GuestPost: Spamhaus answers about recent DDoS attack on Spamhaus: Stakes and Threats.
These recent times Spamhaus has undergone the biggest DDoS attack of its history, this one targeted its infrastructures and services. Here are some elements of responses following the press inquiries.
''At this time The Spamhaus Project is getting more press enquiries than we can
personally respond to. Below is a list with the most frequently asked questions, along with our answers. If you are in need of any additional information please do not hesitate to contact us but we cannot guarantee a quick response. Our staff are almost all investigators and engineers who focus on dealing with spam and malware issues.
Is this the biggest attack ever? It certainly is the biggest attack ever directed at Spamhaus. Many organizations are not open about the fact that they are attacked at all, let alone about techniques or traffic volumes used in the attack. Spamhaus understands their business and security concerns. However, we feel it is in the best interest of the Internet as a whole to openly discuss the DDoS cyberthreat and ways to resolve it. For that reason, when our hosting partner Cloudflare asked for our permission to discuss the attacks, we consented.
Cloudflare wrote two very interesting blog articles about the attacks:
http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
The first is a few days old. As explained in the second blog, attack volumes increased in later attacks. The first blog provides an accurate and detailed explanation about this type of DNS amplification attack.
Can big attacks cause issues for other parties? Certainly. Core internet infrastructure may be overwhelmed by the amount of traffic involved in an attack. When that happens, all traffic that passes through that part of the Internet is impacted. Compare it to a big highway: If a traffic jam gets big enough, the on-ramps will slow down and fill up, and then the roads to the on-ramps will fill up too. Attacks can be directed at core infrastructure precisely to inflict such collateral damage. With this attack, some collateral damage may have been seen locally, all depending on where you connect to the internet and when you look.
Is the attack still ongoing? Like almost every piece of infrastructure on the internet, we are constantly under attacks of various scales. At this time, the attacks against our servers have subsided and the sizes are smaller. However, attacks do not just come and go. They also change in nature all the time. We try to be ready for the next attack so that we can ensure that our users will be protected and the networks that rely on our service will be kept safe.
How can attacks like these be prevented? Preventing attacks like these depends on two key technical measures. First, all networks should ensure that they do not allow traffic to leave their network that has "spoofed" (forged) sending addresses. Without the ability to spoof traffic there would be no reflection attacks possible. Secondly, open DNS resolvers (or for that matter, any other open and abusable internet resource) should be locked down and secured.
These attacks should be a call-to-action for the Internet community as a whole to address and fix those problems.
Do you know who is attacking you? A number of people have claimed to be involved in these attacks. At this moment it is not possible for us to say whether they are really involved.
How and to whom is Spamhaus accountable? Some people have claimed that Spamhaus is not accountable and can just censor anything we want. That is not the case. Not only do we have to operate within the boundaries of the law, we are also accountable to our users. If we started advising our users not to accept email from senders whose email they actually want to receive, they would quickly stop using our data because it would not meet their needs. We take pride in the quality of our data, and the fact that the biggest ISPs and networks all over the world use our data is a testament to its quality. The Spamhaus Project has been providing anti-spam advisory data for over 12 years without interruption.
Media requests (only!) are handled at media-intl-ext@spamhaus.org ''
< For those unfamiliar, the Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam gangs worldwide, and to lobby governments for effective anti-spam legislation.
Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 38 investigators and forensics specialists located in 10 countries.
Spamhaus maintains a number of realtime spam-blocking databases ('DNSBLs') responsible for keeping back the vast majority of spam sent out on the Internet. These include the Spamhaus Block List (SBL), the Exploits Block List (XBL), the Policy Block List (PBL) and the Domain Block List (DBL). Spamhaus DNSBLs are today used by the majority of the Internet's Email Service Providers, Corporations, Universities, Governments and Military networks.>