A few weeks ago, many Internet users were faced with delays and unavailability of many web sites around the world.

The reason behind this was probably the largest distributed denial-of-service (DDoS) attack to date. The scale of the overload was so enormous that even Tier-1 internet operators felt it's effects on major traffic exchange points.

The cause of this mess was a conflict between two organizations - an anti-spam organization Spamhaus and Dutch hosting provider Cyberbunker. The conflict erupted after Spamhaus included Cyberbunker in one of its black lists. One of most radical "Bulletproof" hosting providers know for supporting the Pirate Bay in the past responded by bombarding Spamhaus with whooping 300Gbps.

The attack affected many network providers, overloading some of them causing disruption of service, in some cases, for days. The high bandwidth was possible thanks to a technique known as DNS reflection - a misconfiguration of the domain name service (DNS) servers allowing intruders to amplify a small attack into a major data flood.

This attack demonstrates a fundamental vulnerability in the architecture of the internet which still remains exposed on millions of servers around the world. 


By Eugene Vnuk

Interested in our services? Want to learn more about our products?