Anti Phishing Tools
RBN - Refuse Bad Network - (updated 2007-11-20)
 
 
Protection against... Detection... Ease to install
User usage
(green=easy)
  funds transfert simple phishing MITM phishing ISP pharming trojan keylogger advanced trojan before-fraud after-fraud
           
N/A
N/A
 
 

Goal : prevent customer's computer from disclosing confidential data to cybercriminals.
Installed by : companies and/or ISP

There are some networks and adress ranges widely known as being part of cybercrime scheme. We offer in this solution an easy way to prevent computers from sending confidential information to malicious servers hosted on those bad network blocks.

This solution is very easy to deploy whether it's installed in a company or in an ISP but the main difficulty will be to convince the Internet Providers to add this security feature. Indeed, most ISP still keep the position that they're not here to provide security features but ONLY an Internet hose. On this point, ISPs should better look at the outage caused on their network by those adresse ranges. Bots are controlled by the command&control server and, most of the time, bots are used to conduce mass spam campaign, DDOS attacks, scan&infection. All those malicious activities impact the bandwidth offered by ISP. And now, what do ISP think if we consider that most of C&C are hosted on the same adresses ranges ???



Autonomous System filtering

-----
ip as-path access-list 20 deny _40989_
ip as-path access-list 20 deny _34883_
ip as-path access-list 20 deny _41731_
ip as-path access-list 20 deny _41173_
ip as-path access-list 20 deny _20807_
ip as-path access-list 20 deny _28866_
ip as-path access-list 20 deny _34596_
ip as-path access-list 20 deny _39848_
ip as-path access-list 20 deny _41108_
ip as-path access-list 20 deny _41181_
ip as-path access-list 20 deny _41187_
ip as-path access-list 20 deny _42533_
ip as-path access-list 20 deny _42577_
------

# AS20807 Credolink ASN Credolink ISP Autonomous System St Petersburg*
# AS28866 AKIMON AS Aki Mon Telecom*
# AS34596 CONNECTCOM ConnectCom Ltd Autonomous System
# AS39848 DELTASYS Delta Systems network*
# AS40989 RBN AS RBusiness Network*
# AS41108 OINVEST AS Online Invest group LLC*
# AS41173 SBT AS SBT Telecom*
# AS41181 RUSTELECOM AS Rustelecom AS*
# AS41187 MICRONNET AS Micronnet LTD*
# AS41731 NEVSKCC AS NEVACON LTD*
# AS34883 Eltel2
# AS42533 DELFANET-AS
# AS42577 PSKOV-AS

Adresses range filtering



access-list RBN deny 81.95.144.0 0.0.15.255
access-list RBN_CUST deny 194.146.204.0 0.0.3.255
access-list RBN_CUST deny 195.114.8.0 0.0.1.255
access-list RBN_CUST deny 80.70.224.0 0.0.15.255
access-list RBN_CUST deny 81.84.16.0 0.0.15.255
access-list RBN_CUST deny 193.238.36.0 0.0.3.255
access-list RBN_CUST deny 193.93.232.0 0.0.3.255
access-list RBN_CUST deny 195.64.162.0 0.0.1.255
access-list RBN_CUST deny 195.114.8.0 0.0.1.255
access-list RBN_CUST deny 195.114.16.0 0.0.1.255
access-list ELTEL2 deny 85.249.20.0 0.0.3.255
access-list OTHER permit any any

Curious reader can also have a look here