Jump to content

Cyber warfare (split from War Games: Russia Takes Ukraine, China Takes Taiwan. US Response?


Recommended Posts

Posted
23 minutes ago, Steve81 said:

https://www.cfr.org/blog/russias-war-against-ukraine-catalyzing-internet-fragmentation?amp
 

An interesting read on the cyber aspect, which got me thinking… If ICANN is unwilling to act, there seems precious little that could stop the US and it’s allies from utilizing Geo IP Filters to cut off access to Russia, and anyone unwilling to do the same.

That might make an interesting discussion on where does one agree with adversaries not to weaponize the internet. 

Posted (edited)
23 minutes ago, StringJunky said:

That might make an interesting discussion on where does one agree with adversaries not to weaponize the internet. 

I’d say it’s not really possible to come to a meaningful agreement. There’s no good way to differentiate between the actions of a malicious private hacker collective, and another similar group that just so happens to have state sponsorship. It’s a problem of plausible deniability.

OTOH, it makes a pretty convenient stick to use against a nation that a good chunk of the developed world thinks is acting barbaric. It also hampers their attempts to wage a cyber-campaign against us, as an added bonus.

Edited by Steve81
Posted
2 hours ago, Steve81 said:

https://www.cfr.org/blog/russias-war-against-ukraine-catalyzing-internet-fragmentation?amp
 

An interesting read on the cyber aspect, which got me thinking… If ICANN is unwilling to act, there seems precious little that could stop the US and it’s allies from utilizing Geo IP Filters to cut off access to Russia, and anyone unwilling to do the same.

Wouldn't bad actors just use VPN to step around Geo IP filtering?

 

Posted (edited)
4 minutes ago, TheVat said:

Wouldn't bad actors just use VPN to step around Geo IP filtering?

 

Not under this idea. If everyone on board with my proposal blocks everyone who isn’t, there’s nowhere a Russian could VPN to that will have access. They’d have to physically travel to a place that isn’t blocked.

Edited by Steve81
Posted

Thanks, I wondered.  So if I run my VPN through Switzerland or Sweden and those countries sign some MoU on IP filtering, then I'm blocked.  Unless I move to Gibraltar or Panama  or some other haven. 

Or I'm Ed Norton in Glass Onion and I do all my business through a fax machine.  😀

Posted
4 minutes ago, TheVat said:

Thanks, I wondered.  So if I run my VPN through Switzerland or Sweden and those countries sign some MoU on IP filtering, then I'm blocked.  Unless I move to Gibraltar or Panama  or some other haven. 

Or I'm Ed Norton in Glass Onion and I do all my business through a fax machine.  😀

Exactly 😄

I actually decided to bring this up with my boss as work regarding our clients; afaik we don’t do this kind of filtering currently. Given that dentists aren’t exactly international conglomerates, may as well block everyone else. Couldn’t do that at my old job because we did international development, so we had people all over the globe.

Posted (edited)
9 hours ago, Steve81 said:

I actually decided to bring this up with my boss as work regarding our clients; afaik we don’t do this kind of filtering currently. Given that dentists aren’t exactly international conglomerates, may as well block everyone else. Couldn’t do that at my old job because we did international development, so we had people all over the globe.

Search engine crawlers use thousands of computers with foreign IP addresses.. If you block them, your e.g. Google rank will drop and you won't get new real customers who searched for you through Google, Bing, DuckDuckGo, etc.

 

10 hours ago, TheVat said:

Wouldn't bad actors just use VPN to step around Geo IP filtering?

Hackers don't use VPNs. They intercept civilian, corporate and government computers and then use them to transfer data. For VPNs you have to pay, give your name, surname, address, credit card details etc. The intercepted computer is free.

Edited by Sensei
Posted (edited)
43 minutes ago, Sensei said:

Search engine crawlers use thousands of computers with foreign IP addresses.. If you block them, your e.g. Google rank will drop and you won't get new real customers who searched for you through Google, Bing, DuckDuckGo, etc.

Thanks for the info! Does this really apply for the case of dentists, where the search term is something along the lines of “dentists near me” ?

Edited by Steve81
Posted (edited)
37 minutes ago, Steve81 said:

Does this really apply for the case of dentists, where the search term is something along the lines of “dentists near me” ?

The search engine, after typing a keyword, only searches a previously created database. A crawler is a special server with scripts/programs installed that periodically visits websites and builds a database. How often it visits (downloads) depends on the website. It can range from once a day, to even thousands of times a day. If it is unable to visit the site, this is noted in the database. If it repeats itself frequently (e.g., because you have blocked its IP addresses, or the server is down), it affects the ranking and the ability of new customers to find you by keywords on the Internet.

 

The IP address ranges of Google's crawlers are well known.

https://www.google.com/search?q=google+crawler+ip+addresses

They are listed on Google's website.

https://developers.google.com/search/apis/ipranges/googlebot.json

 

Here's the story of what happened to the guys who blocked Google's robot IP addresses

https://support.google.com/webmasters/thread/134144346/block-google-ip-by-mistake-in-server-and-now-getting-indexing-request-rejected-issue?hl=en

 

And general:

https://www.google.com/search?q=what+will+happen+if+you+block+google+crawler

 

For legitimate search engines, you can block them in the robots.txt file on the server. This is often done for some special pages that should not be indexed.

https://en.wikipedia.org/wiki/Robots.txt

(however, 3rd party search engines, hacker's crawlers, can and will ignore it)

 

You can identify the "bad guys" by putting a line in the robots.txt file that disallows some strange path names, and see that they used them.

If somebody scanned your server via "nmap", you can identify their IP and block.

If somebody tried to connect to ssh 22 port or so, and brute force tried to login to SSH, you can identify their IP and block.

Edited by Sensei

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.