americans freely, but they also don't have to be the bad guys in it. The Jefferson quote states that giving up freedom for a little bit of security will cause one to lose both. But why go that far? "little bit of security" is not even necessary as the price. Apparently a little bit of expediency is enough.
It's censorship and xenophobia even if you can make a Yakov Smirnoff joke of it. Sorry, but this time, the boogie man is you!
Any guest worker system is indistinguishable from indentured servitude.
These servers are used for phishing scams. But phishers can by lots of zombie botnets in order to send out their phishing scams.
So... Just point the botnets to these Russian Servers. That seems to me to be a lot cheaper than doing anything else. Including cleaning up the systems on your subnet.
Honestly, I'm surprised this hasn't happened already.
The best way to predict the future is to create it. - Peter Drucker.
Great idea! Nuking Microsoft would also solve the world's obesity, oil and political problems all in one go.
:)
I'm surprised I didnt think of that myself.
-- From a Aussie
...and replace it with an economic crisis. The whole crux of the problem with closed source software is that it is dependent on a single vendor. How do you think it's an improvement to destroy that vendor and eliminate any hope of maintenance and support?
The other problems are all rooted in culture and government. The US is what it is because it's been ruled by corporate interests and a corrupt government. It's not something that can ever be fixed, but it can be cleaned up with a series of good administrations. Australia will follow, as it always does.
Really, the whole planet is screwed, different nations just have their different problems. Corruption is universal though, no matter how much propaganda the US might spread. Just remember that being honest is the exception, not the rule, for a species like the human which is based instinctively on self preservation and gratification.
Sam ty sig.
Actually, a bomb blowing up the entire Microsoft complex, killing everyone involved in Windows (but nobody else) would produce a massive demand for jobs in the IT sector, programming sector, pretty much every technical field you can think of. Apple, Red Hat, Sun, Oracle, Novell, and so on would see massive gains in profits. The Rest Of The World (TM) would take relatively small hits- those who are still on XP would stay on XP (and start a Mac or Linux migration plan instead of a Vista one), those who have finished their Vista migration would be in good shape for a few years until it's time for their next hardware upgrade, and those who are in the middle of a switchover to Vista may well get totally fucked, depending on how they're doing it. It wouldn't be pretty in the short term, but it'd be survivable, and it's likely that replacing the monoculture with diversity would result in long-term economic gains due to competition. I actually think gaming companies would get hit the hardest, I have no idea how hard it is to take a game coded for Vista/360 and port it to another console. It's probably still a drop in the bucket of the greater economy. The biggest hit would probably be Wall Street investment bankers and so forth, but that's a single immediate hit, and not something that has a long-lasting effect. (A long-lasting effect would be something like a calamitous food shortage, sudden oil shortage, whatever; that results in an immediate hit followed by a long period of economic inefficiency because of a lack of resources for other industries to continue their business.)
Care about privacy? Read this!
That's pretty optimistic. We're talking about a software industry where it takes many companies years just to update their compiler version, saying nothing of their entire operating platform, not even considering migrating to a completely different platform (Linux, MacOSX, whatever) which Microsoft deliberately stays incompatible with. So an optimistic estimation for Linux to replace Windows, if it's the only way to survive at all, would take a good 5 years or so.
In the meantime you'd have a bunch of half-assed ports using winelibs and Mono and similar rubbish, which makes the situation even worse than a Windows-dominant one. Some companies would bomb entirely, although that's just good old natural selection. And unlike the current legacy software which is being replaced, some of the half-assed solutions may stay 'good enough' to never be replaced at all, much like how the Windows platform is dominated now. Windows Vista still has the kernel hook to cmd.exe for chrissakes. Is this an industry that could survive a bomb?
The alternative is to fix the patent system, impose anti-monopoly restrictions on Microsoft, and other regulatory changes to allow competition to take over naturally, and let the market adapt on its own. This is the sort of evolution that led to such strong competition in the PC hardware industry, without any bombs and without long gaps of horrible inefficiency and regression.
Sam ty sig.
In general, a set of self clearing timed rules based on heuristics require less maintenance and mistakes are mostly self correcting. Hard RBL based rules put you at the mercy of whoever compiles the RBL and mistakes can linger for a long time. One issue being that you cannot even tell whether there is a mistake if connectivity is completely dropped for example.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
The article says that in order to join the network and get your site hosted for $600, you have to *prove* that you're a criminal. I can't understand the logic of this. If you're prepared to cough up the $600, why would they care if you're not going to break the law? Can somebody explain this?
Although the RBN are certainly bad guys, Slashdotters should pls resist the tendency to assume that all the bad guys are nasty, foreign types. Most of the bad guys - for example spammers - as usual, are home-grown.
