Internet

Massive DDoS Attack on Security Firm Slows Down the Internet

Massive DDoS Attack on Security Firm Slows Down the Internet
Bernadine Racoma

A distributed denial of service (DDoS) was launched against an anti-malware company just recently. This has become fairly common lately, but this time there was a twist. There was an escalation. It may not have been a programmed response but the resulting data about the attack was very surprising.

Spamhaus, an Internet Security Company

Spamhaus is a B2B service company which gathers and sells a blacklist of spam sites. With offices in London and Geneva, Spamhaus is responsible for preventing 80% of all spam worldwide. Seeing that the success of the business made it a likely target of attacks, it put in place security measures. One of these security measures was meant to lessen the damages in the event of a DDoS attack. Spamhaus uses the services of Cloudfare to make sure that they remain in operation even if there was a DDoS attack.

A DDoS attack is so called because the server is kept so busy that it cannot reply to legitimate requests from across the Internet. This is done with the use of compromised computers and automated programs called botnets. These are infected computers which can be activated to send a ping to a specific address on demand. The owners of these computers do not know that the machines have been compromised because they do not do anything out of the ordinary unless they are activated for the attack. Even during a DDoS attack, the computing power and bandwidth required are almost negligible on the infected computers. Usually, these computers are just sending a ping to the server, and doing it as a background process. With thousands of compromised computers pinging the server, the server would be processing these ping requests instead of serving web pages. The web page delivery would grind down to a crawl, and if the DDoS is successful, it would inundate the server and no requests would be served.

With the help of Cloudfare, the attacks were deflected by sending the requests to other data centers. However, there was something interesting about the latest DDoS attack. Whereas this defense would have worked with older attacks, this time, the bots attacked upstream, by going after Cloudfare’s service provider. On top of that, the traffic volume normally would have been only about 100 gigabits per second. This time it had ramped up to 300 gigabits per second of data.

Inundated DNS Servers

Along the way, other servers were also affected, specifically, the DNS servers. Domain Name Servers or DNS servers convert the URL of every Internet browser request into the numeric IP address that network equipment like routers and switches would understand. The bots had gone so far upstream that they had affected DNS servers as well. With DNS servers being too busy, the rest of the world felt the Internet slow down as well.

The above simplifications explains why global Internet use slowed down last week during the attack. This was not the first time that Spamhaus was attacked, but it was the largest. The normal response to a DDoS was to shutdown the servers, and then implement filters to distinguish between legitimate requests and pings. One of the most famous DDoS attacks happened in April 2007 when an Estonian newspaper was attacked, bringing down that whole country’s Internet.

 

Comment Below
Internet

More in Internet

ipad-1721428_1920

Web-based App Terpy Easily Connects Interpreters with Clients

Denise RecaldeNovember 9, 2016
DayNews-TwitterRecord

Philippine AlDub Phenomenon Goes Global, Breaks Record on Twitter

Bernadine RacomaOctober 26, 2015
DayNews-Twitter-Bird

Twitter Unveils a New Major Feature Called Moments

Bernadine RacomaOctober 19, 2015
Daynews-Hacker-Hacking-Symbol

American and British Law Enforcement Teamed Up to Bust Cyber Robbers

Bernadine RacomaOctober 19, 2015
iVote iWatch Seal

Citizen Media Advocates Launch iWatch, iVote for the 2016 PH Elections

Day NewsSeptember 29, 2015
Yahoo! HQ

Yahoo! to Stop Access to its Services with Google and Facebook IDs

Bernadine RacomaMarch 5, 2014
Connected World

New Open Internet Regulations Coming Up Soon

Bernadine RacomaFebruary 28, 2014
John Kerry

U.S. Secretary of State John Kerry Meets Chinese Bloggers Seeking Online Freedom

Bernadine RacomaFebruary 15, 2014
Net Neutrality

Washington Appeals Court Nullifies FCC Rules for Net Neutrality

Bernadine RacomaJanuary 15, 2014

Day News Corporation

415 Madison Avenue, 15th Floor, New York City, NY 10017

(212) 537-6123

Latest Tweets

DayNewsCo @DayNewsCo

Could not authenticate you.