Largest ever DDoS causes internet traffic speeds to reduce

News by Dan Raywood

One of the largest distributed denial-of-service (DDoS) attacks occurred after a spam-fighting group blacklisted web hosting company CyberBunker.

One of the largest distributed denial-of-service (DDoS) attacks occurred after a spam-fighting group blacklisted web hosting company CyberBunker.

According to a report by the New York Times, the spam-fighting group Spamhaus added the Dutch company CyberBunker to its blocked list, that led to the Dutch company saying that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

This has led to a series of counter-attacks, with the largest DDoS ever spotted being used. The attack traffic was recorded at 300Gbps according to some sources; statistics from Arbor Networks' Annual Worldwide Infrastructure Security Report in January said that the standard size of an attack was recorded 60Gbps.

The problem began last week, when Spamhaus suffered a large-scale DDoS attack that knocked its website and mail offline, its data systems continued to work normally throughout the attack. CloudFlare, who hosted Spamhaus during the attack after Spamhaus reached out for help, said in a blog that the attack was "large enough that the Spamhaus team wasn't sure of its size when they contacted us".

Matthew Prince, co-founder of CloudFlare, said: “It was sufficiently large to fully saturate their connection to the rest of the internet and knock their site offline. These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution.

“Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn't matter what intelligent software you have to stop the attack because your network link is completely saturated.”

In the case today, Spamhaus's Domain Name System (DNS) servers were targeted. According to the New York Times article, the level of attacks have slowed traffic across the internet, with internet users experiencing delays in accessing online services.

Prince said in a separate blog that while it does not have direct visibility into the traffic loads, it had been told by one major Tier 1 provider that more than 300Gbps of attack traffic related to this attack.

He said: “The challenge with attacks at this scale is they risk overwhelming the systems that link together the internet itself. The largest routers that you can buy have, at most, 100Gbps ports. It is possible to bond more than one of these ports together to create capacity that is greater than 100Gbps however, at some point, there are limits to how much these routers can handle. If that limit is exceeded then the network becomes congested and slows down.

“Over the last few days, as these attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare. If the internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why.”

Raj Samani, CTO EMEA at McAfee, said: “While DDoS attacks are not new, we are currently seeing an increase in both volume and sophistication of these types of attacks stemming from all parts of the world.

“Due to the connected nature of digital citizens, a dispute between key parties will impact everyone from consumers to small businesses to large enterprises. Security will need to evolve so that there is more cooperation between businesses, governments and individuals to ensure attacks like these are minimised.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews