Lessons learnt from SpamHaus DDoS attack
Vigilance can report that last week, as part of the Spammer-Anti-Spammer wars, an attack on Spamhaus was created using a DNS amplification attack on highly rated DNS servers, the attack used Botnets to send an initial reflection request to the DNS Servers, which then generated the actual traffic. Today, although we are not sure if the same vector of attack was used again, the attack was able to draw enough web traffic to Spamhaus to reach a reported peak of 300Gbps of DDoS – a respectable number indeed. It is clear that proper DNS Server monitoring and configuration should have deflected the attack at an early stage. The DNS Attack vector showed again the effectiveness of using servers as initial attack vectors rather than a user-based botnet.
Spamhaus cyber attack
In his reaction to the news around the Spamhaus cyberattack, which researchers are describing as the world’s largest ever cyber attack and is slowing down global internet services, Tim Keanini, CRO at nCircle, said: “These attacks are the direct result of the ever increasing number of compromised computers connected at higher speeds – botnets are backbone of every denial of service attack..”
Mr Keanini added:“ Once an attack like this is underway the counter measures take place at the service provider level. That’s why it’s critical for every organization to understand their services providers’ DDoS practices. You don’t want to start asking about these practices when you have 300Gps of traffic knocking at your door..”
Keanini advised: “One thing that would significantly reduce the impact of DDoS attacks would be for service providers proactively scan their customers’ computers and help them resolve the vulnerabilities used to create botnets. Alternately, service providers could proactively block traffic to those services. Although this requires investment by service providers, these attacks prove that we all will either pay now or pay later.”
Lamar Bailey, director of security research and development said: “The Spamhaus attacks should make other industries sit up and take notice. Spamhaus just demonstrated that even massive DDos attacks can be mitigated, they don’t have to take down your entire network. This is a critical lesson for enterprises, they need to plan for these types of attacks the same way they plan for data breaches. There are very good tools available to help mitigate these attacks; obviously enterprises should proactively add these to their security portfolio. The financial services industry in particular should sit up and take note.”
Whilst Andrew Storms, director of security operations: “Despite the work that has gone into making the Internet extremely resilient, these attacks underscore the fact that there are still some aspects of it that are relatively fragile. The Spamhaus attacks underscores how critical it is for organizations to be more proactive in addressing denial of service threats. We certainly can’t stop people from launching these kinds of attacks but we should invest more in research focused on the underlying issues. Given the scope of the attacks, government incentives supporting research into mitigation tools also makes sense.”