Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

Profile of the Russian Business Network 180

The Washington Post has an article detailing what is known of the workings of the Russian Business Network, a shadowy entity based in St. Petersburg that hosts a good fraction of the world's spammers, identity thieves, bot herders, and phishers. RBN is not incorporated anywhere and may not technically even be violating Russian law. It provides "bulletproof hosting" for about $600 a month to a wide range of bad guys.The author of the Post story, Brian Krebs, supplements it with two blog posts. One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results. The other post maps some of the RBN's upstream suppliers and details the extent of the RBN's involvement in recent cyber-attacks: "Nearly every major advancement in computer viruses or worms over the past two years has emanated from or sent stolen consumer data back to servers" in the RBN.
This discussion has been archived. No new comments can be posted.

Profile of the Russian Business Network

Comments Filter:
  • I'm hoping the next Slashdot story on this topic is that some drunk driver crashed a propane truck into the RBN datacenter hehehe. Or maybe a nuclear plant will just blow up within close proximity to it lol. Seriously, there's a lot of bad things that could happen to it in Russia! Here's to hoping something does!
  • I've been away (Score:3, Insightful)

    by 42Penguins ( 861511 ) on Saturday October 13, 2007 @09:19PM (#20970547)
    are we for or against data havens these days?
    • Re:I've been away (Score:5, Insightful)

      by RsG ( 809189 ) on Saturday October 13, 2007 @09:24PM (#20970575)
      Depends on what they're a haven to, now, doesn't it?

      Put another way, anonymity and secrecy can be used for good - anyone living in an oppressive country can attest to that. Or it can be used to send "3n1arg3 y00r p3nis" spam en masse. I think we can agree on the idea that the existence of data havens is a potential godsend, but the misuse of those havens is a huge headache.
      • Re:I've been away (Score:5, Insightful)

        by Anonymous Brave Guy ( 457657 ) on Saturday October 13, 2007 @11:51PM (#20971241)

        I think we can agree on the idea that the existence of data havens is a potential godsend, but the misuse of those havens is a huge headache.

        I'm not sure I'd even agree with that. I am pretty much a pragmatist when it comes to on-line anonymity: I think it is, on balance, overwhelmingly a bad thing. Much the same arguments apply to data havens.

        Sure, these things can theoretically protects discourse, investigative journalism, whistle-blowing and such in an undemocratic society. However, practice is a long way from theory, and on-line "anonymity" is a long way from on-line anonymity. Does anyone really believe, despite the fact that I post under an alias here, that from a technical perspective my government could not track a post back to me if it really had sufficient motivation to do so? Does anyone really believe that if I had sufficiently sensitive information and stored it on a system hosted in one of these less legally restrictive regimes that the Powers That Be could not track it down and take steps to contain it?

        Meanwhile, we have spammers, phishy types such as identity thieves and credit card fraudsters, deceptive folk like inside traders and corporate PR plants, copyright infringers, and countless other people basically abusing a near-anonymous Internet identity and data centres like the one in this article to further their own interests, often at the expense of others... and getting away with it, because no-one has the resources to stop them all reliably.

        For what it's worth, I don't like this position. I appreciate the value of free communications, and I'm well aware of the inhibition imposed by having to put your name to something, and the damage this can do in extreme cases. But I also appreciate the value of privacy, and of being left to mind your own business without constantly having to defend yourself from attacks. Until society grows up, learns not to trust information or offers from anonymous sources, and learns to respect sensitive information — and it has a very long way to go to reach that point — I think we'll do a lot better if people on the Internet are not effectively placed above the law and not held accountable for their actions.

