Biggest ever DDoS against Spamhaus

2»

Comments

  • d'@ved'@ve Posts: 45,452
    Forum Member
    Probrds. is a bit on-off at the moment. Error code 1001, though a reload or two brings it up. It's fine once you achieve a connection though.

    Haven't seen this kind of behaviour much in the past

    EDIT but it could be random and unrelated, as Probrds. admin has just posted in reply to someone else: "I had our sysadmin look into this and he has made some adjustments. I apologize for the inconvenience and everything should be back up and running properly now."

    I guess we shouldn't just assume as I did for a few minutes that all connection issues are due to the DDOS attacks.
  • IvanIVIvanIV Posts: 30,301
    Forum Member
    ✭✭✭
    flagpole wrote: »
    they said there are 21m i think. though if they are being used for the largest attack in history they must have extra load.

    i thought it was a bit odd that the blog suggested people check their server, but didn't have a link as to how.

    I would not be surprised if default settings is what's causing problems. 21 million, that would make a nice traffic if they started shooting DNS tables at each other :D
  • bigluke1970bigluke1970 Posts: 634
    Forum Member
    ✭✭
    I will support ANY anti-spam website.

    I am sick and tired of all these spam emails

    People who send out spam emails/ malware/ viruses/ worms should be heavily punished
    if caught
  • d'@ved'@ve Posts: 45,452
    Forum Member
    http://www.bbc.co.uk/news/technology-22314938
    Spanish police have arrested a Dutchman suspected of being behind one of the biggest ever web attacks.

    The 35 year-old-man was detained in Barcelona following a request from the Dutch public prosecutor.

    The attack bombarded the websites of anti-junk mail outfit Spamhaus with huge amounts of data in an attempt to knock them offline.

    It also slowed data flows over closely linked networks and led to a massive police investigation.

    The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.

    Glad they've got him and I hope any prosecution sticks. I hate spammers with a vengeance.
  • bspacebspace Posts: 14,303
    Forum Member
    ✭✭
    Helbore wrote: »
    Considering how much time I waste dealing with Spamhaus false-positives f*cking my clients' email delivery, I feel no sympathy for them.

    got to agree there
  • LION8TIGERLION8TIGER Posts: 8,484
    Forum Member
    From the BBC article ....
    He added: "Spamhaus remains concerned about the way network resources are being exploited as they were in this incident due to the failure of network providers to implement best practice in security."

    Does that mean the ISP's could go a long way to preventing spam if they were 'bothered', is it a cost thing that they don't ?

    Out of 6 email accounts there is some spam to varying degrees on just 2, both Hotmail but 99% of that is straight in the junk folder. If I'm bored I'll have a look to see how I can enlarge certain parts of my anatomy or receive a large amount of money from a very nice bank manager abroad for some banking transaction services.
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    LION8TIGER wrote: »
    From the BBC article ....



    Does that mean the ISP's could go a long way to preventing spam if they were 'bothered', is it a cost thing that they don't ?

    Out of 6 email accounts there is some spam to varying degrees on just 2, both Hotmail but 99% of that is straight in the junk folder. If I'm bored I'll have a look to see how I can enlarge certain parts of my anatomy or receive a large amount of money from a very nice bank manager abroad for some banking transaction services.

    No the ISP simply provides internet services. Their job is not to block things or do anything other than provide you with an internet service. They should remain independent and not an authority on blocking and allowing things.

    a) because ISP costs will go up a lot and are you willing to pay?
    b) because it's a dangerous and slippery slope
  • LION8TIGERLION8TIGER Posts: 8,484
    Forum Member
    Thine Wonk wrote: »
    No the ISP simply provides internet services. Their job is not to block things or do anything other than provide you with an internet service. They should remain independent and not an authority on blocking and allowing things.

    I think I agree.
    a) because ISP costs will go up a lot and are you willing to pay?

    No
    b) because it's a dangerous and slippery slope

    Censorship ??
  • alan1302alan1302 Posts: 6,336
    Forum Member
    Thine Wonk wrote: »
    No the ISP simply provides internet services. Their job is not to block things or do anything other than provide you with an internet service. They should remain independent and not an authority on blocking and allowing things.

    a) because ISP costs will go up a lot and are you willing to pay?
    b) because it's a dangerous and slippery slope

    I agree - I don't want ISPs to start blocking things
  • MaxatoriaMaxatoria Posts: 17,980
    Forum Member
    ✭✭
    Lets just say you are a Nigerian lawyer and have a 100 million to give away due to the death of the last ruler and its legit (just for the sake of the lulz) you'd probably be p'd off if you lost out due to your isp filtering a message
  • LION8TIGERLION8TIGER Posts: 8,484
    Forum Member
    Maxatoria wrote: »
    Lets just say you are a Nigerian lawyer and have a 100 million to give away due to the death of the last ruler and its legit (just for the sake of the lulz) you'd probably be p'd off if you lost out due to your isp filtering a message

    No !!! they are all Spam, apart that is from the one I'm in negotiations with at the moment, his percentages beat the others hands down.
    Apparently he has represented quite a few deposed leaders with B££££'s stashed away and asked me to be his agent in the UK so if anyone is interested just post me your bank details date of birth etc, passwords would be handy and you will get 20% of my 20% ... I think that is fair .

    On a serious note, if your Email provider can recognise spam and most do a good job then why can't or why shouldn't the ISP be able to do the same thing Wholesale . It may be a sticky subject but I don't think there is anyone who likes receiving it.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    LION8TIGER wrote: »
    Does that mean the ISP's could go a long way to preventing spam if they were 'bothered', is it a cost thing that they don't ?

