Feeds

BIGGEST DDoS in history FAILS to slash interweb arteries

Bombardment without collateral damage - amazing

Securing Web Applications Made Simple and Scalable

'A minor amount of collateral congestion'

Spamhaus compiles lists of IP addresses of servers and other computers accused of distributing spam or promoted using junk mail. These blacklists are used by ISPs, businesses and spam-filtering firms to block the worst sources of unsolicited marketing mail before applying more computational intensive filtering techniques, such as analysing the actual content of messages.

Junk-mail distributors and the like regularly threaten, sue or DDoS Spamhaus. Some businesses also object to Spamhaus's alleged vigilante approach to tackling spam.

Spamhaus's blocklists are distributed via DNS and are widely mirrored in order to ensure the overall system is resilient to attacks. The blacklists were never affected and were even updated, with none of its core infrastructure going titsup, according to Spamhaus.

"Only the website and our email server were affected," Steve Linford, chief executive for Spamhaus, told the El Reg. "All Spamhaus DNSBL [DNS Block List] services continued to run unaffected throughout the attack. In fact Spamhaus DNSBLs have never once been down since we started them in 2001."

Linford praised the support of engineers at CloudFlare and Amazon, which supplied load balancing of DNS services, for ensuring its service remained available during the packet carpet bombing. He claimed the attack caused Netflix to slow down and caused congestion elsewhere on the web.

Netflix itself said that the attack had no impact on its service, while internet traffic exchanges in both London and Amsterdam - two of the top three peering hubs in Europe, the arteries of the internet - both played down the impact of the attack beyond CloudFlare and its customers.

Malcolm Hutty, head of public affairs at LINX, the London Internet Exchange, said: "Apart from CloudFlare we saw a minor amount of collateral congestion in a small portion of our network which may, or may not have, have affected some members. This would have been accommodated through their normal procedures."

Ordinary internet users would not have been affected because the DNS flood "only have affected CloudFlare and its customers", he added.

CloudFlare uses Anycast technology which spreads the load of a distributed attack across all 23 of its data centres. Even so it was left reeling from the weight of the assault, which prompted it to suspend its peering in London.

Overblown reports that the internet slowed down or ground to halt appear to be well wide of the mark. This is not to dismiss the significance of the attack, or take anything away from CloudFlare for helping Spamhaus to weather the storm. The simple fact is the attack amounted to nothing more severe than minor congestion, an assessment backed up by AMX-IX, the Amsterdam internet exchange as well as its counterpart in London.

"We have not experienced any disruptions related to our platform," a spokeswoman for AMX-IX told El Reg. "When we look at the amount of traffic some of our members and customers exchange we see some increases here and there, but they could easily manage it."

The New York Times claimed that the attacks against Spamhaus appear to be tied to a dispute with CyberBunker, a website hosting provider in the Netherlands. CyberBunker is accused by Spamhaus of being the world's most toxic haven of phishing and malware.

CyberBunker is quite open in running a bullet-proof anonymous hosting facility out of a Cold War bunker in the Netherlands where anything goes except child-abuse material and terror-related websites. "Customers are allowed to host any content they like, except child porn and anything related to terrorism," its online policy states.

The hosting provider told El Reg it denies any involvement in spamming. It declined to respond directly to the accusation in the NYT article that CyberBunker was retaliating against Spamhaus for “abusing its influence” and using vigilante tactics in the fight against spam:

The only thing we would like to say is that we (including our clients) did not, and never have been, sent any spam. We have no further comment. Thank you.

®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.