The Twitter Outage: Is It Time To Start Blocking IP Addresses by Country?

The developing story about Thursday's massive across-the-Internet denial-of-service (DoS) attack that crippled Twitter, YouTube and other sites with outages may be the result of some international beef.

Security experts are pontificating about the possibility of a deliberate attack by Russian hackers to cyber-target a blogger from the former Soviet nation of Georgia ib an effort to block the social networking tools that blogger uses to prevent his message from getting out. Many are seeing this as a plausible possibility given the ongoing tensions between the two countries.

It's almost becoming a cliche -- the Russian hacker. Yet, there is no denying it: In countries where poverty, government corruption and substandard livable wages run amuck and where technological-savvy runs high, you are looking at the perfect storm in creating a lucrative cottage industry of cybercrime.

Especially interesting is the way in which this particular DoS attack was meted out. Usually, DoS attacks are a blitzkrieg of thousands of machines flooding a targeted site with IP packets, resulting in traffic overload. There are a number of defenses to ward off these types of attacks.

However, in this case, security experts are pointing to "posts-by-emails" as a cause of this attack, a different tactic than found with traditional DoS threats. One expert in an interview with The New York Times said this attack was the result of a wave of spam e-mails.

Many bloggers are asking the logical question: Just how does e-mail take down a Web server? Consider how many of these sites a user can post messages to via e-mail -- usually with a cell phone -- and it starts to seem like a possibility.

If this is proven to be the case, it's a clever DoS attack. International hackers are becoming more innovative and more aggressive.

Who can forget the recent penetration of the United States' national power grid, again carried out by Russian hackers? In all fairness though, let's not just focus on Russian cybercrime. We are constantly seeing threats in the Test Center's security test bed from China, Korea, Indonesia.

So, the question arises, if a business has no dealings with a nation that is notorious for cybercrime, should IP traffic from that particular region be blocked from entering a network?

It's something that may be possible. The Web site blockacountry.com allows users to create an htaccess file to block IP addresses coming from a specific country. Note that we have not tested it out in the Test Center lab. Other developers are creating solutions that do data mining and processing of data by country, networks and subnets. This data is then output to a specific format that allows on-the-fly blocking of IP traffic, based on location. It's an extreme resort, but if sites are rendered useless and, in particular, if businesses begin to lose precious revenue because of downtime, it's one that some may begin to consider.

In the meantime, security vendors and hackers will keep doing the cat and mouse thing, one trying to stay a step ahead of the other. Perhaps, though, a good look at the human reasons behind why these types of attacks are occurring rather than always focusing on the technical ones would be another good method of defense.

Tweet

   

More Security