Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Overhyped or not, the Spamhaus attacks are important

Jaikumar Vijayan | April 1, 2013
Questions over whether CloudFlare exaggerated the impact of the denial of service attacks on Spamhaus should not be allowed to divert attention away from the real security threat highlighted by the attacks.

Questions over whether CloudFlare exaggerated the impact of the denial of service attacks on Spamhaus should not be allowed to divert attention away from the real security threat highlighted by the attacks.

Any distributed denial of service attack involving 300Gbps of traffic -- or even half that amount -- is noteworthy, regardless of whether it choked portions of the Internet or not.

Multiple security firms have confirmed seeing traffic streams of up to 300 gigabits per second -- three times larger than the largest DDoS on record to date. Arbor Networks, which helps companies deal with DDoS attacks, has areally telling chart on its blog showing just how much bigger the DDoS streams against Spamhaus were compared to other large attacks.

Some have questioned CloudFlare CEO Matthew Prince's assertion that the Spamhaus attacks were so large that they caused certain sections of the Internet to slow down.

According to Renesys, a network performance tracking firm, the Internet as a whole did not experience any disruption on account of the Spamhaus attacks. The traffic estimates for the DDoS attacks were high enough to easily overwhelm the average hosting center, but not enough to affect core Internet components, according to Renesys.

Keynote Systems, another company that keeps tabs on Internet performance, had a similar take. Website speeds across Europe have remained pretty consistent over the past several weeks -- meaning that the Internet was not really impacted by the Spamhaus attacks, the company noted Thursday.

According to Keynote, some network segments in Europe did experience up to 40% slower-than-average response times during a six-hour period Tuesday. However, it is hard to tell whether the Spamhaus attacks caused the slowdown or it arose because so many people were live-streaming a soccer game between France and Spain during that time, Keynote said.

Some have begun wondering whether CloudFlare played up the attacks todrum up business for itself. That certainly is a legitimate question, but it is not necessarily the most important one in this situation.

Even if Prince did overhype the reaction, the fact remains that the DDoS attacks were the largest ever seen on the public Internet by far. Much more importantly, the attackers took advantage of open DNS servers to generate magnitudes more traffic for their attack than they would have been able to generate via a botnet alone.

This is significant because the threat posed by open DNS resolvers has been well understood for a long time. Yet, it is an issue that has remained largely unresolved. The Open DNS Resolver Project, an effort by a group of security experts to draw attention to the issue, estimates that there are currently about 27 million DNS servers that are open resolvers. About 25 million of those pose a significant threat, according to the project's website.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.