The attacks targeted Spamhaus, a Geneva-based volunteer group that publishes spam blacklists which are used by networks to filter out unwanted email, and led to cyberspace congestion which may have affected the overall Internet, according to Matthew Prince of the US security firm CloudFlare.
The attacks began last week, according to Spamhaus, after it placed on its blacklist the Dutch-based Web hosting site Cyberbunker, which claimed it was unfairly labelled as a haven for cybercrime and spam.
While the origin of the attacks has not been identified, some experts pointed the finger at Cyberbunker, possibly in conjunction with other Eastern European cyber-criminals.
CloudFlare, which was called for assistance by Spamhaus, said the attackers changed tactics after the first layer of protection was implemented last week.
"Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth," Prince said. "Once the attackers realised they couldn't knock CloudFlare offline they went after our peers," Prince said.
He said the so-called denial of service attack, which essentially bombards sites with traffic in an effort to disrupt it, was "one of the largest ever reported."
"Over the last few days", he added, "We've seen congestion across several major Tier 1 (networks), primarily in Europe where most of the attacks were concentrated. That would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare."
"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may have been part of the reason," he said in a blog post. Prince noted that these attacks used tactics different than the botnets - these came from so-called "open resolvers" which "are typically running on big servers with fat pipes."
"They are like bazookas and the events of the last week have shown the damage they can cause," he said. "What's troubling is that, compared with what is possible, this attack may prove to be relatively modest," he added.
A spokesman for the network security firm Akamai meanwhile told AFP that based on the published data, "the attack was likely the largest publicly acknowledged attack on record."
"The cyber attack is certainly very large," said Johannes Ullrich of US-based SANS Technology Institute. He said it was a factor-of-10 larger than similar attacks in the recent past.
"But so far, I can't verify that attack affected Internet performance overall," he told AFP.
Source: AFP via I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za
