Post-mortem on the Spamhaus DOS
There’s been a ton of press over the last week on the denial of service attack on Spamhaus. A lot of it has been overly excited and exaggerated, probably in an effort to generate clicks and ad revenue at the relevant websites. But we’re starting to see the security and network experts talk about the attack, it’s effects and what it tells us about future attacks.
I posted an analysis from the ISC yesterday. They had some useful information about the attack and about what everyone should be doing to stop from contributing to future attacks (close your open DNS resolver). The nice thing about this article is that it looked at the attack from the point of view of network health and security.
Today another article was published in TechWeekEurope that said many of the same things that the ISC article did about the size and impact of the attacks.
What’s the takeaway from this?
- Yes, there was a very large attack (300Gbps).
- The attack was focused at Spamhaus, and later some of the Internet Exchanges (IX).
- The attack caused some sleepless nights for the folks handling the routers as they dealt with the traffic.
- The attack caused some websites (some hosted by Cloudflare, some sharing network space with Cloudflare) to be offline for some period of time.
- The attack wasn’t noticed by most end users.
- The networks identified engineering issues that made this attack worse (open DNS resolvers, some engineering choices inside the IXs).