        • Re: (Score:2, Insightful)

          by superwiz ( 655733 )
          Umm, a "copyright infringer" might argue that our copyright laws have been hijacked by private interests and are no longer serving the public good (as the Constitution mandates). Thus he might argue that an anonymous copyright infringement might be an act of civil disobedience. So he would view the ability to do it anonymously precisely as an act of opposing an oppressive government.
          • Re:I've been away (Score:5, Insightful)

            by Em Adespoton ( 792954 ) <slashdotonly.1.adespoton@spamgourmet.com> on Sunday October 14, 2007 @01:38AM (#20971707) Homepage Journal
            I'm sorry, but civil disobedience usually involves getting intentionally caught and punished for doing something that should not be wrong, thereby bringing public attention to the issue. Anonymity is useful for practising freedoms denied by your government, but it doesn't enable true civil disobedience.
            • Re:I've been away (Score:4, Interesting)

              by superwiz ( 655733 ) on Sunday October 14, 2007 @01:50AM (#20971739) Journal
              I was thinking more of civil disobedience as preached by Thoreau in "Civil Disobedience". It is not necessary to practice civil disobedience as a statement. It can be practiced for the sole purpose of non-violently opposing the corrupt regime. To quote the Wikipedia entry, "Voting for justice is as ineffective as wishing for justice; what you need to do is to actually be just. This is not to say that you have an obligation to devote your life to fighting for justice, but you do have an obligation not to commit injustice and not to give injustice your practical support." As such, practicing civil disobedience anonymously is actually more effective because after not getting caught you get to practice it again.
              • by sjames ( 1099 )

                Exactly. More practically, as more people anonymously practice civil disobediance, larger and larger groups of people who obviously won't report another's disobediance form. Eventually it becomes large enough that people whose only interest in disobediance is practical feel safe as well since so many around them have a strong interest in not turning them in.

                As the police in many cities have discovered after years of eroding community trust, effective enforcement of any law depends on citizen reports. Once

            • I'm sorry, but civil disobedience usually involves getting intentionally caught and punished for doing something that should not be wrong

              The Boston Tea Party [wikipedia.org] was done anonymously.

              Secondly, the The Federalist Papers [wikipedia.org] were released under pseudonyms by the US constitution writers.
          • Thus he might argue that an anonymous copyright infringement might be an act of civil disobedience.

            One might argue that a government that doesn't like an individual court ruling in another country should drop a tactical nuke on the courtroom as well, but it would demonstrate a remarkable lack of appreciation for when a last resort outside the normal system is justified and a complete loss of perspective on the significance of the offending action.

            • The scenario you suggest crosses more lines than the one I suggested. It not only crosses the line of appreciation for when a last resort is justified but it also crosses the lines of what type of last resort is acceptable in a civil society. Civil disobedience is generally an acceptable form of behavior in a civil society and as such does not deserve to be compared to military action.
              • Civil disobedience is generally an acceptable form of behavior in a civil society and as such does not deserve to be compared to military action.

                I disagree. There is a direct parallel between civil disobedience and military action. Obviously the consequences are different, and usually more serious in one case than the other, but nevertheless the same underlying principle applies: you are placing yourself above the normal rules that everyone else follows, and essentially adopting a might-is-right policy because you believe you can get away with it/history will be on your side/whatever. You write "civil society" a lot. I suggest to you that a civil

                • disagree. There is a direct parallel between civil disobedience and military action. Obviously the consequences are different, and usually more serious in one case than the other, but nevertheless the same underlying principle applies
                  Some underlying principles are the same. Just because one abstraction applies doesn't mean it's the only one.
        • "FTA ....and [RBN] may not technically even be violating Russian law."

          This has nothing to do with resources or having sufficient desire to act. RBN possibly hasn't broken the law in Russia, therefore neither the Russian government nor any other country has the right to punish them for what they are doing. OK, perhaps Russian law needs changing but, until then, they are not criminals (unless of course they have previous convictions. :-) Those using RBN's network to carry out crime are criminals but if no-one is raising a complaint then the police are unable to act against

          • by h4rm0ny ( 722443 )

            This has nothing to do with resources or having sufficient desire to act. RBN possibly hasn't broken the law in Russia, therefore neither the Russian government nor any other country has the right to punish them for what they are doing.

            I am not a country, nor do I define my rights in terms of what any country says is legal or not. My life is negatively impacted by the quantity of spam I get, both directly, and because it impedes other people I know or work with as well. I have every right to respond to d

            • I get even more disturbed when I hear individuals defining what is right or wrong based on their own whims. When you take the law into your own hands, you become a vigilante. That is also against the law in many countries, including probably your own. You have become no better than those you wish to punish. Don't dress it up by explaining how you think that you are justified, or by claiming that it requires some l33t hacker to come and save the world on your behalf. You are thinking, and wanting to act,

        • Appropriate signature.
          • The point is that I don't believe that Internet anonymity does do much to protect freedoms in practice. If you like, I don't regard it as what Franklin famously called "essential liberty". If it were actually effective in this regard, I would be far less willing to sacrifice it, but as I said, on this issue, I'm a pragmatist.

