CATEGORIES
home News

How the DDoS Attack on Spamhaus Could Have Been Prevented

by Rob WilliamsSaturday, March 30, 2013, 03:00 PM EDT

DDoSing a Web server has become the de facto way to exact revenge on someone, or some company. Not a week, or sometimes even a day, will go by when you can't read about some ongoing DDoS attack. We've seen them spawned by Internet goofs to professional criminals. DDoSing is easy, and it's effective. That's why it's so heavily-used.

Usually, though, DDoS effects are not quite like what we saw with Spamhaus earlier this week. As mentioned in that post, a record-setting 300Gbit/s was shot at Spamhaus and its host, CloudFlare, crippling a portion of the Internet to much of the UK and other regions in Europe. The first thing that might come to mind when a DDoS attack strikes is, "What could have been done to prevent it?"

The folks over at CNET have asked the same question, and have produced a simple answer: "Adopt BCP38". What is BCP38, you ask? It's "Best Current Practice #38", a proposed network filtering feature that, at the highest-level, prevents IP address spoofing - the leading reason that DDoSers can do what they do. It might surprise you to know that this proposal was published in May of... 2000. Yes, a full 13-years-ago, and we're still dealing with DDoSing today.

Essentially, BCP38 would allow servers, routers and other Internet connectivity devices to refuse connections from a spoofed IP address - that is, a fake IP address. This is easy to do, and because of how the open recursive resolvers work on domain name servers, DDoSers can amplify traffic from one connection to produce 30x the workload. Easy on their end, very rough on the receiver's end.

The problem is, the fix would require networking equipment of all flavors to implement uRPF (Unicast Reverse Path Forwarding) or access control lists - the latter of which seems impossible given its sheer potential size.

There are of course many other possible solutions to defeating DDoS attacks, but none of them are going to be without some major caveats. But sooner or later, a solution will need to be implemented, because as it stands, DDoS attacks are way too easy to pull off, and their effect is crippling.

Tags:  server, security, Internet, DDoS, Spamhaus, CloudFlare
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment