Spamhaus, a well known anti-spam organization, which has gained a following over the years for its contributions to Internet safety. But this has also made it one of the main enemies of countless spammers and cybercriminals or hackers who, in revenge, have just launched a DDoS attack in 2013.
The attacks began on March 18, when the organization added the Dutch web hosting company Cyberbunker to its blacklist, which is why it is believed that this company is responsible for the incident.The attackers did not direct the traffic directly to the Spamhaus servers Instead, they exploited the Internet Domain Name System (DNS) servers, which receive a user-readable URL and transform it into a numeric code for computers.
Spamhaus attack Features
In the case of Spamhaus, the attacker was sending requests for the DNS zone file for ripe.net to open the DNS, CloudFare experts explained. The hacker spoofed the CloudFare IP that he had reserved for when Spamhaus is the source of his DNS requests. The open servers responded with a DNS zone file, together generating about 75 Gbps of harmful traffic. The requests may have been 36 bytes long and the response around 3,000 bytes, meaning that this factor was amplified about 100 times.
The threat was so intense that it impacted the Internet speed of millions of users. “DDoS attacks of this type can also affect regular users, who experience typical symptoms such as slow networks or the total inability to access certain network resources the attack was a type of smurf attack known as DNS amplification. Smurf attacks, a word that Smurfs are known by in English, are a type of attack in which by sending a small amount of traffic you get much more traffic to the victim.
Spamhaus contacted CloudFlare, a CDN (content distribution service) specialized in mitigating attacks, to ask them for help with a DDoS attack they were receiving, at that time 10 Gb / s. From that moment on, CloudFlare began to receive requests addressed to Spamhaus, being able to mitigate the initial attack through its anycast network and the attackers stopped their attack on the Spamhaus website four hours after it started.
