Slashdot Mirror
Largest DDoS In History Reaches 300 Billion Bits Per Second
An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."
The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.
I think what they meant to say here was: "The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist."
Your political party doesn't care about your rights and only represents corporate interests.
The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.
Guess what.. If they ever find out who is responsible: I'll bet you $10 that it will be a 15 year old without friends.
I'm not a complete idiot... Some parts are missing.
“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare. “It’s so easy to cause so much damage.”
relax dude, its just spam, not nuclear warfare. shut the computer off and go outside for a couple of hours.
WARNING: if you attempt to RTFA, you will also be bombarded by a DDOS of spam ads. I appreciate the realism but it's kinda annoying.
I find it very interesting that they are using a variation on the Old Smurf attacks for this. Sending a message to other places that work as an amplifier. You would think that after 10 years we would have learned that blind, unchecked, forwarding is not a good thing.
Papa Legba come and open the gate
Cutting their communication lines was the first thing I thought of too. Then cutting their power lines. I may not have enough cofee in me to calm me down this morning but visions of the Dirty Dozen dumping fuel and grenades into their bunker came to mind. }:D
Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so.
Cut off their electricity. That can't last real long even if they have generators and they can easily do it from outside. How stupid are they? "Ok guys, let's just give up and go home. The door is really thick." What a bunch of morons.
With an operator no doubt facilitating illegal actions of their customers, and refusing to no doubt enfore court orders to disconnect their customers for said actions, couldn't a case be made to disconnect them from THEIR upstream providers because they are now acting illegally but not following court orders, presuming that their upstream providers follow court orders, and the upstream upstream until you get to a legitimate entity. It seems quite an shortcoming of the law that they can act with impunity while allowing their customers to bring down the very fabric of the world wide web.
From TFA:
In other words: Cyberbunker is not currently under assault by police, and we have only their word that they ever have been. I suspect that at one time they were successful in having visiting cops think nobody was home by being real quiet and quickly turning off all the lights.
From TFA:
Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.
The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.
#DeleteChrome
From the article it suggests that the company was able to defend against there SWAT... can anyone that is fluent in Dutch find an article on that? I've tried looking for it in english but have had no luck. Sounds like quite the story.
Still not sure why authorities didn't break out the fiber seeking backhoe to solve this problem if that company is legitimately holed up in what sounds like a minor siege.
Who'd they piss off?
Spamhaus must be costing somebody (or some people) a LOT of money to draw such a massive attack.
I admire their balls -- Spamhaus are fighting serious and organised criminals, people who are perfectly capable of raping and murdering folks who get in their way. It wasn't so long ago that the Russian mafia targeted a Russian security specialist by kidnapping his daughter, raping her, injecting her with heroin and selling her into slavery.
They are not very nice people at all, and shouldn't be fucked around with. Picking fights with organised criminals should be left to law enforcement.
So where is the evidence that Cyberbunker has anything to do with this?
I appreciate the things the Spamhaus people do, but they don't exactly have a spotless record when it comes to accurately pointing fingers.
While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.
A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.
As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.
On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I am dutch and there is NOTHING in the real news about it, other then their own claim.
While the Dutch police is one of the most incompetent in northern Europe (lowest crime solving rate) if it wanted to enter a bunker it wouldn't simply give up. Even if they can't get in, standard practice with say drug raids is to cut the power. Not just cut if off but cut it completely so that even if the criminals come back, they can't hook up the power anymore because the cable to the main network is gone.
What this is really a case off is an asswipe getting away in civilized society with being an asswipe because the rest of us aren't asswipes. Spammers and those who host them are asswipes who rely on an open internet to fill with sludge while contributing nothing. All ISP peer with each other because all contribute something in return. Cyberbunker does nothing but leech.
But follow the money. The Dutch police DOES lock up kids who dare to spam credit card companies with their refresh button. But this spammer has NOT been hindered in anyway.
One law for the poor another for the rich.
http://bbc.co.uk/news/technology-21954636
No b/s subscription paywall nonsense
Well, I'd assume to be online they're probably going to have some sort of fiber-optic connection. Even if it's redundant, it's going to plug into the greater infrastructure somewhere and it shouldn't be *too* hard to sever if the police really had a mind to do so.