        • by mickwd ( 196449 )
          "I am pretty much a pragmatist when it comes to on-line anonymity: I think it is, on balance, overwhelmingly a bad thing."

          ....says Anonymous Brave Guy" [slashdot.org]

          Why not practise what you preach ?

          Especially from someone claiming to be brave.
          • Why not practise what you preach ?

            If you mean why don't I post here under my real name, then it's for the same reasons that I noted in my final paragraph. But there is a distinction between letting the legal authorities in a country track down those who are committing crimes and using the Internet as a shield to avoid being held accountable, and putting all my comments out in the open for anyone to see in a world where data mining, personal profiling, lawsuits based on the fact that you breathe air, and anything-in-the-name-of-profit corp

      • I think we can agree on the idea that the existence of data havens is a potential godsend, but the misuse of those havens is a huge headache.
        It's just another variation on the widely misunderstood meme that "freedom isn't free." The bad is always the price of the good.
      • Put another way, anonymity and secrecy can be used for good - anyone living in an oppressive country can attest to that.

        Yeah. Anonymity sucks when it comes to spam and trolls.
        But when you are being beat and/or shot for things you said by the powers that be, you're going to be missing it badly.
        All one has to do is turn on the TV [bbc.co.uk] and see why we must have the ability to publish anonymously at all times.

        Remember, then they have come [wikipedia.org] for everyone who has already spoken out publicly, the only people left to spea
    • by 1u3hr ( 530656 )
      are we for or against data havens these days?

      A joke, but raises a serious point.

      A "haven" is a safe place to put things (eg private data you want limited access to, or controversial data you want to make available). Not a safe place to launch attacks (DDOS, spam, etc) from.

      This is the kind of slide -- equating those who want privacy with spammers/terrorists/pedophiles/vegetarians/Muslims -- that authoritarians use to justify violating said privacy.

  • by Wonko the Sane ( 25252 ) * on Saturday October 13, 2007 @09:21PM (#20970557) Journal
    The Spamhaus project has a list of Russian Business Network addresses [spamhaus.org], for what it's worth.

    I wonder if anyone has every found a remote exploit that will get past iptables -j DROP recently.
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Another [blogspot.com] good source of information.
    • by SIGBUS ( 8236 ) on Saturday October 13, 2007 @11:56PM (#20971263) Homepage
      RBN addresses (and assorted other nasties) are also listed in the Spamhaus DROP [spamhaus.org] (Don't Route Or Peer) list. IMO, it's a useful thing to drop (pun intended) into your firewall...
    • by apachetoolbox ( 456499 ) on Sunday October 14, 2007 @12:57AM (#20971557) Homepage

