Biggest ever DDoS against Spamhaus

flagpoleflagpole Posts: 44,641
Forum Member
Apparently the worlds biggest ever DDoS attack is taking place against Spamhaus's DNS servers.

It's been provoked by duch host Cyberbunker who were annoyed at being blacklisted. (should probably stop sending spam then)

They've been receiving 300Gbps. which is huge.

The reason i wanted to bring this to your attention is that Cloudflare (DDoS mitigation experts) wrote a really interesting blog article about how they've been able to mitigate it.

http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho

bit of a read but it explains a lot about DDoS and DDoS mitigation. how attackers are able to amplify their bandwidth. well worth a read.
«1

Comments

  • [Deleted User][Deleted User] Posts: 122
    Forum Member
    Interesting stuff even if some of it is way over my head !
  • JeffG1JeffG1 Posts: 15,243
    Forum Member
    ✭✭
    This was actually mentioned on the BBC 6 o'clock radio news. It said it caused a world-wide internet slowdown.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    300Gbps is a lot for DDoS. But I don't know how it compares to regular traffic.
  • IvanIVIvanIV Posts: 30,300
    Forum Member
    ✭✭✭
    I have read about the DNS reflection already, it seems to be a very popular method of DDoS. A very effective way to generate a lot of traffic.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    It is. It's an interesting parallel between open DNS resolvers and open SMTP relays.

    There is a new blog post about it.

    http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
  • d'@ved'@ve Posts: 45,452
    Forum Member
    flagpole wrote: »
    Apparently the worlds biggest ever DDoS attack is taking place against Spamhaus's DNS servers.

    IS taking place?

    www.spamhaus.org is up and online right now, and the source articles about it seem to be a week old (apart from the BBC's belated report).

    No Internet slowing noticed at my house, either. If this kind of DDOS attack becomes too common, major ISPs will have to collectively take action to block the methods used, by closing their server/DNS resolver holes etc. used by the mildly irritating little pricks who launch such attacks.
  • IvanIVIvanIV Posts: 30,300
    Forum Member
    ✭✭✭
    1.5Tbps peaks. Imagine how much porn could not get through because of this :D
  • flagpoleflagpole Posts: 44,641
    Forum Member
    d'@ve wrote: »
    IS taking place?

    www.spamhaus.org is up and online right now, and the source articles about it seem to be a week old (apart from the BBC's belated report).

    No Internet slowing noticed at my house, either. If this kind of DDOS attack becomes too common, major ISPs will have to take action to block the methods used, by closing their server holes used by the annoying little pricks who launch such attacke.

    Yes IS.

    Read the second blog article I linked to.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    flagpole wrote: »
    Yes IS.

    Read the second blog article I linked to.

    I just did. However...

    www.spamhaus.org - up and running.

    As I said, if the mildly irritating spam lovers who liaise with little DDOS boys to do this kind of thing become too much of a problem, the holes they depend on (which shouldn't exist anyway) will eventually be closed. "Can't be bothered" will turn into "better do something, damn".
  • flagpoleflagpole Posts: 44,641
    Forum Member
    IvanIV wrote: »
    1.5Tbps peaks. Imagine how much porn could not get through because of this :D

    That'll be the back lash. No body will care, linx went down, who gives a shit. Your porn might start buffering. What!? I demand action.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    d'@ve wrote: »
    I just did.

    www.spamhaus.org - up and running.

    As I said, if the mildly irritating spam lovers who liaise with little DDOS boys to do this kind of thing become too much of a problem, the holes they depend on (which shouldn't exist anyway) will eventually be closed. "Can't be bothered" will turn into "better do something, damn".

    It never went down. The site was up as soon add cloudflare took over. But the block lists stopped updating.

    I think you are right to an extent that these things are seen as an irritation. If they do real damage they will find they have teak world problems. It's ironic that if they hadn't protected linx and it went down it would probably have been the end of them.

    Incidentally the post is 4 hours old. Not a week.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    flagpole wrote: »
    Incidentally the post is 4 hours old. Not a week.
    The first one you linked to, which is what I then referred to, is a week old.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    d'@ve wrote: »
    The first one you linked to, which is what I then referred to, is a week old.

    The story has been developing. I thought I was pretty clear that I thought people might be interested in reading about ddos in the context of what was currently happening.

    If you want to give me your number I'll run my future threads past you. Make sure I don't make any more mistakes.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    flagpole wrote: »
    The story has been developing. I thought I was pretty clear that I thought people might be interested in reading about ddos in the context of what was currently happening.

    If you want to give me your number I'll run my future threads past you. Make sure I don't make any more mistakes.

    Oh for gods sake, I know that. The only point I was making was that it's taken the BBC (which someone mentioned before my first post) a week to pick up on the story - no need to be so melodramatic.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    d'@ve wrote: »
    Oh for gods sake! The only point I was making was that it's taken the BBC a week to pick up on this - no need to be so melodramatic.

    But it hasn't. It hasn't taken me or the BBC a week to pick up on it.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    Jeez. Dog, bone.

    Good evening, better things to do.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    d'@ve wrote: »
    Jeez. Dog, bone.

    Good evening, better things to do.

    Well you see I have noticed that you trend to assume people are stupid. In this case me and the BBC.
  • HelboreHelbore Posts: 16,066
    Forum Member
    ✭✭
    Considering how much time I waste dealing with Spamhaus false-positives f*cking my clients' email delivery, I feel no sympathy for them.
  • whoever,heywhoever,hey Posts: 30,992
    Forum Member
    ✭✭✭
    Its bloody clever. I remember reading about this many-many DDoS when my server got DoS attacked last year. It was strangely quite a proud moment when it was deemed significant enough :)
  • cnbcwatchercnbcwatcher Posts: 56,681
    Forum Member
    I'm noticing slower internet now. Some websites are completely inaccessible or they're very slow to load. Is anyone else noticing it?
  • flagpoleflagpole Posts: 44,641
    Forum Member
    I'm noticing slower internet now. Some websites are completely inaccessible or they're very slow to load. Is anyone else noticing it?

    i keep thinking i notice that. but then i'm not sure if i'm imagining it.
  • IvanIVIvanIV Posts: 30,300
    Forum Member
    ✭✭✭
    I think somebody should attack this way those dodgy DNS servers to make those people realise what time bombs they are running. Nobody changes anything otherwise.
  • flagpoleflagpole Posts: 44,641
    Forum Member
    IvanIV wrote: »
    I think somebody should attack this way those dodgy DNS servers to make those people realise what time bombs they are running. Nobody changes anything otherwise.

    they said there are 21m i think. though if they are being used for the largest attack in history they must have extra load.

    i thought it was a bit odd that the blog suggested people check their server, but didn't have a link as to how.
  • cnbcwatchercnbcwatcher Posts: 56,681
    Forum Member
    flagpole wrote: »
    i keep thinking i notice that. but then i'm not sure if i'm imagining it.

    I don't think I'm imagining it. I haven't been able to access my university email all day and I've also had trouble with various news sites.
  • jenziejenzie Posts: 20,821
    Forum Member
    ✭✭✭
    bloody childish behaviour, they should be TOLD to knock it the hell off :mad:
Sign In or Register to comment.