Of the 133 worst spammers on the Spamhaus ROKSO list, the vast majority of the worlds worst spammers are from the USA, followed after a big gap by nasty foreigners from Israel, Ukraine, China and yes Russia too:
See: http://www.spamhaus.org/rokso/index.lasso
I just imported that list to drop all.
I am going to set up the log analyzer and see how effective it is.
I still have some issues with getting it to log properly.
By default everything is accepted, except the drop list.
The phrase "more better" is acceptable English. suck it grammar Nazis
# Russian Buisness Network et al. As listed from spamhaus.org on 10/14/2007 81.95.144.182/32 81.95.149.171/32 58.65.239.66/31 81.95.144.3/32 81.95.149.27/32 81.95.149.181/32 81.95.149.178/32 81.95.156.0/22 193.93.235.5/32 81.95.149.110/31 81.95.148.18/32 81.95.148.130/31 81.95.148.132/31 81.95.153.243/32 81.95.147.202/31 81.95.144.0/20 195.114.16.0/23 195.64.162.0/23 84.45.90.141/32 88.201.208.0/20 195.64.140.0/23 81.94.16.0/20 85.249.23.0/24 81.95.147.182/32 217.118.119.26/32 85.133.4.138/32 213.200.79.194/32 62.154.15.154/32 213.200.78.66/32 195.66.226.151/32 213.200.80.46/32
Suppose:
1 mail = 10 kB
100 mails = 1 mB
100.000 mails = 1 gB
Not thát massive...
Flatfee accounts should only be possible for "good behaviour" customers, the notorious zombie-owners should pay per gB.
Just a suggestion.
All those moments will be lost in time, like tears in rain. Time to die.
in russia spam blocks you!
I'm a rabbit startled by the headlights of life
Naw, can be done cheaper: Hit those spammers with one nuke and let Russia's counterstrike destroy MS. As a bonus it'll wipe out most of the RIAA and MPAA.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
The moment a large ISP like AT&T starts blocking theior IP ranges, they'lll move them. They have control of millions of bots throughout the world, they could use totally dynamic, ever-changing IPS if necessary. And the IPs blocking would just create enormous collateral damage.
Though on a small scale it can work, blocking is ultimately futile. It's like trying to prevent someone telephoning you by blocking their caller-ID. If motivated, they will just use another phone. The only solution is to arrest the criminals (for the frauds they are committing, not spamming per se), by police investigative procedures; and following the money trail.
That's a variant on the broken window fallacy. The idea that breaking somebody's windows is a good thing because it creates work for the glazier, the police, etc. It only works from an internal viewpoint that is based on the relative distribution of wealth. Taking a broad overview of society as a whole, it's pretty plain to see that the total wealth has gone down. It's the same sort of protectionism as farm subsidies. It may keep people in work but its at the cost of having an inefficient, bloated economy. Far better than to create jobs through needless destruction and inefficiency, is to create jobs by aiming higher and achieving more as a society.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
you can figure it out or one of those that gotta look up 'money laundering' in the dictionary :)
hmm officespace.
Dont Judge The situation by the Misfortunate. Goga.
Send us ONE nuke today, and get TEN nukes by the end of the day for FREE!
FREE delivery guaranteed. Local taxes may apply.
The FBI seems to have all kinds of time to spy on Americans, in the operation that started even before 9/11/2001. Not so much time to listen to reports that Qaeda suicide bombers were learning to fly, but not land, jumbo jets.
But the FBI, even though part of its job is to protect Americans from the Russian mob(s), doesn't seem interested in that sitting duck den of thieves. They're pretty industrious over at FBI, but they aren't protecting Americans from some of the most common crimes that rob people's life savings. That kind of "laziness" is usually a sign that the cops are bought off by the gangsters.
--
make install -not war
Yeah, the "lameness" filter has become rather strict due to ever-more creative troll ASCII etc. In this case the problem was probably that it had a lot of repetitive ECODE formatted text. You can evade it by just pasting a big block of "normal" text at the end. The traditional troll method is to use the "Important Stuff" below the comment form.
It seems to me that blocking Russia completely would be a pointless knee-jerk reaction. There is a well-known company with a known IP range that hosts a pile of undesirable stuff. Why block traffic from people who just happen to live in the same country as the spammers?
For reference:
http://en.wikipedia.org/wiki/Parable_of_the_broken_window
Not only that, but it would be highly ineffective. Russia is a exceedingly VAST country, (12 timezones, 1/6 of the world's surface IIRC) and Stalin was once said after touring post-nuke Japan that the USSR could survive normally after four nukes.
Windows has detected an undetectable error.
> The moment a large ISP like AT&T starts blocking theior IP ranges, they'lll move them.