I thought Slashdot was the biggest DDoS site.. Someone posts a story, boom! Site gets slashdotted to oblivion...
From TFA:
“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”
I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.
Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
IF its a DDOS, then losing control of the stupid little robots will not make it stop, they will just be unstoppable. If you want to prevent DDOS, then you need to force ISPs to perform egress filtering of source addresses that are outside of their network. And also implement a choke protocol to inform the ISPs that they have a bad actor on their network.
Cut the power and wait them out. Time is on the authorities side. It would also seem to me that all theses spammers are getting a lot of money but not paying any taxes why cant the IRS of all countrys weed them out that's how they ultimately brought down the Mob.
Jack of all trades,master of none
...Dutch company Cyberbunker... Dutch authorities and the police have made several attempts to enter the bunker by force.
Perhaps I'm not understanding this quite right; from the sound of it, it would seem the cops might be running the wrong client... :p
Cyberbunker has an allotment of IP addresses.
What's to stop the targets, and everyone else from simply DROPping their packets at the firewall? Someone up there said that all we really have to do is cut their connection to the 'net. It doesn't have to be a physical disconnection.
DDoS is censorship. The Internet is supposed to route around it.
--
BMO
What the one story for which the robotroll subject is on-topic and it doesn't get first post? BTW: Screw the OP.
That group of bovine standing over there appears quite portentous. That's right it's an ominous cow herd.
In the face of modern, laser-pod guided 1-ton aerial bombs, there is no such thing as a nuke-proof bunker any more. Entrances or ventillation shaft orificed can be attacked with sub-meter precision: the package literally comes through the door and it already did in the 1991 Iraq war.
On the other hand, them dutch could just send a Leopard 2 battle tank to blow off the bunker's entrance door, but some say the dutch military is already bankrupt due to the money spent on participating in the never completed F-35 JSF programme, so the dutch tanks have been placed in mothball for lack of funds.
However, there are some really hard to crack places, mostly of WW2 nazi construction: the massive U-boot pens and the V-2 missile launcher egg hill in occupied France or the "Flakturme" air raid towers in several german cities. The elder Kennedy son died trying to get an explosive-laden B-17 bomber in the air, which was meant for a remote controlled crash into a U-boot pen.
Looking around it seems there are some people upset with spamhaus. Like these guys at StopHaus. Not exactly sure what their beef is:
http://stophaus.com/entry.php?5-The-Real-story-on-the-New-York-Times-Article-and-all-the-SPAMHAUS-stuff
are you concerned about law enforcement?
ddos attacks have always been around
i'd say spamhaus should be concerned about law enforcement
I dunno if they're admitting responsibility, but if they are responsible, they're in serious trouble.
When I think of SWAT teams in the US, I think of a paramilitary kind of force.
Even at the city level, the Minneapolis SWAT team wears military gear, carries full-auto submachine guns and assault rifles and has access to all the usual cop assault tools like tear gas and flash bang grenades. I don't think the locals get into stuff like explosives (grenades, shape charges, etc).
But at the federal level I would think there wouldn't be a whole lot unavailable, including serious breaching tools including shaped charges or cutting lances.
That will take care of them.
I hate spam as much as the next person, and have generally an instinct to protect services like SpamHaus. So I was pretty much done with judging this situation and I was only clicking through the various linked websites in a voyeuristic, "look at the cats fighting in the yard" kind of way, until I stumbled across this :
http://www.a2b-internet.com/Spamhaus_emails.zip
As I read through it, I started wondering how I would feel if my business was being held to ransom in this way.
So, while I in no way condone the DDOS (or any DDOS as a solution to any confrontation), I am quite sure that I've very rarely in my life come across a group of people so unbelievably arrogant, incredibly disdainful, totally unhelpful and so very very willing to abuse the power they hold as the people who run SpamHaus.
What a bunch of deeply creepy and unpleasant people.
The walls are built to withstand a nuclear strike, but how about cutting a hole in the walls with a thermal lance? Or maybe just get a few truckloads of bacon: http://www.popsci.com/bacon
No, he probably just wants the British out of India.