      # Russian Business Network
      $IPTABLES -A INPUT -s 81.95.144.182/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.149.171/32 -j DROP
      $IPTABLES -A INPUT -s 58.65.239.66/31 -j DROP
      $IPTABLES -A INPUT -s 81.95.144.3/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.149.27/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.149.181/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.149.178/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.156.0/22 -j DROP
      $IPTABLES -A INPUT -s 193.93.235.5/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.149.110/31 -j DROP
      $IPTABLES -A INPUT -s 81.95.148.18/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.148.130/31 -j DROP
      $IPTABLES -A INPUT -s 81.95.148.132/31 -j DROP
      $IPTABLES -A INPUT -s 81.95.153.243/32 -j DROP
      $IPTABLES -A INPUT -s 81.95.147.202/31 -j DROP
      $IPTABLES -A INPUT -s 81.95.144.0/20 -j DROP
      $IPTABLES -A INPUT -s 195.114.16.0/23 -j DROP
      $IPTABLES -A INPUT -s 195.64.162.0/23 -j DROP
      $IPTABLES -A INPUT -s 84.45.90.141/32 -j DROP
      $IPTABLES -A INPUT -s 88.201.208.0/20 -j DROP
      $IPTABLES -A INPUT -s 195.64.140.0/23 -j DROP
      $IPTABLES -A INPUT -s 81.94.16.0/20 -j DROP
      $IPTABLES -A INPUT -s 85.249.23.0/24 -j DROP
      $IPTABLES -A INPUT -s 81.95.147.182/32 -j DROP
      $IPTABLES -A INPUT -s 217.118.119.26/32 -j DROP
      $IPTABLES -A INPUT -s 85.133.4.138/32 -j DROP
      $IPTABLES -A INPUT -s 213.200.79.194/32 -j DROP
      $IPTABLES -A INPUT -s 62.154.15.154/32 -j DROP
      $IPTABLES -A INPUT -s 213.200.78.66/32 -j DROP
      $IPTABLES -A INPUT -s 195.66.226.151/32 -j DROP
      $IPTABLES -A INPUT -s 213.200.80.46/32 -j DROP
      • by arivanov ( 12034 ) on Sunday October 14, 2007 @04:20AM (#20972271) Homepage
        Much easier - Autonomous system 40989.

        Networks - 81.95.144.0/22, 81.95.148.0/22, 81.95.154.0/24, 81.95.155.0/24.

        First upstream ISP - 41173 which is a provider in the Seichelles (so they either run a VPN tunnel to there or have a SAT link). So the article may be actually full of shit. I somehow suspect that they are not hopping back to Russia and the servers are outside Russian jurisdiction in the first place.

        Primary upstream transit ISP is 3257 which is Tiscali. Now this does not surprise me in the slightest. No further comment.

        Other transit ISPs are : 25577 - C4L (???), 8928 Interoute (again, this one is no surprise).

        1. It does not look like Russian hosting to me. The Russians are laughing their arse off at the inept article (and other similar musings). The servers may actually be in Europe (or on an the Seyshelles where you can do diddly squat about them).

        2. The hosting is truly bulletproof. Applause. They have most likely bought wholesale all relevant officials in a small nation telecoms operator. So all requests regarding their business activities will go straight to /dev/null. Add to that the fact that their upstream providers are not known to be particularly caring about fraud, spam and the like and the picture is complete.
        • The servers may actually be in Europe (or on an the Seyshelles where you can do diddly squat about them).

          The Seychelles? What can you do about them?

          You can encourage global warming and sea level rise. They better hope they have watertight server rooms...

          Fight spam; warm the world!
        • by anticypher ( 48312 ) <anticypher.gmail@com> on Sunday October 14, 2007 @06:00PM (#20976693) Homepage
          A little late to the thread to get modded up, but I didn't have time this morning to post my own BGP filtering route-maps to keep these malware ISPs out of my tables. AS41173 seems to be the only upstream ISP to 40989. These companies seem to be the same mysterious people, hoping to hide their identities and locations. The internet isn't that easily fooled, though.

          If you look at the RIPE and whois records for all the parties involved, this is an ISP that popped up in June of last year, apparently dedicated to hosting malware sites. Look closely at addresses and dates. Fictitious Panamanian and UK addresses with an American phone number, claims of being in the Seychelles (English spelling), again with other American phone numbers.

          Some nmap fingerprinting of their routing equipment shows this operation tends towards low budget. I've seen ISPs that were nothing more than a couple of university students who obtained an AS#, a prefix, found a BGP feed, and filled a rented a rack in a colo with some servers and a linux box running quagga. Seen from a looking glass, no difference from the big players. A good looking website regularly updated, proper whois and RIPE records, and it's very difficult for a potential client to know the ISP may go down during exams week.

          This operation seems not much more than what a couple of kids with a little knowledge could put together. The prefixes fill various spamhaus and RBL lists. Doubtful that there are any legitimate clients on those networks. This operation is the malware gangs getting a little more hi-tech, running their own ISP by buying IP transit from companies known for never turning down business. They use C4L/NetSumo, a known no-questions-asked ISP who resell an MPLS service between London and Eastern Europe, probably Interoute's.

