[Emerging-Sigs] Status of RBN Block list?

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Oct 12 17:46:15 EDT 2010

On Oct 12, 2010, at 3:12 PM, Clauson, Neil wrote:

> It seems that the Russian Business Network rules haven’t been updated since August:
> #  VERSION 193
> #  Updated 2010-08-11 15:26:56

That is correct. This is manual research, we update when the group that does so has an update. I think we'll probably see an update in the not too distant future. 

> I’ve had a fair amount of success using this list to identify machines infected with “dumb” malware, despite the occasional false positive (i.e. an internal user tries to get to a non-malicious site that’s hosted on the same IP address.)  More often than not, though, it’s been pretty accurate.

Glad they work well! I see similar positive results. 

> I checked the new rules repository and didn’t find ANY rules for RBN, SpamHaus DROP, BotnetCC, etc.  Am I just looking in the wrong place?

They're in the tarball. I did not copy them to the open dir. If that'd be useful I'm happy to set that up.


> Thanks!
> Neil
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html

Matthew Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101012/04734c8e/attachment-0001.html

More information about the Emerging-sigs mailing list