Largest DDoS In History Reaches 300 Billion Bits Per Second

An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."

Important bit missing from a bad summary

[93+Escort+Wagon]

From TFA:

Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.

The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.

Re:Bunker

[KiloByte]

Except that this bunker has an air reprocessing center. It's a whole underground complex, meant to house a part of NATO's command center in the event of a thermonuclear war.

On the other hand, cutting the network cable would indeed render the criminals inside nice and fluffy, with a self-inflicted prison sentence if they decide to refuse to go out. They already resisted police raids twice, including once by a SWAT team.

Pfft. Amateurs

[smooth+wombat]

While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.

A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.

As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.

On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.

Spamhaus and the spam problem

[MrMickS]

From TFA:

“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.

Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.

Re:Evidence?

[MrMickS]

Item 1: The DDOS began after Cyberbunker IPs were added to the black lists.

Item 2: Cyberbunker have a policy saying that they won't look at your servers and don't care what you do. Pretty much a green-light for spammers.

Item 3: The internet activist stating that the DDOS is in response to the blacklisting.

The circumstantial evidence points towards the attacks as being the result of the action Spamhaus took with respect to Cyberbunker. Its unlikely to be the company themselves, but rather at the instigation of one of their customers. The interesting thing is that you can find reports from 2011 (http://www.theregister.co.uk/2011/10/20/spamhaus_a2b_row/) where Spamhaus say that Cyberbunker were on the blacklist then with no prospect of being removed. What has happened in the meantime?

Re:Bunker

[marcovje]

I don't think those powerhungry air scrubbers are still online all the time.

And I surely hope that the Cold War independent energy source (probably a small nuclear reactor) was removed, so cutting power should simply work. As soon as the batteries drain, end of story.

But note that the whole SWAT story seems to have Cyberbunker as only source in the linked articles. I wouldn't take their (spamming ddosers they are) word for it.

The whole article regurgitates the vibe that CB wants to spin, it is not a factual description of reality. The main NATO HQ on Dutch soil used to be the Cannerberg (which could house government and parlement), while the said location afaik is only a minor relay station, and the spin seems to borrow facts from more major bases.

Re:Watch your clauses, people!

[omnichad]

Just a badly written article. The attack was a spoofed attack on DNS root servers (I think - badly written article) that reflected back toward Spamhaus. This would cause disruptions to DNS and to Spamhaus. By extension, the huge amount of traffic seems to be slowing down just about everything.

Don't know when this started, but I was watching Netflix on Monday and got 2 dots instead of my usual 4 and I'm in the Midwest US.

Re:Bunker

[EasyTarget]

You have obviously never seen the ME in operation; I have, it was not pretty. I especially liked the skill with which on of the mounted leant really low in the saddle to beat his stick on the heads of two women treating an unconscious man.