Largest DDOS Attack in History @ 300Gbps
DDoS attack against Spamhaus was reportedly the largest in history
A DDOS (distributed denial-of-service) attack of unprecedented scale that targeted an international spam-fighting organization last week ended up causing problems for Internet users around the world, experts say.
The DDoS attack started more than a week ago and targeted the Spamhaus Project, an organization based in Geneva, Switzerland, and London that maintains databases of IP (Internet Protocol) addresses, domain names, and other Internet resources involved in spam, malware, and other abusive online activities.
Spamhaus publishes the data in the form of block lists that are used by Internet and email service providers, corporations, universities and governments around the world to filter Internet traffic on their networks and servers.
In order to keep its services and website online Spamhaus enlisted the help of a San Francisco-based company called CloudFlare that runs a global content delivery network aimed at improving website performance.
CloudFlare said in a blog post last week that it had mitigated an attack against Spamhaus that peaked at 75Gbps. However, the attack significantly increased in scale since then, said Matthew Prince, CouldFlare's CEO, Wednesday via email.
Seeing that CloudFlare's network infrastructure allowed the company to mitigate the original attack, the attackers decided to move upstream and directly target CloudFlare's Internet service providers and then the upstream providers of those providers, Prince said Wednesday in a blog post.
The attackers ultimately targeted Tier 1 providers, which operate the networks at the core of the Internet, and Internet Exchanges, critical nodes located around the world that connect large networks like those of Google, Facebook, Yahoo and pretty much every major Internet company.
"While we don't have direct visibility into the traffic loads they saw, we have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack," Prince said.
"We've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare," Prince said. "If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."
"Given the 300Gbps number being reported, this would be the largest publicly acknowledged attack on record," said Patrick Gilmore, chief architect at Akamai Technologies, Wednesday via email. Akamai operates one of the world's largest content delivery networks.
In general, when an attack is very large, it can fill the Internet pipes and hurt infrastructure between the source of the attack and the intended victim, Gilmore said.
"We agree that the size of the attack was around 300Gbps," said Dan Holden, director of the security and engineering response team at Arbor Networks, a DDoS mitigation provider. "The largest attack we have previously seen was of around 100Gbps back in 2010."
The method of attack used in this case is known as DNS reflection and involves sending spoofed requests to so-called open DNS (Domain Name System) resolvers -- DNS servers that can be queried by anyone on the Internet -- that appear to originate from the intended victim's IP address. The attackers usually craft their requests so that the responses returned to the victim by the queried servers would be very large.
DNS reflection attacks are not new and there are millions of open DNS resolvers on the Internet that can be abused in this way.
This type of attack can be mitigated by the victim or the provider that is defending against the attack, but in this particular case, because of its size, the attack also stressed the rest of the Internet along the way, Holden said. "It was essentially stressful to the fabric of the Internet."
Hardeep Singh aka cyb3r.gladiat0r