Technology‎ > ‎

Massive DDoS Attack Explained

posted 28 Mar 2013, 06:26 by Mpelembe   [ updated 28 Mar 2013, 06:26 ]

 UK (Next Media) - The Spamhaus project, an international non-profit organization that tracks spam, reported that it has been the target of a persistent distributed denial of service attack. Spamhaus provides spam filtering data to the internet.

The attackers disguised themselves as Spamhaus to send requests to Open DNS servers. The Open DNS servers replied by sending massive waves of information to Spamhaus’ servers.

Spamhaus got help from CloudFlare, which used a technique called ‘anycast’ to send the flood of data to mirrored servers in other locations to relieve the stress on Spamhaus.

But the flood of data was so great that CloudFlare’s servers began to overload the Tier 2 internet service providers on which they relied. The Tier 2 servers blocked the traffic from Spamhaus, causing the traffic to bypass them and head directly to Tier 1 internet service providers in Europe, which connect to each other at the London Internet Exchange.

Internet exchanges such as the one in London connect Tier 1 internet service providers. Tier 1 internet service providers connect Tier 2 networks.

But the attack was so massive that on March 23, the London Internet Exchange suffered an outage for one hour. The perpetrator of the attack on Spamhaus has not yet been identified.


Mercury News, Ars Technica