Spamhaus DDoS attacks

A fight between a spam-fighting group called Spamhaus and a Dutch Web host Cyberbunker has been called the biggest public DDoS battle in history in the news. Spam-fighting organization Spamhaus (helps to block spam from entering e-mail in-boxes) has been in a battle over the last week that has seen distributed denial of service (DDoS).

The attacks exceed by several times the typical attacks inflicted on organizations before. The DDoS That Almost Broke the Internet blog posting has lots of information on that recent attack Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The attack has causes peaking at 120Gbps of traffic hitting the network with help from open DNS recursors all over the world (including Finland). Unlike traditional botnets which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes. The operators of DNS servers should limit the networks from where they accept requests to stop this kind of problems.

11 Comments

  1. Tomi Engdahl says:

    ‘Spamhaus mafia tactics – main threat to Internet freedom’: CyberBunker explains largest cyber-attack
    http://rt.com/news/spamhaus-threat-cyberbunker-ddos-attack-956/

    Spamhaus is a major censorship organization only pretending to fight spam, a CyberBunker spokesman said in an RT exclusive. Sven Olaf Kamphuis claimed that as a constant bully of Internet service providers Spamhaus has only itself to blame for the attack.

    Spamhaus has blackmailed a number of internet service providers and carriers into disconnecting clients without court orders or any legal process, Kamphuis says. Basically, he accuses them of claiming people are spammers when they are not.

    “Spamhaus mafia tactics are definitely the largest threat to the freedom of the internet at the moment,” Kamphius told RT. And it is not about money, but about control, he says. Spamhaus just wants to own the platforms on which communications take place.

    Reply
  2. Tomi Engdahl says:

    Firm Is Accused of Sending Spam, and Fight Jams Internet
    http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=1&_r=0

    A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world.

    Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time.

    Spamhaus’s role was to generate a list of Internet spammers.
    Of Cyberbunker, he added: “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

    “We are aware that this is one of the largest DDoS attacks the world had publicly seen.”

    “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,”

    “You can’t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.”

    Reply
  3. Tomi Engdahl says:

    Operators confessed ordered a giant online online crime attack

    The attack method is to send queries to open name servers from fake network address. The attacker found the victim’s address, the name of the server to send back messages bombarding the victim’s address until the attack on the victim’s overloaded servers.

    The attacks was organized by Stophaus Movement group, which includes operators that think they are wrongly placed on blacklist.

    Dutch telecom operator Cb3robin representative Sven Kamphuis says the news service Idgns for that he is not Spammer and there is no one else Stop Haus member. Kamphuis says Spam Haus are acting as if it were the internet police.

    Source: http://www.tietoviikko.fi/kaikki_uutiset/operaattorit+tunnustivat+tilanneensa+jattimaisen+nettihyokkayksen+verkkorikollisilta/a890644?s=r&wtm=tietoviikko/-28032013&

    Reply
  4. Tomi Engdahl says:

    Yes, This Week’s DDoS Attack Was Huge, And Part Of An Ominous Trend
    http://readwrite.com/2013/03/29/ddos-attack-was-huge-and-part-of-a-trend

    Depending on who you believe, the week long Spamhaus-Cyberbunker cyberattack we covered Wednesday was either a threat to the Internet itself or hyped up by an overzealous security vendor. Either way, it was still serious business.

    distributed denial-of-service assaults that aim to knock target computers off the Internet — are real, and have been on the rise since 2010.

    This week’s attack was more than 300Gbps — way above the norm, in other words.

    That’s because the attackers actually co-opted part of the Internet’s basic infrastructure — the Domain Name System, or DNS — in such a way as to greatly amplify the firehose stream of data they were directing at target computers.

    Holden says DNS is becoming an increasingly popular target for DDoS. As many as 27 million DNS servers across the Internet are “open” in a way that allows them to be hijacked this way.

    Reply
  5. Tomi Engdahl says:

    A DDoS (Distributed Denial of Service) Threat has now become the #1 threat to availability & security for enterprise. But the true impact goes far beyond the financial cost…..

    The 7 Deadly Syns of a DDoS Attack
    1. Distraction – IT personnel tied up addressing the attack
    2. Interference – Larger number of help desk calls
    3. Toil – Extra manual work to re-enter transactions
    4. Disruption – Lost employee output
    5. Expense – Increased SLA Credit payments
    6. Deprivation – Current and prospective business loss
    7. Disgrace – Reputation impact

    Source: http://exclusive-networks.mailpv.net/a/s/10044338-6f028429c318bc9712facf566cadde2e/322561

    Reply
  6. Tomi Engdahl says:

    How Spamhaus’ attackers turned DNS into a weapon of mass destruction
    DNS amplification can clog the Internet’s core—and there’s no fix in sight.
    http://arstechnica.com/information-technology/2013/03/how-spamhaus-attackers-turned-dns-into-a-weapon-of-mass-destruction/

    A little more than a year ago, details emerged about an effort by some members of the hacktivist group Anonymous to build a new weapon to replace their aging denial-of-service arsenal. The new weapon would use the Internet’s Domain Name Service as a force-multiplier to bring the servers of those who offended the group to their metaphorical knees.

    an attack using the technique proposed for use in that attack tool and operation—both of which failed to materialize—was at the heart of an ongoing denial-of-service assault on Spamhaus, the anti-spam clearing house organization. And while it hasn’t brought the Internet itself down, it has caused major slowdowns in the Internet’s core networks.

