You might not have noticed it, but a few weeks ago the largest online attack that has ever happened took place. It was so severe that it slowed down the whole of the internet for a while,
The Spamhaus Project is one of the internet’s front line assaults on spam email. The organization tracks spam service providers and spam senders across the internet and it supplies networks with spam protection in the real time. It also works with various international law enforcement agencies in order to track down spammers.
Spamhaus maintains a DNSBL (essentially a blocklist) database which Internet mail servers query in real time in order to gain an opinion on the legitimacy and origin of all incoming mail. It doesn’t actually block suspect email, it simply provides to all that ask an opinion as to whether any particular IP Address conforms to the Spamhaus inbound email acceptance policy. It is then up to the appropriate secure email gateway as to whether the email message is passed through or blocked.
Not surprisingly spammers consider the Spamhaus Project to be a mortal enemy, which was no doubt a primary motivation for the attack. The attack used a huge 33 gigabytes of data a second and was enough to bring Spamhaus to a grinding halt, and it was widely reported that the whole internet slowed down at the peak of the attack.
The vulnerability exploited by the attack resides in the internet’s infrastructure and involves open DNS resolvers, which is essentially the internet address book. Their purpose is to respond to requests to go to a specific website but they also respond to queries such as verifying the authenticity of a website, and it is these requests that can increase vastly the amount of traffic that is returned.
The attackers faked their own IP address and replaced it with those of the Spamhaus’s servers and used this to query many DNS resolvers thus funnelling a huge amount of responses to the Spamhaus’s servers.
Preventing this happening again requires only that the default settings on the DNS revolvers to be changed, but now it seems that the attackers are moving on to their next target, which is vulnerabilities in content-management software such as WordPress. These permit attackers to use these hosting platforms to launch extremely powerful attacks.
If you are concerned that the internet is becoming a battleground and you want to ensure that your business email is kept safe from spam, then visit Mimecast.com for information on their secure hosted email gateway.
Jan 27, 2015 0