!#@%*)anks for hanging up the phone, dear.
Congratulations. You're now worse than they are.
"Is it true that there are rabbits around the bunker?" It totally looks like an early April 1st joke to me.
I am very serious when I say that spammers should be executed and/or used for medical research and organ harvesting. I personally would thoroughly enjoy torturing spammers and their families. I would love to hear them beg for their lives as I do things like cut, burn, and drill into their bones. When they scream I would dump sodium hydroxide solution down their throats to eat the linings of their esophagus. I am sick and tired of worthless "people" who work against the common man.
I want to see them all die horrifically. I don't consider these creatures to be "human" and I do not believe that all life is sacred.
...take off and nuke 'em from orbit. It's the only way to me sure.
Good.
The different lists published by Spamhaus distinguish whether the IPs are directly responsible or are organizationally related. There is no abuse of power here — customers subscribe to the lists that they want, and use those lists to block as they see fit. Spamhaus isn't forcing anyone to use the lists, nor is it misrepresenting what's in the lists.
Is it sad that I read the whole thing *again* just to see if my comment was in there? I think I need a drink...
The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.
Which of the two is "which" supposed to refer to?
systemd is Roko's Basilisk.
You see the gods of random chance hate a live datalink more than anything. Just having the backhoe crew working in the vicinity of the bunker guarantees their data com lines will be severed (no matter how many redundant links, no matter how well planned the disaster setup, that crew will head right for and sever the critical point!)
A movie about an evil data center housed in a thermonuclear bunker attacking the internet in revenge for a slight? Yeah, I would probably watch that movie. Especially if they called in The Joes. And Scarlett Johansson.
"He's using a quantum encryption scheme! That'll take hours to break!"
I thought I read recently that Cyber-terrorism is considered a form of terrorism, and if Spam is treated in the same manner as cyber terrorism, especially if DDoS attacks are performed from that location then would a government's military be able to get involved?
I'm not saying I want to see this happen, but if a full military force could go against it, would it really stand a chance of being defended? It makes you wonder.
Or someone could dig a very large hole beneath it creating a natural sink hole.... http://www.google.com/imgres?imgurl=http://www.dvhardware.net/news/guatemala_sink_hole_2.jpg&imgrefurl=http://webecoist.momtastic.com/2008/08/26/incredible-strange-amazing-sinkholes/&h=467&w=700&sz=105&tbnid=PCoM9HT226yehM:&tbnh=90&tbnw=135&zoom=1&usg=__Nb9ueAfpTFc2czI2dZcOo3m81jk=&docid=7T6qkihRxLSqSM&hl=en&sa=X&ei=_CZTUczlBIiotAaq5YHYDw&sqi=2&ved=0CDIQ9QEwAA&dur=774 .... just a thought...
Police don't, as a general rule, have a good handle on the Internet. Yes the correct answer is to just cut off the access to this location. Cut the Internet off, they are done. This wouldn't be hard to do, but you have to know to do it and go and look and see who you have to talk to.
Of course it all sounds a little ridiculous given the "we can't get in to the bunker" thing. That is just them claiming it. In the real world, the police would probably get in fairly fast. I know that people think nuclear bunkers are impenetrable but they really aren't. They can deal with a nuclear blast, which is just an overpressure of so many PSI for so many seconds, not some dude with a cutting torch or shaped charges on the door.
The police don't just go away. They have time and numbers on their side. Supposing these guys did hole up in their bunker and refuse entry, and supposing the police weren't willing to force (shaped charges will take out a bunker door no problem) it either because they were worried about hurting someone on the inside or worried the people inside were armed, they can just wait. All they have to do is cut all services, and set up a perimeter to block access in and out. Then just wait. They'll run out of supplies, probably sooner rather than later, and hunger and thirst are excellent motivators to surrender.
So no, they didn't "fend off" a SWAT team. Maybe one time the police came and wanted to look around, but lacked a warrant and they said "go away" and so the police did (more likely the whole story is bullshit) but that's it. Had the police really wanted in, they would have gotten in.
Although they offer (d)DoS mitigation as a product, they are a provider/CDN, not a security firm!
Does that mean we now can put you in a soccer stadium and shoot you as warning for the others? :-)
There's no way nyt is going to get this story straight. Mainstream corporate media fluff, big scary words like DDoS, SMTP, IP's, Servers, cyberwar, no fucking way they get it straight, absolutely no way, they will be the motherfucking VOICE for the REACTION in the next PROBLEM, REACTION, SOLUTION.
FUCK THE NEW YORK TIMES
Undoubtedly there was spam sent form the cyberbunkers servers and they were justly blacklisted. This ddos shows cyberbunker have no clue what's going on within their network and have no control over it.
Your post advocates a
( ) technical (*) legislative (*) market-based (*) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
(*) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(*) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
(*) Nice try, assh0le! I'm going to find out where you live and burn your house down!
1266953+17
Executing spammers is beyond reproach. Their lives are absolutely worthless. Grow a pair you fucking bleeding heart liberal moron. I would thoroughly enjoy watching spammers die... especially if they are tortured to death.
Agreed. I personally think they should be tortured to death however.
Well the OP didn't where -where- on the body they should be shot..
Honestly, what is the problem with the sentence as written? Look at it:
The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.
It's totally clear that the phrase "which is used by e-mail providers to weed out spam" is referring to "blacklist" which immediately precedes it, there's really no other way to parse the sentence that makes sense. The only true ambiguity I see in the sentence is the "its," which could conceivably be meant to refer to Cyberbunker rather than Spamhaus. Just to be clear, I am not any kind of an expert on grammar, but I do read a lot and it seems to me if we're going to be that picky about these kind of things there are innumerable examples of much worse sentence construction to be found - and that's just looking at Slashdot summaries.
Seeing how this is a DNS reflection attack, getting rid of open DNS resolvers would be a good long term solution. I'm not holding my breath though.
It gripped her hand gently. 'Regret is for humans,' it said.
Dude, you don't start by physically attacking them, no matter how macho they're trying to appear. If they're causing problems for the rest of the Internet, you get their upstream ISPs to stop accepting traffic from them (or at minimum, to stop accepting spoofed traffic from them.) They probably have contractual terms that they're violating, in which case their upstreams should be willing to cut them off directly, or if not, you sue them and get a court to order them disconnected.
Furthermore, they're not located in the US, they're located in the Netherlands, which is a democracy. There are legal procedures and due process, and you're not allowed to physically attack them without getting them convicted first. If they're criminals, fine, they can deal with that, but it's likely that any "crimes" they've committed are at most torts or civil offenses, not violent crimes. (I was going to say "it's not like they're pirating Disney movies or something", but they probably are :-)
They're a business, not a terrorist group or armed militia. They're in it for the money. If the money's not there, they're just sitting in a bunker not having fun. The owners might be grumpy about it, but the employees aren't going to stick around if they're not getting paid.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's just business. You don't need to bust your way in, you can wait for the employees to come out. If they're not getting paid, they're not going to stick around long, and if the company doesn't have the internet connection, all a bunker does is provide some macho flash and maybe keep their air conditioning costs low, which doesn't help much.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You don't need to bust your way in through the big macho doors, and you don't need a thermal lance to cut through them when you can just glue them shut or park a truck in front of the doors. If the upstream ISPs cut them off, they're not making any money, and if the bosses aren't paying the employees, the employees aren't going to stick around, and they're not going to shoot their way out.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
These bunkers are made to keep big fast explosions out, and protect the people inside from dangerous radiation outside (assuming they've brought enough food, and keep the equipment running even if external power fails. Sure, they may not be designed to protect against engineers with thermal lances cutting their way in slowly, but they're also not designed to protect the people inside from being stuck there if they do want to leave. If you cut off the employees' paychecks, they're not going to hang around forever, and they're not going to shoot their way out. A Dutch approach would be to have a cop sitting outside with a thermos of coffee and maybe a few packs of cigarettes, politely waiting for them to leave, though you could park a truck in front of the doors or weld them shut and wait for the employees to ask really nicely if you'd please let them out.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's only self-sustaining for 10 years if they've stocked it for that long and don't care about making money, which militaries of nuclear powers generally don't. But their threat model is nuclear war and maybe blitzkrieg, not slow attacks; these things were built long after the Maginot line.
It's a business. The employees are there for money and fun. It's probably stocked with enough fuel for a couple weeks worth of power outages, and enough food, beer, and weed to get them through a long snowstorm. But they don't have that many upstream internet providers, and if those stop providing bandwidth, the money stops flowing, the bosses stop paying the employees, the employees stop having fun.
At that point, you don't need a SWAT team, you need a cop with a thermos full of coffee by the front entrance and maybe another by the secret back door. And since this is the Netherlands and not the US, the cops can put an extra lock on the employees' bikes with a note saying that they'll unlock them in return for some paperwork. Much easier than towing their cars away from the parking lot.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
APK, is that you? /. account !?
You registered a
Unfortunately, too many DNS configurations can be used for amplification, because the responses are larger than the queries, especially if you've got new and interesting record types like DNSSEC, and too many ISPs still ignore the Best Current Practices #38 recommendation on blocking spoofed traffic. RPF is your friend.
There's some mitigation out there because the bigger response record types don't always fit in a single UDP packet, so DNS servers may handle them over TCP (which is harder to forge), and many DNS providers limit who they'll accept requests from, but there's still a lot of sloppy DNS administration out there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I hadn't known that there'd been a previous Cyberbunker company.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The employees are there to make money and have fun. If a court orders their upstream providers to cut off internet access to the company, the company's customers stop paying them money. If the money goes away, the bosses stop paying the employees, the employees stop getting paid and having fun, and they'll leave. They're not an ideologically motivated terrorist army or a bunch of actual pirates who'll fight their way out with cutlasses and cannons, they're a bunch of regular dudes. You don't have to starve them out or send ninjas in after them.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
They've occasionally made a mistake over the years, but targets of mistakes respond by contacting Spamhaus directly or at most using lawsuits, not by launching massive DDOS attacks. And most of the lawsuits and whining in the press come from ISPs who deserve to be blacklisted.
The reason Spamhaus has a good reputation is that they're very careful, and very conservative, and don't go blacklisting people at random or because of petty vendettas or making themselves hard to contact, like SORBS used to. The original MAPS RBL occasionally escalated by blacklisting whole ISPs when they wouldn't address problem customers; the ISP I was using back in the mid-90s got listed by them briefly, but responded reasonably well considering that they'd been hit in the face with a 2x4, and both sides became more professional as a result.
I haven't looked at the DNS RBL market in a few years, but Spamhaus is the only one that I'd consider using to actually block traffic (plus some geo-location lists, since I really don't need to get email from Nigeria or Korea.) It's possible that there are some other RBLs today that are as good, but I didn't trust most of the others for anything other than SpamAssassin weighting or maybe greylisting.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The "which" refers to the obvious antecedent, "its blacklist". Spamhaus is the target, Cyberbunker is a hosting provider (more or less), and while nobody's directly proven that Cyberbunker is doing the attack, it's pretty clear that they or their customers or owners are involved.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I agree, but I don't know why you wrote this as a reply to my post.
whether it is because of Slashdotters or ... i dont know
Insight into much, Influence over nothing !
http://www.guardian.co.uk/technology/shortcuts/2013/mar/28/spamhaus-internet-attack-pr-stunt
Go to Heaven for the climate, Hell for the company -- Mark Twain
If the government really wanted to stop them, after SWAT failure, they could block their payment pathways. It might not stop the generators from powering the servers, but it would focus the attention of those who benefit financially from the activity. ... in a mirror.
--
I have seen evil
Does anyone else see this as a marketing scam? The initial report of this "attack" comes from the very company who happens to be providing a solution for it. Then there is this spamhaus company that may or may not be the biggest spam site reporting entity... but i never heard of them before. And finally there is this mysterious bad ass web isp site that seems to be burried in a bunker. So we got two companies fighting that i never heard of and some 3rd entity who orchestrate the solution. And of course its the "biggest attack ever". This seems to me like a marketing gold mind. I mean cloudshare couldnt have planned it better even if they had paid these companies off beforehand.
I suspect there is no one in the bunker and when the police break down the doors, they will likely find some commodores and atari machines lying about.