/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsClose on the heels of hackers paralyzing South Korean banks and broadcasters last month-a huge DDoS attack impacted critical internet servers worldwide, thus leading to slow internet speeds.
While the impact was felt more in the US and other western countries, the users in India were spared, but during the last week of March, many users saw their internet speeds heading south. This was attributed to the multiple fiber cuts in 3 under-sea cable systems that connect the country with many parts of the world. For instance, BSNL has said its internet capacity has dropped by 21% due to the cable damage.
Coming to the global Cyber attack, the alleged culprit-most believe is an entity called Cyberbunker-is miffed by Dutch anti-spam organization Spamhaus's efforts in putting a clamp on spammers and Cyberbunker is also one among them.
Spamhaus is an international non-profit organization whose mission is to track the internet's spam operations and sources, to provide dependable real-time anti-spam protection for internet networks, to work with Law Enforcement Agencies to identify and pursue spam gangs worldwide.
The Biggest Attack
Quentin Jenkins of Spamhaus writes, "It certainly is the biggest attack ever directed at Spamhaus. Many organizations are not open about the fact that they are attacked at all, let alone about techniques or traffic volumes used in the attack. Spamhaus understands their business and security concerns. However we feel it is in the best interest of the internet as a whole to openly discuss the DDoS cyber threat and ways to resolve it."
But how did an attack aimed at a group slow down the internet across the world, impacting media streaming and sharing sites-from Netflix to YouTube? Actually it is the peripheral effects overall internet users are facing.
In this case, the attackers used large volumes of data towards Spamhaus servers. According to reports, the servers at Spamhaus received up to 300Gb/s. Experts suggest this attack might have happened through a technique called ‘DNS Reflection'.
So, what is DNS Reflection?
Greg Lindsay, senior technical writer, Windows Server, Microsoft Corporation, in a paper written last year at Security Tech Center, says: "A DNS amplification attack (aka DNS reflection attack) is a type of distributed denial of service (DDos) attack that takes advantage of the fact that a small DNS query can generate a much larger response. When combined with source address spoofing, an attacker can direct a large volume of network traffic to a target system by initiating relatively small DNS queries."
"The amplification factor in this type of attack depends on the type of DNS query and whether or not a DNS server (used as a middleman in the attack) supports sending large UDP packets in a response, which is a feature intended to optimize DNS communications. If a DNS server does not support large (>512 bytes) UDP packets in a response, it can revert to TCP. This reduces the effectiveness of an amplification attack because TCP is much less vulnerable to source address spoofing."