Huge DDoS Attack a New Approach

Monday, April 1, 2013 @ 05:04 PM gHale

A distributed denial-of-service (DDoS) attack using a technique known as DNS reflection has resulted in what security experts are calling the largest DDoS attack to date, which generated traffic volumes of 300G bps, or about three times larger than any known previous attacks.

The DDoS attack on Internet blacklist maintainer Spamhaus topped 300G bps, powered by “open recursive resolvers,” which allowed attackers to turn modest attacks into overwhelming floods of traffic.

Cisco’s Stronger Passwords get Weaker
Insecure Web-Facing Devices
SAS: Keeping an Eye on Mobile Devices
DDoS Attacks Steady; Others on Rise

The series of attacks, which started in the third week of March, hit the anti-spam organization Spamhaus, whose blacklists see use by companies to block traffic from questionable servers. Spamhaus’ services angered spam distributors and their hosting providers and the attack is just the latest effort to protest and thwart Spamhaus’ work.

While Spamhaus has often come under DDoS attack, the latest onslaught has exceeded any past data flood, said Adam Wosotowsky, a threat researcher with McAfee.

“The volume is the biggest surprise,” he said. “While there have been some significant DDoS attacks over the years, doing so tends to expose the botnet to detection and eventual takedown. Spamhaus apparently really hit a wasp nest on this one.”

The high attack bandwidth is possible because attackers are using misconfigured domain-name service (DNS) servers, known as open recursive resolvers or open recursors, to amplify a much smaller attack into a larger data flood.

Known as DNS reflection, the technique uses requests for a relatively large zone file that appear to come from the intended victim’s network. Because of the improper configuration of the DNS server, it will respond to each request by sending the zone file to the victim’s address, overwhelming the network.

Leave a Reply

You must be logged in to post a comment.