Internet Storm Center on the Spamhaus DOS

The Internet Storm Center (ISC) has a blog post up discussing the DOS attack against Spamhaus. They do confirm they saw traffic approaching 300Gbps against Spamhaus. They also point out that most people probably never knew.

The attack was significant, but not globally so despite the media reports to the contrary. When news of the attack reached the Internet Storm Center, we did have a brief moment of panic and contemplated resorting to cannibalism. However, we quickly decided against this option (due to a combination of calmer heads prevailing and a lack of consensus on whether people could be turned into bacon).

ISC has a lot of technical details about how to secure your DNS servers, and I strongly encourage everyone to go look and make sure their DNS servers are secure. I checked ours a few days ago. I really didn’t think they would be open; Steve gets DNS and keeps up with security so it was unlikely we had open resolvers. I looked up our resolvers anyway because a second pair of eyes on things is never a bad thing.

Spamhaus answers about the recent DoS attack
Post-mortem on the Spamhaus DOS

Related Posts

MAAWG presents the first J.D. Falk award

Last week at MAAWG went much like all MAAWG conferences go: too much to do, too many interesting panels to attend, too many people to connect and work with, a plethora of very interesting keynote speakers and a total lack of sleep. Most of what happens at MAAWG is not public, but some of the events are.
One of the things that I can talk about is the J.D. Falk award. This award was established by MAAWG, Return Path and J.D.’s family to recognize people who work, usually behind the scenes and without fanfare, to enhance the Internet and protect end users. I sat on the award committee and we had a number of nominations for very worthy work. But the nomination that stood out was the one for Tom Grasso. Tom was the driving force behind the creation of the DNS Changer Working group. He was responsible for connecting experts from throughout the Internet industry, including ISPs, anti-virus vendors, and the broader security community to prevent the Internet for going dark for  hundreds of thousands of infected individuals.
I am very proud of the decision the committee made. The bar has been set high for future recipients. Tom did an amazing job convincing lots of players to work together. His involvement definitely made the internet better for everyone, not just those infected by Rove Digital’s malware. What he did is a model for private / public partnerships in the future.
I don’t think I could say it better than the MAAWG press release, so I’ll just end with that.

Read More

Setting up DNS for sending email

Email – and email filtering – makes a lot of use of DNS, and it’s fairly easy to miss something. Here are a few checklists to help:

Read More

Spear phishing

It’s been about a year since people started publicly talking about spear phishing attacks against ESPs and major emailers. There was a lot of energy put into talking about how to protect against future attacks. I have to wonder, though, how much of that talk translated into action?
What processes do you have in place to protect your company against attacks?
If you’re at an ESP, do you have the ability to scan your outgoing stream for keywords or domains?
If you’re a brand, have you implemented restrictions on which employees have access to your databases?
What have you done since the last set of attacks? Are you vulnerable if new attacks start?
More information on ESP attacks:
Be on the lookout
Time for a real security response
Email attacks

Read More