A distributed denial-of-service (DDoS) attack of unprecedented scale that targeted an international spam-fighting organization last week ended up causing problems for Internet users around the world, experts say.
The DDoS attack started more than a week ago and targeted the Spamhaus Project, an organization based in Geneva, Switzerland, and London that maintains databases of IP (Internet Protocol) addresses, domain names and other Internet resources involved in spam, malware and other abusive online activities.
Spamhaus publishes the data in the form of block lists that are used by Internet and email service providers, corporations, universities and governments around the world to filter Internet traffic on their networks and servers.
In order to keep its services and website online Spamhaus enlisted the help of a San Francisco-based company called CloudFlare that runs a global content delivery network aimed at improving website performance.
CloudFlare said in a blog post last week that it had mitigated an attack against Spamhaus that peaked at 75Gbps. However, the attack significantly increased in scale since then, said Matthew Prince, CouldFlare's CEO, Wednesday via email.
Seeing that CloudFlare's network infrastructure allowed the company to mitigate the original attack, the attackers decided to move upstream and directly target CloudFlare's Internet service providers and then the upstream providers of those providers, Prince said Wednesday in a blog post.
The attackers ultimately targeted Tier 1 providers, which operate the networks at the core of the Internet, and Internet Exchanges (IX), critical nodes located around the world that connect large networks like those of Google, Facebook, Yahoo and pretty much every major Internet company.
"While we don't have direct visibility into the traffic loads they saw, we have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack," Prince said.
"We've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare," Prince said. "If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."
"Given the 300Gbps number being reported, this would be the largest publicly acknowledged attack on record," said Patrick Gilmore, chief architect at Akamai Technologies, Wednesday via email. Akamai operates one of the world's largest content delivery networks.
In general, when an attack is very large, it can fill the Internet pipes and hurt infrastructure between the source of the attack and the intended victim, Gilmore said.
"We agree that the size of the attack was around 300Gbps," said Dan Holden, director of the security and engineering response team at Arbor Networks, a DDoS mitigation provider. "The largest attack we have previously seen was of around 100Gbps back in 2010."
Sign up for CIO Asia eNewsletters.