Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

DDoS attack against Spamhaus was reportedly the largest in history

Lucian Constantin | March 28, 2013
A distributed denial-of-service (DDoS) attack of unprecedented scale that targeted an international spam-fighting organization last week ended up causing problems for Internet users around the world, experts say.

The method of attack used in this case is known as DNS reflection and involves sending spoofed requests to so-called open DNS (Domain Name System) resolvers -- DNS servers that can be queried by anyone on the Internet -- that appear to originate from the intended victim's IP address. The attackers usually craft their requests so that the responses returned to the victim by the queried servers would be very large.

DNS reflection attacks are not new and there are millions of open DNS resolvers on the Internet that can be abused in this way.

This type of attack can be mitigated by the victim or the provider that is defending against the attack, but in this particular case, because of its size, the attack also stressed the rest of the Internet along the way, Holden said. "It was essentially stressful to the fabric of the Internet."

Holden hopes that the size of the attack and the attention it received will help speed up efforts to rid the Internet of open DNS resolvers. However, he agreed that in the short term it might actually encourage other attackers to use the same attack method because of its success.

A group called the Stophaus Movement has taken responsibility for the unprecedented attack. The group claims that Spamhaus is abusing its position of power to force hosting companies to end their business relationships with certain customers that are flagged as spammers without any court order or legal oversight.

The members of the Stophaus Movement are hosting companies and other parties that have been flagged by Spamhaus as spammers themselves because they refused to comply with Spamhaus' requests, said Sven Kamphuis, who claims to be a spokesman for the group, on Wednesday.

Kamphuis runs a network provider called CB3ROB that has been blacklisted by Spamhaus for hosting spam botnets and extortion scams. CB3ROB is a provider for a Dutch hosting company called CyberBunker.com that allows its customers to "host any content they like, except child porn and anything related to terrorism."

"I'm not a spammer and none of the Stophaus members are," Kamphuis said. If a company gets blacklisted by Spamhaus its bandwidth providers get blacklisted too, he said. This means that if CB3ROB gets blacklisted and this company has KPN as a bandwidth supplier, KPN's mail servers get blacklisted too, he said. Those suppliers then often decide to terminate the contract to keep themselves off the blacklist, he added.

Because of this and because so many providers use Spamhaus' blacklist, the organization "acts like they are the de facto Internet police," Kamphuis said. "Everyone in the business has had more than enough of Spamhaus."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.