Behind the Spamhaus DDosS attack

Massive DDoS attack shakes InternetLast week details emerged about a huge distributed denial of service attack that started with targeting the Spamhaus Project and ended up disrupting Internet service of a large number of organizations. Here’s a look at what happened, and what your organization can do to stop these attacks.

Who is Spamhaus?It’s a Geneva/London-based non-profit organization that tracks sources of spam and works with law enforcement agencies. It maintains spam-blocking databases used by ISPs, corporations and governments. It also publishes a register of known spam senders. As a result, it has enemies.

What happened?On March 18 Spamhaus says it began seeing a large DDoS attack — up to 300 Gbps of packets being flung at its servers, downing email and Web site. Things were better by March 22, but not fully right until the 28th. (Image via Shutterstock)

What did it do?Spamhaus turned to DDoS mitigation service provider CloudFlare for help. It discovered the attack was a DNS reflection — sending a request for information to an organization’s Domain Name System server, which then gets reflected to the victim. This leverages the open DNS resolvers of organizations. (Image via Shutterstock)

How big was the attack?CloudFlare says it recorded over 30,000 unique DNS resolvers in the attack, each one sending about 2.5Mbps of data. In response to CloudFlare’s defensive techniques, which include disbursing attacks around the world to other servers to handle the load, attackers went after CloudFlare’s network providers. That affected others on the Internet

What can you do?CloudFlare calls open DNS servers “the scourge of the Internet.” To make sure your organization isn’t contributing, ensure your recursive DNS servers only respond to queries withing your IP range. Is it a problem in Canada? CloudFlare says during last month’s attack it tracked 1,259 unique open DNS resolvers here.

Resources For details on what your organization can do seeCloudFlare: blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

The Open DNS Resolver Project: openresolverproject.org

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Slideshows

Top Tech News