          As for location, looking at various internal looking glasses, the prefixes seem to be hitting the internet in London then through a leased line with 70 mSec of delay, and in Prague with a sudden 20 mSec of delay. This certainly is not going through the Seychelles. My best guess would be a data centre in Russia, where bribes to local authorities gives them a certain level of immunity to lawful pursuits.

          Any reasonable ISP hoping to protect their clients from this criminal malware gang would just filter those four AS#s from their main routing tables, and save themselves a world of hurt. Better yet would be to actively blackhole those prefixes. Sure, it might fly in the face of one perfect internet, but since there is no legal remedy, internet providers need to protect themselves. Good ISPs and hosting services already filter all kinds of bogus routing information, adding a known spam and malware operation to the list is just good practice.

          the AC
      • I did the same thing last night.
        I want to combine that with iptables log analyzer. How should I log that?

        I found a couple of references but it seemed like it was logging everything even though it was not important.
  • Post some ranges (Score:3, Interesting)

    by robogun ( 466062 ) on Saturday October 13, 2007 @09:21PM (#20970561)
    I wish the article had links to the ranges so we could block this stuff.

    Although I have to say over the last ~2 weeks it's been down quite a bit.
  • by krycheq ( 836359 ) on Saturday October 13, 2007 @09:58PM (#20970725)
    From TFA:

    Danny McPherson, chief research officer at Arbor Networks, a Lexington, Mass.-based company that provides network security services to some of the world's largest Internet providers, said most providers shy away from blocking whole networks. Instead, they choose to temporarily block specific problem sites.

    "Who decides what the acceptable threshold is for stopping connectivity to an entire network? Also, if you're an AT&T or Verizon and you block access to a sizable portion of the Internet, it's very likely that some consumer rights advocacy group is going to come after you."

    First... who's saying anything about blocking "a sizable portion of the Internet"? We're talking about being able to identify bad-actors and doing something about it for a change. From some recent articles I've read, AT&T doesn't seem to have any problems blocking their users from accessing the Internet when they don't like what they're doing... they'll just drop you if they don't like you. Why do they have issues blocking real criminals from doing real criminal activities. Can anyone honestly say that these networks are hosting content that anyone legitimate would want to get to?

    If there are legit companies doing business with these guys, and maybe if the networks were blocked, or the providers refused to carry routes to those networks, they would "shy away from" doing business with the RBN. Or is that too much of a free-market approach to the problem... block the criminals, and if you're associated with them, you can't do business either. Hmmm...

    Second, as to who decides... the market decides! This is pretty cut-and-dry. If there's a company somewhere that specializes in hosting this crap, then shut it down! It will only benefit legitimate business. This is so easy... there isn't a free-speech or access issue here... nothing for anyone to get upset about. The cancer has been identified... cut it out of the body.

    The time for reactive measures is over. The article got one thing right... this problem has been allowed to grow and fester beyond the point where half-measures are going to work. $150 million is real money and it's time to take the ability for these goons to do this away from them.
    • by Torvaun ( 1040898 ) on Saturday October 13, 2007 @11:28PM (#20971121)
      Like I want AT&T to be able to decide what parts of the internet are "off-limits" to me? Like there's any reasonable way of doing this anyway? The Internet was developed with the goal of routing around broken segments in mind. This is not a problem with a market solution. This is a problem where the U.N. tells Russia to get its shit together, and stop these guys from doing things that piss off the rest of the world. Nigeria can get the same treatment. If there's some other group behind all the foreign lottery scams that are apparently being sent out by botnet, then I'd like to get them locked down too.
      • by 1u3hr ( 530656 )
        Like I want AT&T to be able to decide what parts of the internet are "off-limits" to me?

        The moment a large ISP like AT&T starts blocking theior IP ranges, they'lll move them. They have control of millions of bots throughout the world, they could use totally dynamic, ever-changing IPS if necessary. And the IPs blocking would just create enormous collateral damage.

        Though on a small scale it can work, blocking is ultimately futile. It's like trying to prevent someone telephoning you by blocking the

        • by jmorris42 ( 1458 ) *
          > The moment a large ISP like AT&T starts blocking theior IP ranges, they'lll move them.

          Not so fast with the doom and gloom "we can't win" attitude. Yes we CAN if we decide we WANT to. Almost every scam on the Internet depends on a 'bulletproof' host somewhere. Yes they hijack Windows PCs, yes they now use P2P for C2 but eventually most of these scammers are driving somebody to a website or they have to collect the stolen keystrokes. Bulletproof hosting is real and it is a real problem. If we pu
          • by 1u3hr ( 530656 )
            If we put an "Internet Death Penalty" on any ISP providing such hosting it would stop.

            Then they'd Joe Job opponents, rivals, or just random ISPs to make them look guilty. This ISP is sleazy, but many others could be used unwittingly.

    • As I see it... (Score:4, Insightful)

      by SIGBUS ( 8236 ) on Sunday October 14, 2007 @12:00AM (#20971297) Homepage
      IMO, I'd rather do the blocking myself than have AT&T do it for me. That being said, I don't hesitate to block RBN traffic.
    • In general, a set of self clearing timed rules based on heuristics require less maintenance and mistakes are mostly self correcting. Hard RBL based rules put you at the mercy of whoever compiles the RBL and mistakes can linger for a long time. One issue being that you cannot even tell whether there is a mistake if connectivity is completely dropped for example.
  • RBL-XBL (Score:5, Insightful)

    by flyingfsck ( 986395 ) on Saturday October 13, 2007 @10:00PM (#20970737)
    It makes a lot of sense to use the Spamhaus RBL to block things in a firewall. If a site is black listed for sending spam, then I don't want any traffic from that site, not email, not web traffic, anything. However, I am not aware of a system that ties an iptables DROP rule to an RBL.
    • by blhack ( 921171 ) *

      It makes a lot of sense to use the Spamhaus RBL to block things in a firewall. If a site is black listed for sending spam, then I don't want any traffic from that site, not email, not web traffic, anything. However, I am not aware of a system that ties an iptables DROP rule to an RBL.

      why don't you write one....isn't that the whole point of OSS?
      from the 30 seconds that on spamhaus.org, it looks like they let you download the entire list for a fee.....so...just grab the list and write yourself a perl script to generate iptables rules...

      all in all it should take you about 5 minutes to build a "system" do to this.
      Giving it a nice web GUI should take about 15.

    • Re: (Score:2, Informative)

      by Anonymous Coward
      Regarding spamhaus, there's the DROP list http://www.spamhaus.org/drop/ [spamhaus.org] plus a perl script http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ#116 [spamhaus.org] to turn that list into route commands which block those networks. If it has to be iptables for you, the script shouldn't be too hard to customize.
  • It deals with a security administrator at a mid-sized U.S. based Internet service provider who decided to block RBN from reaching his customers. John declined to use his full name for a stated fear of physical and/or digital reprisals by RBN's clients against him and his employer.

    His name's Doe. John Doe. He's easy enough to find. (Or at least that's what his toe tag will say once RBN is finished with him)

    Part of the problem is that their activities bring in hard currency. Also, the local authorities p

  • One provides more detail and back story including a look at one ISP's security admin who decided last summer to ban all RBN traffic from his network, with outstanding results.

    If this was not a network in Russia, but oh, say AOL, the fact that lots of its hosts were bots for the bad guys would not change the fact that banning the whole network is censorship. But, of course, all Russian businessmen are mobsters, right? So it's Ok to do this to a network in Russia. Right! How is this article missing a censorship tag?

    Yeah, yeah, let's get funny with all the "in soviet blah, blah, blah." If you don't think you are being suckered into the new xenophobia based on old world para

    • by JoshJ ( 1009085 )
      I'm just waiting for the /. Libertarian crowd to insist that they have every right to spam, that it's a viable business model, that the "free market" should be allowed to do whatever it wants, etc. After all, there's really not much difference between spam ads and an ad on a page- consider the following:
      1. The advertisement is unsolicited.
      2. The recipient is forced to expend his/her bandwidth on the ad.
      3. Dealing with the advertisement (deleting it, blocking it, clicking through it if it's an interstitial)
      • Umm, what the?.. My post was pointing out the obvious xenophobia. What does that have to do with the economics of spamming? A true libertarian would have to think pretty hard about where the spam line drawn because he would have to remember that everyone has (or should have) the right to enjoy one's property. But why derail my comment in this direction?
        • by JoshJ ( 1009085 )
          Ah, I didn't really read into the xenophobic side of your argument, but the censorship side.
  • by superwiz ( 655733 ) on Sunday October 14, 2007 @12:01AM (#20971305) Journal

