Russia unveils 17,576 IPs that launched DDoS attacks

IPv6 denial of service attack

Russia has recently come under heavy attack by the international hacker group Anonymous, which continues to attack Russian government websites. Based on this situation, Russia has prepared to use a large local area network to block the Internet, but at present Russia’s large local area network has not been officially launched.

Russia’s National Coordination Center for Computer Incidents (NCCCI) publishes a list that contains the source addresses of a large number of attackers. NCCCI hopes to publish this list so that other Russian government agencies, enterprises, financial institutions, etc. can conduct targeted defenses based on the corresponding source addresses.

We checked the list and found that the list published by Russia mainly contains IP addresses that have been sorted out, as well as some monitored domain names. In terms of addresses, we found that these addresses come from all over the world, including Europe, the United States, China, India, Bangladesh, Thailand, etc. The domain names monitored by Russia include the FBI and the National Security Agency of the United States, and some domain names belong to the European Union and Southeast Asian countries. Of course, neither the address nor the domain name actually makes much sense, because the originating domain name can be faked into any URL, so it has no reference. As for the IP addresses, most of them come from home users. Simply put, users who use these IP addresses have their devices hacked, so they can be used to launch DDoS attacks.

IP addresses and domains alone cannot be attributed to specific attackers, but it’s basically no wonder that most of the IP addresses are from botnets. The mobilized botnets can also be identified as anonymous, but Russia can indeed organize government agencies for defense based on this list. After all, the IP addresses of botnets are limited. If all IP addresses are blocked, the available addresses of botnets that hackers can control will eventually be exhausted. This is why the Russian Computer Incident Coordination Center spends time collecting addresses, but 17,576 IPs are not much for a botnet. “Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity,” the NCCCI added.

Via: thehackernews