Linked by Thom Holwerda on Thu 28th Mar 2013 00:36 UTC, submitted by MOS6510
Internet & Networking "The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."
Thread beginning with comment 556940
To view parent comment, click here.
To read all comments associated with this story, please click here.
puidelup
Member since:
2013-03-19

It is a new vector in attack in that it's only really been exploited like this in recent years.


Well here you might be right.

This is a type of Reflected DDoS (http://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_.2F...), of which there are many. They were "all the rage" in the late 90ties (smurf attacks, DC attacks anyone?). If specifically DNS amplification attacks are something new, especially on this scale, I don't know. But they're just a variation of the same basic concept.

I've known about DNS amplification attacks for ~3 years, and by quickly googling around I found that in 2006-2007 they were considered new (http://www.theinquirer.net/inquirer/news/1015743/dns-amplification-..., http://securitytnt.com/dns-amplification-attack/). I really thought this was older ;)

so this may be relatively new, but it's yet another form of reflective DDOS

Reply Parent Score: 2

Laurence Member since:
2007-03-26


Well here you might be right.

This is a type of Reflected DDoS (http://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_.2F...), of which there are many. They were "all the rage" in the late 90ties (smurf attacks, DC attacks anyone?). If specifically DNS amplification attacks are something new, especially on this scale, I don't know. But they're just a variation of the same basic concept.

I'm aware of that. But you're still missing my point that the previous reflective attacks didn't amplify requests by nearly the same ratio as this one does. And that's the crux of the issue. Previously, reflective attacks were largely used for anonymity (with minor amplification being a bonus). Here the reflection is done specifically for amplification where anonymity is a fortunate (for them) side effect.


I've known about DNS amplification attacks for ~3 years, and by quickly googling around I found that in 2006-2007 they were considered new (http://www.theinquirer.net/inquirer/news/1015743/dns-amplification-..., http://securitytnt.com/dns-amplification-attack/). I really thought this was older ;)

so this may be relatively new, but it's yet another form of reflective DDOS

Again, you're arguing points that were never in dispute. I really don't know how many times I have to reiterate that I'm aware the concept is an old one before you move off that moot point. You're like a dog with a bone :p

Reply Parent Score: 2