Not so fast with the doom and gloom "we can't win" attitude. Yes we CAN if we decide we WANT to. Almost every scam on the Internet depends on a 'bulletproof' host somewhere. Yes they hijack Windows PCs, yes they now use P2P for C2 but eventually most of these scammers are driving somebody to a website or they have to collect the stolen keystrokes. Bulletproof hosting is real and it is a real problem. If we put an "Internet Death Penalty" on any ISP providing such hosting it would stop. But only if done in a totally evenhanded yet iron fisted way.
Example. How to deal with today's problem child RBN. Declare them outlaws, every responsible network operator ceases traffic to/from their IP and an RFC is posted detailing the best known data on how the outlaw network is currently connected to the world and proposing a total stoppage of traffic with THOSE systems in 30 days. National telecom operations included, even AT&T if they were stupid enough to get caught at it. Make advertising 'bulletproof' into suicide. And keep right on hounding them as they go ever deeper underground until it becomes clear to anyone with enough brains to configure a router that hosting scammers isn't profitable and connecting allowing a cable run to a system hosting known scammers is an equally bad idea. No SEAL teams blowing up server farms in 3rd world cesspools, no big fuss, everything dealt with on a closed mailing list. All it would take is a supermajority of the top 50 connectivity providers coming together to do something obviously in what should be in their own self interest and that of their customers.
But it doesn't happen. Because there are a few people who gain a lot from the current situation while the losses are spread among everyone and it isn't the scammers doing most of the gaining. Think about it. Billions of dollars in the anti-* industries. The large webmail and ISP driven mail domains use the fact they can throw thousands of man hours at the problem to convince more and more smaller mail domains (or their frustrated users) to simply give up. The 1st world governments (and corporations, media, intellectuals, etc) don't want to offend the 3rd world. And on and on.
Democrat delenda est
Then they'd Joe Job opponents, rivals, or just random ISPs to make them look guilty. This ISP is sleazy, but many others could be used unwittingly.
Thanks for posting that; I was unfamiliar with it. I've just added it to one of my sites, and will be adding it to a couple more.
The GP counted to 1. It can't be Bush.
It goes from God, to Jerry, to me.
Perhaps I'm influenced by my re-reading of authors like William Gibson and Neal Stephenson lately, but..
Why can't we fight fire with fire? Perhaps this hosting consortium is "bulletproof" in the legal sense, but is it bulletproof in the technical sense? Are they completely un-hackable themselves? We live in a nation full of some of the most talented hackers in the world, why don't we take the fight to their doorstep, relentlessly hack their servers as relentlessly as they try to hack us, and try to gain enough control of their networks to do some damage to them? A rather romantic idea, I'll admit, but still: others here have advocated acts of "civil disobedience" as being right and proper in certain contexts, wouldn't this be one of those contexts?
Everyone remember recently how much trouble was caused by a transformer failure-caused power outage in San Francisco causing all sorts of chaos for a whole laundry-list of large internet sites? How many times do you think they'd suffer losses because hackers broke in and disabled their network(s), before they'd lose enough money (and face, for that matter) that we might not see them again, at least for a good long while?
I have see a few posts that seem to zero in on RBN and SPAM. Unfortunately, if you read the article or at a slightly familiar with RBN, you would know it's a whole lot worse than that. An extremely large and extremely disproportionate amount of the hosts in the RBN ranges house malware, virues, trojans, command and control sites (for bots), and child pornography -- in addition to the SPAM issues. It really is a bad place on the Internet; one of if not he worst. If you are at an organization where you can block them, you should if not at least check your logs and see if your hosts are going there and why.
Give a man a nuke and you give him a bargaining chip.
Teach a man to build his own nukes and you lose your monopoly on global terror.
In the free world the media isn't government run; the government is media run.
What if Microsoft just used their billions to hire more people to restart work on Windows. I'm sure they have some kind of secure offsite data storage in a defunct mine or something.
But don't you still love entertaining the thought? :)
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
A little late to the thread to get modded up, but I didn't have time this morning to post my own BGP filtering route-maps to keep these malware ISPs out of my tables. AS41173 seems to be the only upstream ISP to 40989. These companies seem to be the same mysterious people, hoping to hide their identities and locations. The internet isn't that easily fooled, though.
If you look at the RIPE and whois records for all the parties involved, this is an ISP that popped up in June of last year, apparently dedicated to hosting malware sites. Look closely at addresses and dates. Fictitious Panamanian and UK addresses with an American phone number, claims of being in the Seychelles (English spelling), again with other American phone numbers.
Some nmap fingerprinting of their routing equipment shows this operation tends towards low budget. I've seen ISPs that were nothing more than a couple of university students who obtained an AS#, a prefix, found a BGP feed, and filled a rented a rack in a colo with some servers and a linux box running quagga. Seen from a looking glass, no difference from the big players. A good looking website regularly updated, proper whois and RIPE records, and it's very difficult for a potential client to know the ISP may go down during exams week.
