In the curious case of CyberBunker's DDoS of Spamhaus, a company called CloudFlare is accused of spreading fear, uncertainty and doubt. Some say that its dire warnings of imminent Internet death are over-egged, and that the net coped admirably with recent 300Gb/s traffic peaks.
In IT Blogwatch, bloggers want you to secure your DNS anyway.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Lucian Constantin is our constant companion:
DDoS attack of unprecedented scale. ...problems for Internet users around the world. ...targeted the Spamhaus Project. ...ultimately targeted Tier 1 providers...the core of the Internet, and Internet Exchanges (IX).
The method of attack used in this case is known as DNS reflection and involves sending spoofed requests to...DNS servers that can be queried by anyone...that appear to originate from the intended victim's IP address. ...there are millions of open DNS resolvers on the Internet that can be abused in this way. MORE
Not scared yet? John Leyden jars us awake:
The largest source of attack traffic against Spamhaus came from DNS reflection...collateral damage was seen against services such as Netflix.
CloudFlare reckons 30,000 unique DNS resolvers have been involved. ... "the attacker...generate[d] 750Mbps - which is possible with a small sized botnet or a handful of AWS instances." MORE
So David Meyer asks, "Whodunnit?"
...all eyes seem to be on CyberBunker, a Dutch host that prides itself on hosting anything except terrorist material and child pornography.
Spamhaus lists [it] as the world’s number-one offender when it comes to hosting spam gangs. MORE
However, Sam Biddle hates hyperbole and FUD:
You might've read some headlines...saying that [it] slow[ed] down the internet. ...exciting and scary. ...not true.
[The] Internet Traffic Report show[s] zero evidence. ...the only people willing to make any claims [is] CloudFlare, the anti-DDoS firm...that's responsible for the sky-falling internet weather report...that stands to profit directly from you being worried. ... CloudFlare put up a breathless blog post..."The DDoS That Almost Broke the Internet." Yikes! ... This would be so terrifying if it weren't advertising.
I received this note from a spokesperson for NTT: ... "I side with you questioning if it shook the global internet." ... I received a similar reply from Renesys: ..."the global Internet as a whole was not impacted." ...if your product is worth a damn, you shouldn't have to lie to the internet to sell it. MORE
Oh! But CloudFlare CEO Matthew Prince does at least offer some hard data:
we have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack. ...attacks at this scale...risk overwhelming the systems that link together the Internet itself.
At the bottom of this attack [is] the problem of open DNS recursors. The attackers were able to generate more than 300Gbps [with just] 1/100th of that amount of traffic. ...these mis-configured DNS recursors...literally threaten the stability of the Internet. ...network providers [must] work with their customers to close any open resolvers.
What's troubling is that, compared with what is possible, this attack may prove to be relatively modest. MORE
Meanwhile, the Open DNS Resolver Project offers this advice to IT people:
If you operate a DNS server, please check the settings. Authoritative servers should not offer recursion. ... Recursive servers should be restricted to your enterprise or customer IP ranges to prevent abuse.
If you are in the security community...configure BCP-38 on all CPE and Datacenter equipment edges. ... Configure your DNS servers with DNS RRL. MORE