DDoS Attack Against Spamhaus Exposes Huge Security Threat On DNS Servers

If you've had a difficult time connecting to select websites over the past few days, there's a very good chance that an on-going attack against spam-prevention agency Spamhaus is to blame. Spamhaus, based in London and Geneva, helps e-mail providers filter spam, and to do this, it manages a blocklist that includes any server verified to be used for the sole purpose of distributing unwanted content. You can see where this is going.

Cyberbunker, a host that touts its willingness to host anything outside of child pornography and terrorism materials, recently found itself on Spamhaus' blocklist. It hasn't taken too kindly to the inclusion, and has begun working with "criminal gangs" in Eastern Europe and Russia to DDoS (surprised?) Spamhaus' DNS servers.

Though it might not have been widely-known before, Spamhaus' operations are effective because it acts as a Domain Name Server, allowing its customers to route through it. One customer is CloudFlare, a content-distribution network. If you tried to connect to a site using CloudFlare this week and happen to reside in Europe, chances are good that you were greeted with a DNS error rather than the site itself.

The on-going attack has set the unfortunate record of being the worst in history. Normally, when DDoS attacks target banks, total throughput is about 50Gbit/s. The largest Arbor Networks, a company which helps protect against DDoS attacks, has witnessed was clocked at 100Gbit/s. By comparison, this Spamhaus attack has peaked at a staggering 300Gbit/s.

300Gbit/s! That's equivalent to 10,240 30Mbit/s home Internet connections attacking the same service at once with 100% of their throughput. Despite this, Spamhaus has resumed operations for the most part, although it's a worry that outages could begin to affect other important services, such as banking or e-mail.

If you wish to delve deeper into the goings-on of this attack, I highly recommend checking out a set of posts CloudFlare made to its blog; one that discusses how this attack almost broke the Internet and also how the company recovered from its share of the attack.