    No, it's referring to DDoS attacks not spam filtering. Denial of service attacks which are made easier by mischievous, lazy or incompetent Internet server operators who fail to configure their servers properly. This allows well organized DDoS attacks to be bounced around and even amplified, so what starts off as a manageable attack ends up as difficult to manage and block
    Thine Wonk wrote: »
    No the ISP simply provides internet services. Their job is not to block things or do anything other than provide you with an internet service. They should remain independent and not an authority on blocking and allowing things.

    a) because ISP costs will go up a lot and are you willing to pay?
    b) because it's a dangerous and slippery slope

    See above, it's not referring to spam blocking or any other content blocking, it's talking about blocking a DDoS attack. A correctly configured server costs no more to operate than a badly configured server and this would add nothing to user costs. If anything it would lower ISP costs, by lowering the amount of Internet traffic and bandwidth requirements by eliminating some of this spurious traffic.
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    d'@ve wrote: »
    No, it's referring to DDoS attacks not spam filtering. Denial of service attacks which are made easier by mischievous, lazy or incompetent Internet server operators who fail to configure their servers properly. This allows well organized DDoS attacks to be bounced around and even amplified, so what starts off as a manageable attack ends up as difficult to manage and block



    See above, it's not referring to spam blocking or any other content blocking, it's talking about blocking a DDoS attack. A correctly configured server costs no more to operate than a badly configured server and this would add nothing to user costs. If anything it would lower ISP costs, by lowering the amount of Internet traffic and bandwidth requirements by eliminating some of this spurious traffic.

    Then what when you want to test a server you own, or want to try a port scan to make sure you're secure and your ISP has taken it upon itself to say what you can and can't do.

    ISPs shouldn't be responsible for being the internet police and deciding what it blocked and allowed. They are meant to be a utility, and fairly impartial, acting as a provider only.

    Obviously if you are committing a criminal offence they should assist the authorities, but otherwise they are simply a carrier, otherwise it's a slippery slope, well if you can filter that then you should filter this, block that etc..
  • IvanIVIvanIV Posts: 30,301
    Forum Member
    ✭✭✭
    Thine Wonk wrote: »
    Then what when you want to test a server you own, or want to try a port scan to make sure you're secure and your ISP has taken it upon itself to say what you can and can't do.

    ISPs shouldn't be responsible for being the internet police and deciding what it blocked and allowed. They are meant to be a utility, and fairly impartial, acting as a provider only.

    Obviously if you are committing a criminal offence they should assist the authorities, but otherwise they are simply a carrier, otherwise it's a slippery slope, well if you can filter that then you should filter this, block that etc..

    This is about open DNS resolvers that should be re-configured. There's no censorship involved. They would start authentificating incoming request's sender IP address, which would result in not sending anything out. Now it's too easy, a request comes in to send a lot of data "back" to an IP address in the request packet. This is not an original sender IP, but IP of the victim. You send a few bytes in, the response is in hundreds of bytes. You send a lot of such requests in you get hundred times as much shot at an unsuspecting victim of the attack. Open DNS resolvers act as amplifiers.
  • Thine WonkThine Wonk Posts: 17,190
    Forum Member
    ✭✭
    IvanIV wrote: »
    This is about open DNS resolvers that should be re-configured. There's no censorship involved. They would start authentificating incoming request's sender IP address, which would result in not sending anything out. Now it's too easy, a request comes in to send a lot of data "back" to an IP address in the request packet. This is not an original sender IP, but IP of the victim. You send a few bytes in, the response is in hundreds of bytes. You send a lot of such requests in you get hundred times as much shot at an unsuspecting victim of the attack. Open DNS resolvers act as amplifiers.

    So you're talking about DNSSEC then?

    Currently you can't really authenticate DNS as it's a single UDP request packet in most cases and a single UDP response.

    DNSSEC really requires DNS to be done over TCP, which means it's slower for everyone, puts a lot more load on the DNS servers, and there are other political and control issues of the signing keys and the fact who zone files need to be exposed, rather than kept private.

    Personally I'd favour finding and locking up these people for a long time to set an example, rather than turning ISPs into the police, or forcing everyone over to DNSSEC just now.
  • IvanIVIvanIV Posts: 30,301
    Forum Member
    ✭✭✭
    The problem is that it's too easy now and something has to be done. Open resolvers are supposed to be open. But one could check a frequency of requests from an IP address and flag them as malicious if it's too high. Or enable recursion only for trusted IPs. I doubt that many of those open resolvers were meant to be open. Or detect IP spoofing before a packet gets to its destination, ISPs could do this.
  • alan1302alan1302 Posts: 6,336
    Forum Member
    LION8TIGER wrote: »
    On a serious note, if your Email provider can recognise spam and most do a good job then why can't or why shouldn't the ISP be able to do the same thing Wholesale . It may be a sticky subject but I don't think there is anyone who likes receiving it.

    I would rather they don't so I have a choice of how to split out what i want from the Spam. Otherwise ISP could start blocking all kinds of things and I'd rather they don't have that power.
  • d'@ved'@ve Posts: 45,452
    Forum Member
    alan1302 wrote: »
    I would rather they don't so I have a choice of how to split out what i want from the Spam. Otherwise ISP could start blocking all kinds of things and I'd rather they don't have that power.

    The thread isn't really about spam blocking though, it's about poorly configured servers enabling more severe DDoS attacks than otherwise would occur. Spamhaus just happened to be the target of this particular DDoS (of many).
Sign In or Register to comment.