The DDoS Attack That Almost Broke the Internet, Didn't Even Break the Site It Targeted

Security companies love hype and love exaggerate threats

  Akamai monitors traffic in real time, but didn't show any major congestion, certainly not all over the world, when the attacks occurred. The screenshot was taken after the height of the attack.
DDoS attacks aren't exactly a glamorous subject. Yet, over the past day, everyone has picked up the

DDoS attacks aren't exactly a glamorous subject. Yet, over the past day, everyone has picked up the "biggest attack in internet history" story, including reputable publications like The New York Times or the BBC.

If you'd have listened to the reports, you'd probably believe the apocalypse is upon us, the internet is under grave threat and that this is just the beginning.

Except that's not entirely accurate, in fact, it's mostly exaggeration. Spamhaus, an organization which maintains a list of known ISPs and domains which generate spam email, was attacked with a massive DDoS.

It may very well be the biggest such attack in history, Spamhaus has powerful enemies. It all started with a dispute between Spamhaus and Cyberbunker, the notorious Dutch ISP, which is known for offering hosting to anyone and anything, except child abuse and terrorist sites.

Spamhaus added Cyberbunker to its list and Cyberbunker retaliated by saying it was being censored, Spamhaus was acting as judge, jury and executioner.

It isn't the first time accusations like this have been leveled against Spamhaus, but attackers usually have a grudge with the group.

This time around though, Cyberbunker did something about it, with the help of rogue ISPs, botnets and all the other arsenal at the disposal of big time spammers, it launched a massive distributed denial of service attack against Spamhaus. The attack relied on open DNS resolvers to amplify itself.

This was a week ago and the attack is ongoing. Yet reports of the internet apocalypse only started to surface in the last 24 hours or so. CloudFlare, the security/CDN company that has been helping Spamhaus stay afloat, only then ran a blog post explaining just how terrible things are.

Yet, for all the drama, few people, if any at all, noticed a slow down in the internet. In fact, major Tier 1 ISPs have said that, while the attack itself can be classified as big, it's far from threatening the internet.

Gizmodo contacted NTT, a Tier 1 ISP, which responded that the attack, at 300 Gbps, wasn't nearly large enough to affect the core internet, internet backbones have capacity in the order of Tbps. Renesys, an internet monitoring firm confirmed this, the attack was large, but not an actual threat to the internet. 

Akamai, a large CDN, showed some congestion around the Netherlands, particularly in London where a major internet node (exchange) is housed, but nothing out of the ordinary, similar congestion was seen on the US east coast at that time.

But perhaps the biggest proof against the severity of the attack is the fact that Spamhaus managed to remain online for most of it, with the help of CloudFlare. If the attack didn't even take down the site it was aimed at, it certainly wasn't a danger to the larger internet.

1 Comment

By    28 Mar 2013, 08:20 GMT