Update: Spamhaus hit by biggest-ever DDoS attacks
DDoS traffic of up to 300Gbps has been directed at anti-spam site
Computerworld - Anti-spam service Spamhaus has been hit with what several security firms today described as the largest distributed denial of service (DDoS) attacks ever seen.
Some of the attacks have generated so much DDoS traffic that they actually slowed down sections of the Internet for brief periods of time, according to the firms.
Matthew Prince, CEO of CloudFlare, a San Francisco-based firm that has been helping Spamhaus over the past few days, today said that the attacks have been going on since March 19 and have generated up to 300Gbps of DDoS traffic.
That's about three times bigger than the biggest DDoS attacks seen so far and several magnitudes greater than the 4Gbps to 10Gbps of traffic generated by typical DDoS attacks.
"We haven't seen anything larger than this publicly," Prince said. "Its hard to get an attack this large, because what you end up doing is congesting [portions of the Internet]," he said,
Spamhaus did not respond immediately to a request for comment. However, according to The New York Times, the attacks against the Geneva-based company began after the anti-spam service added Dutch hosting provider Cyberbunker to its global blacklist.
Cyberbunker, a hosting company that operates out of an abandoned NATO bunker in the Netherlands, is known for hosting an eclectic collection of websites -- some of which are thought to be major spammers. The company prides itself on being willing to host almost any website, except those involved with terrorism and child pornography.
The company has done little to hide its dislike for Spamhaus, which it has characterized as a bully on its website. The Times quoted an alleged spokesman for the attackers as saying that Cyberbunker was retaliating because Spamhaus had abused its influence on the Internet.
According to Prince, the DDoS attacks against Spamhaus started off being fairly typical in bandwidth, but quickly grew much bigger. Between March 19 and March 22, the DDoS attacks went from 10Gbps of traffic to over 90Gbps.
When that wasn't enough to knock Spamhaus offline, the attackers changed tactics and began going after CloudFlare's upstream service providers. "As the attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated," he said.
In DDoS attacks, perpetrators typically try to take down a target network by inundating it with useless traffic. The traffic is usually generated using large botnets of compromised computers.
With Spamhaus, the attackers employed a well-known, but infrequently used, method known as a DNS reflection attack to generate the massive streams of DDoS traffic seen over the past few days, Prince noted.
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Pentagon accuses China of cyberattacks on U.S military, business targets
- Spamhaus attacks expose huge open DNS server dangers
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cybercrime and Hacking White Papers | Webcasts