I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam –>[in my most-convincing whiner voice] Can’t we all just get along?<–
Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from the Chinese who tend to just block attackers, or the Americans, who never even notice an attack is taking place (ha, don’t get mad, I’m a proud American myself).
Here’s an interesting illustrative example. A short time ago, my IDS detected some probes against some of my servers. Nothing serious, just scans and a few brute force password attacks. It must have been a slow day because I began probing back. Again, nothing serious. Just peeking at where the attack was coming from and spraying a few decoy packets back at them while I probed their services. Turns out the attack was coming from Russia and as I probed back, the attacks intensified.
I began probing harder even launching a few DoS processes to slow things down while scanning services, firing up Metasploit to search for known vulnerabilities in the odd services I ran across, netcat for raw connections to target ports in order to probe a bit deeper, all while running two attacking machines through various VPNs to direct the traffic around different parts of the planet. As expected, the Russians fought back. Before long, the counter-attacking geographic area looked like this:
Yeah, the counter-attack was pretty much coming from all over Russia (can you say “government-sponsored botnet”) and centered around Moscow. Here’s a tighter view of the attackers geographic location. Look hard. All those little yellow dots are attacking machines. How cool is that!?!
And here’s the top attacking IP addresses (if you see your IP address in the list, you might want to run a virus scan on your machine).
I’ve seen this response many times before even to the point of massive incoming traffic overloading my home connection, shutting of television signals and IP phone reception. It’s an interesting response, albeit not particularly effective (except for the part about killing my connection of course), but one that I often wonder why it isn’t used by the United States. At least their response lets me know they’re paying attention with enough emphasis to convey it could be a much harsher response if I get on their nerves.
Again, I love the Russians.