SUCCESSFUL ARMED FORCES EMPLOYMENT PROGRAMME EXTEN... » An innovative programme that helps jobseekers who have an interest in the Armed Forces get into work... NW Systems helps meet safeguarding needs of Outs... » Hoylake-based NW Systems has provided an advanced IP video system to help Wirral Hospitals’ School, ... UK TROOPS TO TRAIN MODERATE SYRIAN OPPOSITION » THE Defence Secretary has announced today that the UK will provide further support to the internatio... Options secure new multi-million pound banking f... » London / New York: Options has announced that they have secured a new multi-million pound banking fa... £200,000 Tees Valley Catalyst Fund loan helps Co... » A Cramlington-based company has won a $6 million contract with Hyundai Engineering & Construction to... 2019: The danger that lies ahead, but what time is... » A SPECIAL ANALYSIS ON THE NIGERIAN POLITY FROM 1914 - TILL THE PRESENT “Justice is the constant... GOODLUCK EBELE JONATHAN & HIS ROCK STEADY BROTHEL:... » THE DUMBING DOWN OF VALUES IN THE AGE OF JONATHAN: STANDARDS IN PUBLIC LIFE BEGINNING AT THE PRESIDE... Becrypt announces publication of CESG approved gui... » London, UK: Becrypt has announced that CESG, the UK’s National Technical Authority on Information As... Semafone partners with AsiaPay to offer secure pay... » Guildford, Surrey, UK: AsiaPay has announced that Semafone®, the international provider of secure pa... Wick Hill named as one of ‘1000 companies to inspi... » Woking, Surrey: After an incredibly successful 2014, and being named Woking’s ‘Most Successful Compa...

CLICK HERE TO

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Lessons learnt from SpamHaus DDoS attack

Vigilance can report that last week, as part of the Spammer-Anti-Spammer wars, an attack on Spamhaus was created using a DNS amplification attack on highly rated DNS servers, the attack used Botnets to send an initial reflection request to the DNS Servers, which then generated the actual traffic. Today, although we are not sure if the same vector of attack was used again, the attack was able to draw enough web traffic to Spamhaus to reach a reported peak of 300Gbps of DDoS – a respectable number indeed. It is clear that proper DNS Server monitoring and configuration should have deflected the attack at an early stage. The DNS Attack vector showed again the effectiveness of using servers as initial attack vectors rather than a user-based botnet.

 

Spamhaus cyber attack

In his reaction to the news around the Spamhaus cyberattack, which researchers are describing as the world’s largest ever cyber attack and is slowing down global internet services, Tim Keanini, CRO at nCircle, said: “While this is making the news, this is the day in the life of a service provider as these attacks are common place. Yes, this one is larger but again that is a product of more and more computers get compromised to become a part of these botnets and these computers are being connected at higher and higher speeds each year.”

Mr Keanini added:“Application amplification is also something that has been around for quite some time. Anytime you have a situation where 1 packets can be spoofed and sent to a destination that will return 2 or more packets (returning 5 gets you a 5:1 amplifier), you can be damn sure that DDoS’er will know how to leverage it. This also stresses the importance of monitory ingress/egress filtering at the border routers to make it impossible to spoof addresses. My point is that all the counter measures for this type of attack once it has begun will be at the service provider level so get to know your service provider and understand their practices when it comes to DDoS. Better to know them now than when you have 300Gps of traffic showing up at your door.”

Keanini advised: “Lastly, it goes without saying but if systems are vulnerable, and they are put on the Internet, they will be recruited to become a part of botnets. I think service providers should proactively scan their customers computers and help them resolve these vulnerabilities or block traffic to those services. It is a pay now or pay later type of situation because the bad guys will find this and it will still be the problem of customer and service provider – better to get ahead of the problem when you can schedule the work than to be called in to work when all hell breaks loose.”

Lamar Bailey, director of security research and development said: “The Spamhaus attacks should make other industries sit up and take notice. Spamhaus just demonstrated that even massive DDos attacks can be mitigated, they don’t have to take down your entire network. This is a critical lesson for enterprises, they need to plan for these types of attacks the same way they plan for data breaches. There are very good tools available to help mitigate these attacks; obviously enterprises should proactively add these to their security portfolio. The financial services industry in particular should sit up and take note.”

Whilst Andrew Storms, director of security operations: “Despite the work that has gone into making the Internet extremely resilient, these attacks underscore the fact that there are still some aspects of it that are relatively fragile. The Spamhaus attacks underscores how critical it is for organizations to be more proactive in addressing denial of service threats. We certainly can’t stop people from launching these kinds of attacks but we should invest more in research focused on the underlying issues. Given the scope of the attacks, government incentives supporting research into mitigation tools also makes sense.”