This operation seems not much more than what a couple of kids with a little knowledge could put together. The prefixes fill various spamhaus and RBL lists. Doubtful that there are any legitimate clients on those networks. This operation is the malware gangs getting a little more hi-tech, running their own ISP by buying IP transit from companies known for never turning down business. They use C4L/NetSumo, a known no-questions-asked ISP who resell an MPLS service between London and Eastern Europe, probably Interoute's.
As for location, looking at various internal looking glasses, the prefixes seem to be hitting the internet in London then through a leased line with 70 mSec of delay, and in Prague with a sudden 20 mSec of delay. This certainly is not going through the Seychelles. My best guess would be a data centre in Russia, where bribes to local authorities gives them a certain level of immunity to lawful pursuits.
Any reasonable ISP hoping to protect their clients from this criminal malware gang would just filter those four AS#s from their main routing tables, and save themselves a world of hurt. Better yet would be to actively blackhole those prefixes. Sure, it might fly in the face of one perfect internet, but since there is no legal remedy, internet providers need to protect themselves. Good ISPs and hosting services already filter all kinds of bogus routing information, adding a known spam and malware operation to the list is just good practice.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
While I generally agree with this sentiment, and understand your reference to the broken window fallacy, I also find myself wondering if we might not still see a net gain should the Redmond campus suddenly fall off the map, given how active Microsoft has been in deliberately obstructing efforts to "aim higher and achieve more as a society" -- and not just for the US...
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Aside from the fact that bullets seem to be getting friendly with spammers as of late...
Where can I sign up? All these western hosters that always say they have great uptime and availability are full of it. At least these guys are serious.
First of all, yes, I understand that the U.N. isn't going to do anything about this, and that they'd be hard pressed to do anything about it anyway. However, they can apply sanctions due to the economic hardship of dealing with all this crap, and 'convince' Russia to start making changes. It isn't completely inconceivable that something like this could potentially get passed if enough representatives got numbers for the real costs of spam in their countries.
Second of all, at the first threat of armed response to these servers, Russia will start posturing and threatening, the U.S. will posture and threaten back, Russia will make some Cold War reference, the U.S. will decide not to send in server-killing strike teams, but make it clear that we chose not to send in strike teams because of bean-counters or something, not because we take seriously any threat from Russia. Somewhere in there will be a horde of "OMG Cenzorship WTF?!?!" posts on Digg, Slashdot, and Fark.
I honestly do believe that this sort of thing is not going to be taken care of by peer pressure. AT&T and Verizon and Charter and Comcast and everyone else are not going to be able to block the spam. They are not going to be able to force the spammers to change their ways. This is a problem that will need to be taken care of governmentally, but likely won't be.
I see your informative link, and raise you a pithy comment.
unless of course, you're willing to send SEALs to test how "bulletproof" the rogue servers are.
This activity has been outsourced to Blackwater USA security contractors.
Seth
$5 / month hosted VPS on linux = awesome!
The only conclusion I can see is that some spammer is smart enough to realize that this approach might indeed affect business, that they don't have any defenses currently in placce against it, and doesn't want the word to get out.
The best way to predict the future is to create it. - Peter Drucker.
I monitor several servers and have noticed a pattern that suggests a connection between several BOTNETs and RBN. We did some experimentation, while monitoring incoming connections, we noted several Russian systems connecting but not executing any commands, at the same time, obvious BOTNET spam would increase. Once we blocked the networks of these Russian systems, the BOTNET traffic slowed down.
Some of these systems have legitimate business names; and I wonder.
In any case, it appears these systems are putting out "feelers" for systems and networks that are of interest to them. When systems are confirmed "up", somehow that information is relayed to the BOTNET(s) and the attacks continue.
Anyone else notice this?
Needless to say, we happily block the traffic, period and without a care. I will posit that they have gone further to infest legitimate business systems either through threats for via network attacks, such that they are allowed to utilized these business systems in return for the business being left alone.
It's a bizarre world over there. Glad someone has taken the lead to uncover these freaks.
Russia: Cancel/Allow?
Thanks for throwing more info: I got as far as looking at 41173 from ATT and Linx looking glass yesterday and looking at RIPE records. Did not really trace it as I had to go and do other stuff.
Yes, it does look like that, though my guess will be that the actual location is not in Russia. There are plenty of countries with democractic (that can be optionally put in quotes) regimes between Russian And Europe which are considerably more friendly to shady business than mainland Russia nowdays. Their officials are also cheaper to bribe. So quite a lot of Russian business (both shady and legit) has been moving out there.
In addition to that 20ms out of Prague will actually put it in Eastern Europe, not in Russia "proper".
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Note to mods: parent is insane, not insightful.
To have a right to do a thing is not at all the same as to be right in doing it
I am, and always will be, an idiot. Karma: Coma (mostly effected by