Attacks on Spamhaus biggest ‘known’ DDoS at 300Gbps

“Several” Tier 1 carriers hit by network congestion due to massive DDoS attacks, says CloudFlare.

The ongoing traffic attack on European anti-spam group Spamhaus has escalated from 75 Gbps peak last week to 300Gbps, making it the biggest on public record, according to experts.

The distributed denial of service attacks on Spamhaus are the result of a dispute that started after the anti-spam group added Dutch bulletproof host, Cyberbunker, to its domain name server DNS blocklists, according to the New York Times.

Spamhaus maintains several DNS lists for different spam, botnet and malware related threats, which it distributes to internet service providers that use them to block IP addresses deemed malicious.

As reported by CSO Australia last week, on Tuesday last week Spamhaus sought refuge with CDN provider, CloudFlare, after a sustained attack knocked Spamhaus’ mailserver and website offline. CloudFlare reported the attacks had reached 75Gbps.

Spamhaus reported some services returning this week, however the attacks have not stopped and their scale has begun to impact on higher tier internet providers.

Patrick Gilmore, chief architect for CDN heavyweight, Akamai Technologies, told the Times that the current attacks at 300Gbps is the “largest publicly announced DDoS attack in the history of the internet”.

Spamhaus has previously blamed a “Russian criminal malware gang” for the attacks, but had not named them.

The Times reported that Sven Olaf Kamphuis, an internet activist claiming to be a spokesperson for the attackers, said that Cyberbunker was attacking Spamhaus because it abused its position as a self-appointed deputy of the internet.

Kamphuis, however, has denied saying the attacks were launched from Cyberbunker, but does blame Spamhaus for Cyberbunker losing its upstream provider connections.

“The republic cyberbunker got all of its upstreams disconnected over the past month because spamhaus kept abusing its influence to list -their- mailservers so they were forced to breach contracts tata communications and tinet to name a few there have been others in the past.

"Those are multinationals, letting a vague offshore 'spam fighting' firm decide who they can take on as customers... that -is- a bit weird to say the least if spamhaus is under the impression that our clients would be 'criminals' then thats fine, they're free to file police reports, if not, they can go to hell they can't prescribe to the whole world who can have internet and who can't."

The dispute between Spamhaus and Cyberbunker is a long-running one.

Sven Olaf Kamphuis was also the identity used as a spokesperson for CB3ROB, a German hosting provider that Spamhaus’ block list ties to over 120 operations it considers spam, including the Russian Business Network and the notorious Grum botnet. Spamhaus says CB3ROB is Cyberbunker.

The attacks have impacted several of CloudFlare’s ‘points of presence’ over the past week, most recently forcing it to reroute traffic in parts of its European networks.

In an update today, CloudFlare CEO Matthew Prince says the attacks have even caused tremors at several of the world’s dozen Tier 1 providers.

“At the core of the Internet, if all else fails, it is these Tier 1 providers that ensure that every network is connected to every other network. If one of them fails, it's a big deal,” said Prince.

“Over the last few days, as these attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare. If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags Spamhausddossecurity

More about Akamai TechnologiesAkamai TechnologiesCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place