CIO Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Neustar, Inc.
Protect your website & network
using real-time information & analysis

www.neustar.biz
Thursday, April 24th 
24/7/365 Network Uptime!
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Enterprise Software
Enterprise Hardware
Big Data
Network Security
Cloud Computing
CRM Systems
Data Storage
Operating Systems
Communications
CIO Issues
Mobile Tech
Chips & Processors
World Wide Web
Business Briefing
After Hours
Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Network Security

Lessons Learned in Historic DDoS Attack on Spamhaus

Lessons Learned in Historic DDoS Attack on Spamhaus
April 2, 2013 1:53PM

Bookmark and Share
The DNS amplification vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data. When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims' servers -- and possibly spill over and clog the Net.

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

What is the aftermath of the massive Distributed Denial of Service attacks recently on the anti-spam Spamhaus organization? As the largest such attack in history, the digital assault on Spamhaus slowed network performance in some regions of Europe and elsewhere, raised alarms about whether the Net could reach a breaking point, and has become a historic event that could mark a turning point.

According to reports in The New York Times and elsewhere, a key figure in the attacks appears to be Sven Olaf Kamphuis, who is associated with CyberBunker, the Dutch hosting facility where the attacks originated. After the Europe-based Spamhaus put CyberBunker on its spam blacklist, because of what Spamhaus said were substantial streams of spam e-mails coming from that hosting facility, the DDoS attacks began.

Kamphuis maintains a Facebook page, in which he champions hosting services such as CyberBunker for providing open Net access, and he rails against Spamhaus for acting like an arbitrary authority.

Like 'The Mafia'

CyberBunker has said it will allow customers to host anything except "child porn and anything related to terrorism." Spamhaus is backed by a variety of e-mail services, and experts have testified in court that many e-mail services would be rendered useless by the flood of spam if not for the organization's efforts.

But this massive wave of DDoS attacks -- in which Web servers are overwhelmed by a flood of bogus traffic -- broke some boundaries, according to Garth Bruen, an adviser to the consumer-oriented Digital Citizens Alliance. Bruen told USA Today that the attacks from CyberBunker were like "the kind of things we saw the mafia do to take control of neighborhoods 50 years ago."

He added that what was particularly "troubling" is that CyberBunker is a commercial ISP "working with shadowy figures in undisclosed locations."

Open DNS Resolvers

The attacks have highlighted some ongoing weaknesses in the Internet's infrastructure. Key among these are open Domain Name System resolvers, which allow attackers to engage in so-called DNS amplification. One of the weaknesses of open resolvers is that they do not authenticate a sender's address before replying.

This vulnerability, which was exploited to the fullest in the attacks on Spamhaus, return incoming requests to a DNS server with as much as 100 times as much data. When the attackers have faked the source address for those incoming requests, the responses can overwhelm the victims' servers -- and possibly spill over and clog other parts of the Net.

DNS servers are critical to the Internet as they translate alphanumeric-based Web addresses like "www.google.com" into the numeric IP addresses that computers can understand.

The Spamhaus attacks reportedly utilized more than 30,000 unique DNS resolvers. There are efforts, such as the Open DNS Resolver Project, to convince DNS administrators to implement source address validation, among other actions, to eliminate open DNS resolvers as a Net-wide weakness.

There are also calls for IT departments and individual PC owners to make a greater effort to scan their computers for signs of malware that could be hijacking their machines into becoming part of a botnet. Additionally, the Electronic Frontier Foundation and others have offered tips to small businesses on how to cope with DDoS attacks, if their sites become one of the direct or indirect targets.

Tell Us What You Think
Comment:

Name:



 Network Security
1. Fund Seeks To Head Off Heartbleeds
2. Lessons from Verizon's Threat Report
3. Verizon Report Exposes Cyberthreats
4. How Are Web Sites Post-Heartbleed?
5. White House Updating Privacy Policy




 Most Popular Articles
1. BlackBerry Drops T-Mobile After Nasty Spat
2. Cisco, IBM Launch Internet of Things Consortium
3. Salesforce CRM Gets Industry Specific for Internet of Customers
4. Intel Bets on Cloudera for Big Data Analytics
5. SAP HANA Data Warehouse App Gets Faster Analytics

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  IBM Targets Big Data with Power8 Line
  Opera Coast Offers Safari Alternative
  FCC Defends Internet Traffic Proposal
  Fund Seeks To Head Off Heartbleeds
  Salesforce Developing App SOS Button

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Big Data | Network Security | Cloud Computing | CRM Systems
Data Storage | Operating Systems | Communications | CIO Issues | Mobile Tech | Chips & Processors | World Wide Web
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 CIO Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.