    There is a good line in Dune -- "You control a mentat by controlling his information." The religious crowd is easily aroused by "think of the children." Apparently, the slashdot crowd needs to hear "think of the spam." This is how the world network for all-to-free an exchange of information will be fractured. You just need to find a hot-button issue for every crowd and they'll scream for the separation along national borders on their own (thinking it's their own idea).

    A good number of the posts so far propose blocking Russia altogether. Because there is no "business" done with Russia. Aha. But that means no Russian news. No access to chats with Americans for Russians. Hell, the new Russian order couldn't dream of a better situation. Not only do they get not to have their citizens interact with Americans freely, but they also don't have to be the bad guys in it. The Jefferson quote states that giving up freedom for a little bit of security will cause one to lose both. But why go that far? "little bit of security" is not even necessary as the price. Apparently a little bit of expediency is enough.

    It's censorship and xenophobia even if you can make a Yakov Smirnoff joke of it. Sorry, but this time, the boogie man is you!

  • by Anonymous Coward on Sunday October 14, 2007 @01:52AM (#20971749)

    Although the RBN are certainly bad guys, Slashdotters should pls resist the tendency to assume that all the bad guys are nasty, foreign types. Most of the bad guys - for example spammers - as usual, are home-grown.

    Of the 133 worst spammers on the Spamhaus ROKSO list, the vast majority of the worlds worst spammers are from the USA, followed after a big gap by nasty foreigners from Israel, Ukraine, China and yes Russia too:

    See: http://www.spamhaus.org/rokso/index.lasso [spamhaus.org]

  • I just imported that list to drop all.
    I am going to set up the log analyzer and see how effective it is.

    I still have some issues with getting it to log properly.
    By default everything is accepted, except the drop list.
  • RBN's Netblocks (Score:3, Informative)

    by paulmer2003 ( 922657 ) on Sunday October 14, 2007 @02:51AM (#20971947)
    # Russian Buisness Network et al. As listed from spamhaus.org on 10/14/2007 81.95.144.182/32 81.95.149.171/32 58.65.239.66/31 81.95.144.3/32 81.95.149.27/32 81.95.149.181/32 81.95.149.178/32 81.95.156.0/22 193.93.235.5/32 81.95.149.110/31 81.95.148.18/32 81.95.148.130/31 81.95.148.132/31 81.95.153.243/32 81.95.147.202/31 81.95.144.0/20 195.114.16.0/23 195.64.162.0/23 84.45.90.141/32 88.201.208.0/20 195.64.140.0/23 81.94.16.0/20 85.249.23.0/24 81.95.147.182/32 217.118.119.26/32 85.133.4.138/32 213.200.79.194/32 62.154.15.154/32 213.200.78.66/32 195.66.226.151/32 213.200.80.46/32
  • The FBI seems to have all kinds of time to spy on Americans [google.com], in the operation that started even before 9/11/2001 [google.com]. Not so much time to listen to reports that Qaeda suicide bombers were learning to fly [google.com], but not land, jumbo jets.

    But the FBI, even though part of its job is to protect Americans from the Russian mob(s) [google.com], doesn't seem interested in that sitting duck den of thieves. They're pretty industrious over at FBI, but they aren't protecting Americans from some of the most common crimes that rob people's life
  • by madsheep ( 984404 ) on Sunday October 14, 2007 @03:32PM (#20975751) Homepage
    I have see a few posts that seem to zero in on RBN and SPAM. Unfortunately, if you read the article or at a slightly familiar with RBN, you would know it's a whole lot worse than that. An extremely large and extremely disproportionate amount of the hosts in the RBN ranges house malware, virues, trojans, command and control sites (for bots), and child pornography -- in addition to the SPAM issues. It really is a bad place on the Internet; one of if not he worst. If you are at an organization where you can block them, you should if not at least check your logs and see if your hosts are going there and why.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...