Behind the Spamhaus DDosS attack

IT World Canada Staff

11 years ago

Massive DDoS attack shakes InternetLast week details emerged about a huge distributed denial of service attack that started with targeting the Spamhaus Project and ended up disrupting Internet service of a large number of organizations. Here’s a look at what happened, and what your organization can do to stop these attacks.

Who is Spamhaus?It’s a Geneva/London-based non-profit organization that tracks sources of spam and works with law enforcement agencies. It maintains spam-blocking databases used by ISPs, corporations and governments. It also publishes a register of known spam senders. As a result, it has enemies.

What happened?On March 18 Spamhaus says it began seeing a large DDoS attack — up to 300 Gbps of packets being flung at its servers, downing email and Web site. Things were better by March 22, but not fully right until the 28th. (Image via Shutterstock)

What did it do?Spamhaus turned to DDoS mitigation service provider CloudFlare for help. It discovered the attack was a DNS reflection — sending a request for information to an organization’s Domain Name System server, which then gets reflected to the victim. This leverages the open DNS resolvers of organizations. (Image via Shutterstock)

How big was the attack?CloudFlare says it recorded over 30,000 unique DNS resolvers in the attack, each one sending about 2.5Mbps of data. In response to CloudFlare’s defensive techniques, which include disbursing attacks around the world to other servers to handle the load, attackers went after CloudFlare’s network providers. That affected others on the Internet

What can you do?CloudFlare calls open DNS servers “the scourge of the Internet.” To make sure your organization isn’t contributing, ensure your recursive DNS servers only respond to queries withing your IP range. Is it a problem in Canada? CloudFlare says during last month’s attack it tracked 1,259 unique open DNS resolvers here.