Home / Industry

Is Blocking via IP Geolocation the Answer to Preventing DDoS Attacks?

If there's anything we learned about the threat landscape, it's that none of us are safe from malicious actors. Becoming a victim is not a matter of "if" but "when."

Enterprises are now aware that the thought of being "too big to fail" is no longer applicable. This idea rings true, especially since big tech firms like LinkedIn, Dropbox, and Yahoo! have been victimized by data breaches. Even Internet service provider (ISP) Dyn, which the likes of Spotify and Twitter use, succumbed to traffic-based assaults.

Many banks and financial institutions have also suffered similar fates. A Sri Lankan bank lost millions of dollars after suffering a compromise, followed by a spate of spoofed transactions.

Experts speculate that these actions were state-sponsored for reasons no one honestly knows. Even the leakage of a Democratic National Committee email raised concerns regarding cross-border security.

More Prevalent and Costly Cyber Attacks

Data theft and distributed denial-of-service (DDoS) attacks are only two of the most widespread forms of cyber threats. What's even worse is that the motives of threat actors remain unclear more often than not.

For instance, competitors can carry out a cyber intrusion to disrupt their rivals' operations or gain a competitive edge. Hacktivists who are pushing a particular agenda could do the same. Then others only wish to extort vast sums of money by holding systems or files for ransom.

Organizations need to watch out for growing cybercrime-as-a-service (CaaS) offerings as well. With these services, even perpetrators with little technical know-how can pay experts to launch attacks on their behalf. For as little as US$100 a day, anyone can hire a professional hacker to carry out a malicious deed. Meanwhile, the downtime on some of their activities, such as DDoS campaigns, can be very significant for most businesses.

Could IP Geolocation Blocking Be the Answer?

According to a Q1 2019 report, a majority of the traffic used to carry out DDoS attacks came from China (59.9%), the U.S. (21.3%), and Hong Kong (4.2%). The countries found to have a significant number of botnets include the U.S. (34.1%), the Netherlands (12.7%), and Russia (10.4%).

When it comes to blocking malicious traffic with an IP geolocation software, the argument is pretty straightforward: Organizations need to reject traffic originating from locations that have had ties to DDoS. Although not foolproof as companies may block innocent traffic, IP geolocation blocking can be a quick and easy way to deal with unwanted traffic. Any worried website owner can avail of such a service from a known hosting provider. Even WordPress, a popular content management system (CMS), offers plugins with the feature.

Organizations, however, need to keep the counter-argument against IP geolocation blocking in mind: Cybersecurity shouldn't follow a scorched earth approach. Some argue that the Internet was made so that people can connect on a global scale. As such, they view IP geolocation blocking as a means of censorship. Others think that penalizing Internet users simply because they are from a specific time zone or country can be considered racism.

So How Can Companies Stay Safe?

Denying traffic from specific countries could limit potential viewership for many businesses and even restrict growth. Content-focused sites also risk failing to capitalize on global search engine capabilities and traffic spikes coming from legitimate users. Apart from that, many threat actors look for ways to bypass geolocation blocking algorithms by spoofing their IP addresses.

So rather than blocking entire countries from accessing one's network, using a smart IP geolocation API that can filter out malicious traffic may be a better solution. With this application, cybersecurity teams can identify malicious activities per user. Specialists won't be forced to prevent all traffic from a particular place from getting in but have the option to block specific IP addresses only.

Advanced cloud-based cybersecurity providers can also use a database that contains known compromised IP addresses for blacklisting in combination with an IP geolocation API that allows filtering. The solutions a company needs should fit its customized requirements.

* * *

Is blocking traffic from entire countries is the answer to prevent large-scale, nation-state attacks? Not at all. Though this may be a quick fix for ongoing DDoS attacks, it isn't an ideal long-term option. Instead, companies need an intelligent IP geolocation solution that identifies individuals or specific groups of malicious users so they won't have to resort to broad bans.

WhoisXML API

About WhoisXML API – Whois API, Inc. (whoisxmlapi) is a big data and API company that provides domain research & monitoring, Whois, DNS, IP, and threat intelligence API, data and tools to a variety of industries.  Visit Page

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform