It may be the most disturbing thing about last week’s historic denial of service attack on a Dutch anti-spam organization — the fact that the technology involved wasn’t that complicated. That’s one of the findings of security professionals studying the attack methods used on Spamhaus, along with the knowledge that the hackers used the Internet‘s own structure to extend their assaults on the group.
One of the largest denial of service attacks in the history of the Internet didn’t take rocket science to execute. The offensive was conducted over several days last week after the anti-spam group Spamhaus placed a Dutch hosting service, located in a former NATO bunker, on a blacklist reserved for spammers.
A group calling itself STOPhaus is claiming responsibility for the series of attacks which, at their height, reached bandwidths of 300 Gbps. A 10 Gbps attack will bring most websites down.
To reach those bandwidth levels, the attackers exploited the Internet’s architecture and the Domain Naming System to expand the scope of their assaults. They essentially used open servers used to resolve DNS addresses on the Internet like megaphones to amplify their attacks.
The technique was used earlier this year in a series of attacks on U.S. financial websites.
Perl Used By Swine?
Despite the magnitude of the onslaughts, security experts said they can be launched with a relatively low level of technical knowledge. “The technique isn’t particularly difficult,” said Matthew Prince, co-founder and CEO of Cloudflare. Prince’s company came to Spamhaus’s aid when the attacks threatened to overwhelm its website.
“The amount of code you’d need to write to launch this attack can almost be done in a line of Perl,” Prince told TechNewsWorld. The most difficult part of the campaign is finding open resolvers to use in your attack because it requires scanning billions of IP addresses.
“It takes a lot of reconnaissance, but not a whole lot of technology itself,” Henry Stern, a threat researcher with Cisco told TechNewsWorld. That reconnaisance may have gotten easier. A group calling itself the Open DNS Resolver Project has published a list of 27 million open or semi-open resolvers on the Net. The group’s intentions are good ones; it wants server operators to check their IP addresses at the site and restrict access to any of their servers they find on the list.
Blowfish12@2013 blowfish12.tk Author: Sudharsun. P. R.
- Largest-Ever DDoS Campaign Demonstrates Danger of New Attack Method (eweek.com)
- Largest-Ever DDoS Attack on Internet Blacklist Maintainer Spamhaus Tops 300 Gbp (leaksource.wordpress.com)
- Spamhaus Attacks Expose Huge Open DNS Server Dangers (cio.com)
- The DDoS Attack That Almost Broke the Internet, Didn’t Even Break the Site It Targeted (news.softpedia.com)