Distributed denial-of-service campaigns have been making headlines with disturbing frequency, namely from the large attack on Spamhaus that peaked at 300 Gbps. This attack allegedly had no effect on customers, according to the group, but this should serve as a data security warning to companies that do not have protections in place against a DDoS or similar cyberattack, according to InformationWeek editor Matthew Schwartz.
Schwartz said every business needs to work with its security software and service providers in an effort to understand how to defend against this specialized threat, as an attack like this can cause not only headaches, but downtime and loss of money as well.
The attack didn't happen all at once, according to The New York Times, as it first started with about 1,000 computers which were pretending to be Spamhaus and sending information to an open domain name resolver . Spamhaus was not able to handle that amount of traffic, as for each message that was sent to the server, they replied with a message 100-times larger than the initial request.
As a response to the incident, the news source said Spamhaus hired a cloud security consultant who gave them the ability to take on more traffic. Responding to this, Spamhaus then targeted the third-party service provider.
Dealing with this type of attack isn't easy, as it is clear that the hackers in this situation were capable and persistent. Schwartz said beyond crafting a response plan to respond to a DDoS attack of great magnitude, companies need to lock down the infrastructures that attackers could exploit. In the case of Spamhaus, attackers used domain name system server reflection attacks. While users cannot completely protect against DDoS attacks, they can collaborate with their providers to ensure they have a response plan in mind.
Schwartz said the problem can be mitigated in part by configuring DNS software to restrict how it responds. Cloud consultant Matthew Prince wrote in a blog post that these attacks will become more common, but this could go a long way in helping companies out in stopping or slowing these attacks.
"Since DNS requests typically are sent over UDP, which, unlike TCP, does not require a handshake, an attacker can spoof a victim's IP address as the source address in a packet and a misconfigured DNS resolver will happily bombard the victim with responses," Prince said.
Attack is important to remember
Jaikumar Vijayan wrote on Computerworld that whether or not companies like it, attacks like this are of note and important to keep in mind as their business moves forward. While some have questioned Prince's assertion that this attack was so large that it caused certain blocs of the Internet to slow down, Keynote Systems said some network segments in Europe did go 40 percent slower than average during a six-hour time slot on the day of the attacks.
"Even if Prince did overhype the reaction, the fact remains that the DDoS attacks were the largest ever seen on the public Internet by far," Vijayan wrote. "Much more importantly, the attackers took advantage of open DNS servers to generate magnitudes more traffic for their attack than they would have been able to generate via a botnet alone."
Vijayan wrote that the Open DNS Resolver Project, which is an effort by security experts to bring attention to this subject, shows that there are 27 million DNS servers which happens to be open resolvers, with 25 million posing a significant threat. This goes to show how much of a threat this has potential to be in the future, as it is conceivable that hackers could generate much bigger attacks if they used more of these servers to do their bidding.
Cloud Security News from SimplySecurity.com by Trend Micro.