Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 5

Blocking IP Addresses

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

All right, despite being connected to a monstrously gigantic battery my mevo ran out part way through the broadcast so quick little flip and here we are back with an alternative Source off. The iPhone direct should be easier, please hopefully just a just a picture here. No, I don't want weird emojis.

I'll get it some other saying I just to restart real quick and I am coming to you live from San Francisco. I'm out here for the RSA USA conference and we kicked off of the pre day yesterday on myself and Andrew. Hay from Leah security. We hosted a full day seminar focus on ransomware destructive attacks.

We had a great lineup of speakers in the associate District Attorney General all the way to a special guest appearance by malware Tech blog who actually was the one who sunk off the wannacry domain. I'm in random some legal trouble for it, but it was a great day. Lots of great talks.

I'm going to wrap that up in a separate video that I'll post you on social and when I want to dive in This morning is actually what's happening with telegram in Russia. So telegram is a secure and and encrypted messaging service and I'm not sure where it ranks with the current options for end an encrypted Services.

BFF is a boat to if they haven't already updated the scorecard for encrypted services, and I'm so you can get an idea of what the vulnerabilities in the challenges are within that organization time or within that time choice and within an ecosystem. But at the end of the day, they have gotten telegram has gotten in trouble with the Russian government.

The Russian government has bands at service within that country. I am now that's a whole different discussion as far as whether that's a you know, the ups and downs of banning specific services in countries and things like that. That's not what I'm going to dive into today. What I wanted to talk about real quick was actually one of the methods win this escalated.

So we had the Russian government saying telegram should not be available to our users within the country telegram. I were actually asking With the Russian government asking for access to our conversations happening on telegram telegram said no Russian government said, okay, you're not going to be available to provide service to our citizens and then they banned the service as it was configure telegram made some adjustments to the technical delivery of their service and then they mainly what they did was they started a route conversations through awrs and through on the Google Cloud platform right there with the cloud provider.

They set up a bunch of systems and they started routing traffic through there. Interesting enough and the Russian government has taken the step to then ban millions of IP addresses associated awsm associated with gcp. Now I made of yours has a GitHub Repo Man an API call where you can actually get the latest set of IP addresses are using for all their services same with Google on August Lee.

You can't have a cloud service without having a number of things on those eyepiece. And I'm so it's a dynamic IP assignment on those eye peas are recycled quite quickly and why I want to talk about this wasn't so much the nation-state ankle wasn't the Banning of encrypted Services angle, but it was the defensive mechanism of actually trying to ban a service-based on the IP is coming in in this day in age that is a very crude tool to use but unfortunately, it's only or the only one that a lot of folks have available to them.

What ends up happening now is as we're seeing from The Fallout reported in the tech news right now is a whole bunch of collateral damage has happened in the Russian band. So Seeing the fact that there is other services that we're running a Native Alaskan ngcp that are no longer available in the country because they've been banned by being a part of these IP blocks and that's really where this sort of the crude analogy comes in.

It's not a scalpel. It's very much a blunt, you know Sledgehammer instead. I am in this day and age. We need to move our security office tax. We need to be doing for trying to prevent your organization from reaching this particular service or you're trying to defend yourself against a DDOS attack or you're just like no matter what you're trying to defend yourself against if it includes Banning access from external entities into your network IP address is probably not going to cut it anymore.

We know and that some IP addresses have more I-10 towards a more negative association. However, they do get reused and they do get recycled. So if you're banned IP address, there's a potentially cutting off your users from a chunk of the net that does not the intended consequence. Have you need to move up the stock to a domain name? So the domain name is what we're used to typing it all browsers, you know something I get hub.com as opposed to one.

2.3.4. Because 1. 2. 3. 4 Points to get home today just an example. It's not actually the IP address. It could point to my bad service.com tomorrow and then back to somebody else is good service, the day after that and it's no longer accurate enough. We need to move up the staff and that's where the continuing theme and security.

I'm sure I'll be talking about it. The rest of the week is that you know, we need to be more accurate data driven and we need to be more flexible and we can just do these crude things are just cutting off sensor cutting off a limb and go to be interesting to see how his falls out.

Especially a given that stop. Cutting off legitimate Services could frustrate a lot of users and have that push back against that banned in Russia, but in general you need to make sure that you can't just blocked my IP but that you can move up a snack and be more accurately blocking buy domain.

I'm or better yet by sessions harder to do but not impossible to do we have the technology for years just a question of deployment and making it effective. You can always hit me up online Mark and see a person don't have the Traffic overlay, even though I'm trying to point to it and talk to me in the comments below.

I'm going to be at RSA all week, and I think it's going to be really interesting conference. It really starts off today with some of the key notes in the sessions of the expo hall is open and all that and I will have a summary video up soon about the red somewhere Summit yesterday cuz it was fantastic and there's some slide X available for those of you that didn't attend.

