Results 1 to 10 of 10

Thread: Massive DDOS attacks on Spamhaus threaten Internet connectivity

  1. #1
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,617
    Distro
    Kubuntu 14.04 Trusty Tahr

    Massive DDOS attacks on Spamhaus threaten Internet connectivity

    The first I heard of this was on the front page of the online edition of the New York Times:
    The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Cyberbunker, named for its headquarters, a five-story former NATO bunker, offers hosting services to any Web site “except child porn and anything related to terrorism,” according to its Web site.

    The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second.

    “It is a real number,” [Patrick Gilmore of Akamai] said. “It is the largest publicly announced DDoS attack in the history of the Internet.”
    The spammers being protected by Cyberbunker make the usual claims that groups like Spamhaus are vigilantes trying to impose their will on freedom-loving types who want to send us more trash and phishing ploys designed to defraud the naive and unsuspecting. As someone who manages mail services for myself and a few clients, I've spent many many hours fighting spammers and welcome the existence of groups like Spamhaus. Whether to use a Spamhaus database, or the databases of other similar organizations, is entirely up to the mail provider. However Spamhaus has a wide-ranging effect since the default set for SpamAssassin uses some of Spamhaus's lists. Since the SA developers run tests of the validity of the rules they distribute, the data that Spamhaus provides must have shown their worth over time.

    This is a rather different type of DDOS attack than simply trying to flood an entity's servers with traffic generated by botnets. Apparently it uses the method of sending queries to DNS servers with spoofed source address that makes the traffic appear to be coming from machines at Spamhaus. The DNS servers then send their replies to the Spamhaus machines.

    If you are running a DNS server that is publicly visible, but not authoritative for a domain, you should check your logs to see if you have been inadvertently converted into an amplifier for this attack. My servers are authoritative so they have to accept queries from anywhere on the Internet. If you run a publicly-visible server that only needs to handle queries from a limited range of hosts, make sure you have locked down the configuration so the server will only reply to those hosts and no others.
    Last edited by SeijiSensei; March 27th, 2013 at 12:15 PM.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  2. #2
    Join Date
    Oct 2010
    Location
    London
    Beans
    481
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Massive DDOS attacks on Spamhaus threaten connectivity

    Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.


    “Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”
    - HQ is a nuclear bunker
    - Largest publicly-known DDOS attack
    - Have fended off armed police
    - Spammers

    These guys are clearly supervillains

  3. #3
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,617
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    There have been a couple of attempts to set up Internet service providers at sea beyond national jurisdictions. The first one I heard of was the now-defunct HavenCo on the self-proclaimed Principality of Sealand, formerly home to pirate radio broadcasters off the coast of Britain. Google owns a patent for using ocean waves to power off-shore server farms. Depending on where these are moored they could operate outside territorial waters.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Nov 2008
    Location
    BSAA Headquarters
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    Moved to the brand new Ubuntu, Linux and OS Chat form.

  5. #5
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    I first became aware of the problem well over a week ago, several days before the report in the Times, while investigating some emails that my mail server rejected.

    Spamhaus have some information on their website: http://www.spamhaus.org/news/article...-20-march-2013
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  6. #6
    Join Date
    Dec 2010
    Beans
    Hidden!

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    This is so wrong, Youtube is taking forever to load at the moment


    404
    404

    Come shoot the breeze with us on the Ubuntu Forums IRC channel - #ubuntuforums

  7. #7
    Join Date
    Jun 2008
    Location
    Tennessee
    Beans
    3,413

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    Why enter the bunker? Seems like they can just cut the cable and be done with it.

  8. #8
    Join Date
    Nov 2011
    Beans
    1,283
    Distro
    Ubuntu Development Release

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    Quote Originally Posted by lykwydchykyn View Post
    Why enter the bunker? Seems like they can just cut the cable and be done with it.
    Agreed!

    I have little tolerance for vigilantism. Self-appointed cops are little different from criminals.

    Dutch residents (citizens, presumably) are currently interfering with the lives and livelihoods of people across the globe. The Dutch authorities have a responsibility to end this. Would they be so seemingly lackadaisical if Dutch citizens were interfering with telephone circuits or radio transmission all around the planet?

    They should cut power to the bunker, cut water to the bunker, physically sever the bunker's internet connections, and prevent entrance or exit until people in the bunker surrender to the police.

  9. #9
    Join Date
    Mar 2013
    Beans
    30

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    Why enter the bunker? Seems like they can just cut the cable and be done with it.
    RF + generator maybe? I see no other way unless they're just stupid.

  10. #10
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Massive DDOS attacks on Spamhaus threaten Internet connectivity

    I found this, while searching for something else.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •