Right to reply: Lessons learnt from SpamHaus DDoS attack

One of the biggest DDoS attacks in history occurred last week, targeting SpamHaus. The attacks started earlier in the month, as part of the Spammer-Anti-Spammer wars and reached its peak yesterday. Amichai Shulman, CTO and Co-founder of Imperva, looks at the industry implication sof the attack, and offers tips on how to be better equipped for an attack.

This month, as part of the Spammer-Anti-Spammer wars – An attack on Spamhaus was created using a DNS amplification attack on highly rated DNS servers, the attack used Botnets to send an initial reflection request to the DNS Servers, which then generated the actual traffic.
Last week, although we are not sure if the same vector of attack was used again, the attack was able to draw enough web traffic to Spamhaus to reach a reported peak of 300Gbps of DDoS – a respectable number indeed.
It is clear that proper DNS Server monitoring and configuration should have deflected the attack at an early stage.
The DNS Attack vector showed again the effectiveness of using servers as initial attack vectors rather than a user-based botnet.
Where can you learn more about DDoS?
• Imperva White-Paper about the four steps to defeat a DDoS attack
HII report that analyzes different DDoS attack techniques, and how to deal with them
• A short DDoS protection customer story that shows both attack and defense mechanisms
By Amichai Shulman
CTO and Co-founder