Hope you're having a great day believe it's Tuesday always get thrown off on them in different time zone. I was talk to you soon, and we'll see you tomorrow. All right, despite being connected to a monstrously gigantic battery my mevo ran out part way through the broadcast so quick little flip and here we are back with an alternative Source off.

The iPhone direct should be easier, please hopefully just a just a picture here. No, I don't want weird emojis. I'll get it some other saying I just to restart real quick and I am coming to you live from San Francisco. I'm out here for the RSA USA conference and we kicked off of the pre day yesterday on myself and Andrew.

Hay from Leah security. We hosted a full day seminar focus on ransomware destructive attacks. We had a great lineup of speakers in the associate District Attorney General all the way to a special guest appearance by malware Tech blog who actually was the one who sunk off the wannacry domain.

I'm in random some legal trouble for it, but it was a great day. Lots of great talks. I'm going to wrap that up in a separate video that I'll post you on social and when I want to dive in This morning is actually what's happening with telegram in Russia.

So telegram is a secure and and encrypted messaging service and I'm not sure where it ranks with the current options for end an encrypted Services. BFF is a boat to if they haven't already updated the scorecard for encrypted services, and I'm so you can get an idea of what the vulnerabilities in the challenges are within that organization time or within that time choice and within an ecosystem.

But at the end of the day, they have gotten telegram has gotten in trouble with the Russian government. The Russian government has bands at service within that country. I am now that's a whole different discussion as far as whether that's a you know, the ups and downs of banning specific services in countries and things like that.

That's not what I'm going to dive into today. What I wanted to talk about real quick was actually one of the methods win this escalated. So we had the Russian government saying telegram should not be available to our users within the country telegram. I were actually asking With the Russian government asking for access to our conversations happening on telegram telegram said no Russian government said, okay, you're not going to be available to provide service to our citizens and then they banned the service as it was configure telegram made some adjustments to the technical delivery of their service and then they mainly what they did was they started a route conversations through awrs and through on the Google Cloud platform right there with the cloud provider.

They set up a bunch of systems and they started routing traffic through there. Interesting enough and the Russian government has taken the step to then ban millions of IP addresses associated awsm associated with gcp. Now I made of yours has a GitHub Repo Man an API call where you can actually get the latest set of IP addresses are using for all their services same with Google on August Lee.

You can't have a cloud service without having a number of things on those eyepiece. And I'm so it's a dynamic IP assignment on those eye peas are recycled quite quickly and why I want to talk about this wasn't so much the nation-state ankle wasn't the Banning of encrypted Services angle, but it was the defensive mechanism of actually trying to ban a service-based on the IP is coming in in this day in age that is a very crude tool to use but unfortunately, it's only or the only one that a lot of folks have available to them.

What ends up happening now is as we're seeing from The Fallout reported in the tech news right now is a whole bunch of collateral damage has happened in the Russian band. So Seeing the fact that there is other services that we're running a Native Alaskan ngcp that are no longer available in the country because they've been banned by being a part of these IP blocks and that's really where this sort of the crude analogy comes in.

It's not a scalpel. It's very much a blunt, you know Sledgehammer instead. I am in this day and age. We need to move our security office tax. We need to be doing for trying to prevent your organization from reaching this particular service or you're trying to defend yourself against a DDOS attack or you're just like no matter what you're trying to defend yourself against if it includes Banning access from external entities into your network IP address is probably not going to cut it anymore.

We know and that some IP addresses have more I-10 towards a more negative association. However, they do get reused and they do get recycled. So if you're banned IP address, there's a potentially cutting off your users from a chunk of the net that does not the intended consequence. Have you need to move up the stock to a domain name? So the domain name is what we're used to typing it all browsers, you know something I get hub.com as opposed to one.

2.3.4. Because 1. 2. 3. 4 Points to get home today just an example. It's not actually the IP address. It could point to my bad service.com tomorrow and then back to somebody else is good service, the day after that and it's no longer accurate enough. We need to move up the staff and that's where the continuing theme and security.

I'm sure I'll be talking about it. The rest of the week is that you know, we need to be more accurate data driven and we need to be more flexible and we can just do these crude things are just cutting off sensor cutting off a limb and go to be interesting to see how his falls out.

Especially a given that stop. Cutting off legitimate Services could frustrate a lot of users and have that push back against that banned in Russia, but in general you need to make sure that you can't just blocked my IP but that you can move up a snack and be more accurately blocking buy domain.

I'm or better yet by sessions harder to do but not impossible to do we have the technology for years just a question of deployment and making it effective. You can always hit me up online Mark and see a person don't have the Traffic overlay, even though I'm trying to point to it and talk to me in the comments below.

I'm going to be at RSA all week, and I think it's going to be really interesting conference. It really starts off today with some of the key notes in the sessions of the expo hall is open and all that and I will have a summary video up soon about the red somewhere Summit yesterday cuz it was fantastic and there's some slide X available for those of you that didn't attend.

Hope you're having a great day believe it's Tuesday always get thrown off on them in different time zone. I was talk to you soon, and we'll see you tomorrow.