SNMP DDoS against Spamhaus

Reports and investigations into Distributed Denial of Service attacks.

SNMP DDoS against Spamhaus

Postby AlphaCentauri » Tue Dec 27, 2011 10:44 pm

Spamhaus has observed a newer type of distributed denial-of-service attack (DDoS) which has only recently become popular among cybercriminals. In just the past month, several attacks using this method have been investigated by private security firms and law enforcement agencies. During December 2011, Spamhaus sustained an SNMP DDoS on the order of magnitude of the largest DDoS seen to date on the Internet. Our anti-DDoS resources allowed us to implement effective measures to mitigate this attack, and we are working with law enforcement and security industry partners to shut down the originators.

This DDoS vector is similar to the older DNS Amplification Attack, but instead of DNS it uses Simple Network Management Protocol (SNMP) services to reflect and amplify a stream of UDP packets toward a DDoS target. The attacker's packets contain forged (spoofed) originating IP addresses, so that the SNMP server to which these packets are sent replies with a large UDP packet to the spoofed address, which belongs to the victim. The amplification effect of this vector can produce high traffic volumes from a relatively small input stream, effectively clogging the 'pipes' into the victim's server to produce denial of service.


http://www.spamhaus.org/news.lasso?article=678
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: SNMP DDoS against Spamhaus

Postby Red Dwarf » Mon Mar 18, 2013 5:57 pm

Spamhaus has been down for over 24 hours.

http://blog.wordtothewise.com/2013/03/s ... ajor-ddos/

March 18, 2013
DNS services, including rsync and the mirrors, are up and running.

Spamhaus is working to bring the mailserver and website back up, and are hoping to have it up later today.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: SNMP DDoS against Spamhaus

Postby Red Dwarf » Fri Apr 26, 2013 5:40 pm

One month later!
Ref: http://www.bbc.co.uk/news/technology-22314938 26 April 2013
Spanish police have arrested a Dutchman suspected of being behind one of the biggest ever web attacks.

The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.

"Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and the way they have worked with us," said a Spamhaus spokesman.


Back in March -Ref: http://www.bbc.co.uk/news/technology-21954636 27 March 2013
Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10542
Joined: Tue Jun 27, 2006 2:01 am

Re: SNMP DDoS against Spamhaus

Postby NotBuyingIt » Fri Apr 26, 2013 6:43 pm

The BBC report makes the irony of the situation difficult to ignore.

Mr Kamphuis took exception to Spamhaus's action saying in messages sent to the press that it had no right to decide "what goes and does not go on the internet".

The report seems to suggest that "SK" anointed himself to decide what does or does not go on the internet.

He was arrested in Barcelona — a lovely vacation stop, in case anyone is interested. One can dine very nicely on inexpensive tortilla (Espanola) and café con leche, although the highly acclaimed ham is a bit too bloody for my taste.
NotBuyingIt
Spammer Killing Machine
 
Posts: 612
Joined: Sun Jun 13, 2010 5:22 pm


Return to Denial of Service Attacks [DDOS]

Who is online

Users browsing this forum: No registered users and 1 guest