    DNS Amplification (or DNS Reflection) remains possible after years of security expert warnings. Its power is a testament to how hard it is to get organizations to make simple changes that would prevent even recognized threats.

    But thanks to public cloud services, “bulletproof” hosting services, and other services that allow attackers to spawn and then reap hundreds of attacking systems, DNS amplification attacks can still be launched at the whim of a deep-pocketed attacker—like, for example, the cyber-criminals running the spam networks that Spamhaus tries to shut down.

    on some networks, the DNS resolver closest to the requesting application doesn’t handle all that work. Instead, it sends a “recursive” request to the next DNS server up and lets that server handle all of the walking through the DNS hierarchy for it

    To save time, DNS requests don’t use the “three-way handshake” of the Transmission Control Protocol (TCP) to make all these queries. Instead, DNS typically uses the User Datagram Protocol (UDP)—a “connectionless” protocol that lets the server fire and forget requests.

    That makes the sending of requests and responses quicker—but it also opens up a door to abuse of DNS that DNS amplification uses to wreak havoc on a target. All the attacker has to do is find a DNS server open to requests from any client and send it requests forged as being from the target of the attack. And there are millions of them.

    The “amplification” in DNS amplification attacks comes from the size of those responses. While a DNS lookup request itself is fairly small, the resulting response of a recursive DNS lookup can be much larger. A relatively small number of attacking systems sending a trickle of forged UDP packets to open DNS servers can result in a firehose of data being blasted at the attackers’ victim.

    A “root hint” request—sending a request for name servers for the “.” domain—results in a response 20 times larger than the packet the request came in. That’s in part thanks to DNS-SEC, the standard adopted to make it harder to spoof DNS responses, since now the response includes certificate data from the responding server.

    There’s been a proposal on the books to fix the problem for nearly 13 years—the Internet Engineering Task Force’s BCP 38, an approach to “ingress filtering” of packets.

    ISPs generally do “egress filtering”—they check outbound traffic to make sure it’s coming from IP addresses within their network. This prevents them from filling up their peering connections with bad traffic

    Another possible solution that would eliminate the problem entirely is to make DNS use TCP for everything—reducing the risk of forged packets. DNS already uses TCP for tasks like zone transfers. But that would require a change to DNS itself, so it’s unlikely that would ever happen, considering that you can’t even convince people to properly configure their DNS servers to begin with.

    Reply
  7. mistakes in web design says:

    Cаn уou tell us moгe about this? I’d like to find out some additional information.

    my site mistakes in web design

    Reply
  8. Tomi Engdahl says:

    Police arrest suspect in BIGGEST DDoS ATTACK IN HISTORY
    Dutch suspect snatched in Spain
    http://www.theregister.co.uk/2013/04/26/police_arrest_spamhaus_ddos_suspect/

    The Dutch police have confirmed the arrest of man suspected of taking part in a massive DDoS attack against the anti-spam group Spamhaus back in March.

    The 35 year-old man is a Dutch national but was arrested at his home in Barcelona under a European arrest warrant, the Netherlands National Prosecution Office told the BBC.

    Although the identity of the man hasn’t been released it has been suggested that he’s Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker, which has been feuding with Spamhaus for years and is claimed by some to be responsible for the DDoS attack.

    Reply
  9. Tomi Engdahl says:

    The man who ‘nearly broke the internet’
    http://www.guardian.co.uk/technology/2013/may/20/man-accused-breaking-the-internet

    Sven Olaf Kamphuis is accused of global cybercrime, but Spanish police found him in a squalid flat with his name on the letterbox

    Kamphuis, 35, is one of the most controversial characters in the murky world of spam and hacking – deemed the internet’s public enemy number one by some, though others believe his reputation has been blown out of proportion by the grandstanding of his foes.

    he allegedly masterminded a flurry of March internet attacks that the security company CloudFlare claimed “almost broke the internet”,

    Kamphuis displayed a Napoleonic sense of grandeur. “He claimed he had diplomatic status,” said the Spanish police officer who led the operation, but asked not to be named. “He said he was the telecommunications minister and foreign minister of a place called the Cyberbunker Republic. He didn’t seem to be joking.”

    Britain, the United States and Germany were all affected by the massive denial of service attacks that he launched.

    “The van was fitted out as a mobile office from which he could launch his attacks.”

    The result was what the New York Times called an attack of previously “unknown magnitudes”, producing a 300bn-bits-per-second data stream that targeted the British and Swiss-based anti-spam operator Spamhaus and its allies. This had reportedly blacklisted his CB3ROB/Cyberbunker company

    the huge number of spammers he hosts has led even hacktivists sympathetic to his pro-Pirate party, Anonymous and Julian Assange’s stance to question his real activities.

    If this was one of the most successful spammers in history, why was he living in a squalid flat and a camper van?

    Reply
  10. ddos protected vps says:

    Thanks designed for sharing such a fastidious opinion, article is good, thats why i
    have read it entirely

    Reply
  11. Address Look Up says:

    Great points altogether, you simply gained a new reader. What could you suggest in regards to your post that you made some days in the past? Any certain?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*