In the Face of the Largest (Known) DDoS Attack
By Cat Yong
Late in the month of March, Sophos had detailed how Cyberbunker, a ‘dodgy’ Internet hosting provider from the Netherlands ‘”took umbrage” with Spamhaus, a non-profit organisation that takes on spammers and Internet hosts who profit from their activities.
What ensued, was reported by numerous news sites as the biggest attack in the history of the Internet. Akamai Technologies, enterprise security director in Asia Pacific, John Ellis said, “The DDoS attack on SpamHaus clocked in at 300 billion bits per second and is the largest publicly announced DDoS attack in the history of the Internet.
![]() |
John Ellis |
“The 300Gbps is what was reportedly seen by a tier-1 telco provider and not by the content delivery provider who was hosting SpamHaus’s site. The attackers against SpamHaus moved their attack to several Internet Exchange Points (IXPs) in a bid to suffocate the upstream bandwidth of SpamHaus’s hosting provider.
The various Tier-1 providers involved were able to re-route traffic around the congestion and also filter out the attack before reaching SpamHaus’s site,” Ellis further explained.
General Internet users ‘suffered’ as a result of the DDoS attack but Ellis noted, “No one has any vested interest in truly taking down the Internet, nor prolonged disruption of service in its entirety. Localised and targeted attacks even from foreign states is typically the objective of DDoS.
Ellis pointed out, “Despite its resilience to date, in the face of major but localised incidents such as the 2007 Taiwan earthquake, 9/11, and Hurricane Katerina, there is some concerns about the future of the Internet’s resilience.”
He suggested that the areas that need attention are:
What has happened is that the IT industry has had to apply band-aid solutions to fix many of the design limitations of the Internet. As a result, “Even new more secure and better designed parts of the internet (for want of better words) have to co-exist with the less than ideal implementations.”
What can enterprises do in the face of DDoS attacks like the one on SpamHaus?
Instead, Ellis proposed protection at the edge of the Internet, by leveraging a cloud security solution. He explained, “A solution that is able to distribute their service or service entry point across the Internet.”
“For an enterprise looking to protect itself, it needs to assess their approach and strategy at three levels – data centre, geographically and service-wise.
“How can the enterprise ensure that their data centre is resilient to DDoS attacks? Especially attacks at the application level – these attacks may not even impact network bandwidth, yet exploit vulnerabilities in the application or database services within the technology stack,” said Ellis.
For geographical resilience, the enterprise has to take into consideration the multiple service providers they have servicing its primary data centre? If a regional attack like SpamHaus’ occurs, what is the strategy and approach to business continuity?
From the service resilience point of view, enterprises have to think about how to protect their underlying critical infrastructure and application services such as DNS.
“DNS is an often overlooked service, yet as seen in the SpamHaus attack, DNS is often an after-thought for many organisations and they do not have sufficient geographical and capacity resilience.
“Furthermore, what is the strategy for providing resilience to the services provided by third parties or even hosted by third parties such as a cloud provider (irrespective of whether they are a IaaS, PaaS or SaaS cloud provider)?” Ellis concluded with that theoretical question.
You must be logged in to post a comment.
There are no comments
Add yours