Jump to content



Photo

Cyberbunker vs Spamhaus


  • Please log in to reply
8 replies to this topic

#1 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 16
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 28 March 2013 - 10:13

Have you guys noticed a slowdown in loading of a lot of major sites in the last few days

Now all over the new they are talking about the amount of data being flooded in Spamhaus way is affecting legit webpage such as Natwest and RBS

Has anyone else noticed a difference


#2 n_K

n_K

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 28 March 2013 - 10:20

I read up on yesterday and read some articles on cyberbunker's site, ironically the only site going slow for me was theirs.

#3 +MikeChipshop

MikeChipshop

    Miniman

  • Tech Issues Solved: 3
  • Joined: 02-October 06
  • Location: Scotland
  • OS: Windows 8, iOS, Android, WP8
  • Phone: HTC 8X / Nexus 5

Posted 28 March 2013 - 10:23

Nope, not noticed any difference at all.
But that's probably because my connection is s***house anyway and couldn't get much worse.

#4 The Teej

The Teej

    Also known as The Tjalian

  • Joined: 03-October 05
  • Location: England, UK

Posted 28 March 2013 - 10:34

It might just be coincidence but I've noticed quite a few pages loading slower, as well as my download speed being affected quite dramatically.

Then again, I've also been on the receiving end of internet connection issues anyway, so maybe it's just that.

It's a little disconcerting that an external group of people can literally make the internet crawl to a halt. I didn't think that was feasible.

#5 Kami-

Kami-

    ♫ d(-_-)b ♫

  • Tech Issues Solved: 3
  • Joined: 28-July 08
  • Location: SandBox

Posted 28 March 2013 - 10:34

Nope, working fine for me...

CloudFlare are doing an exceptional job at mitigating the DDoS against Spamhaus (especially when it has been hitting upto ~300Gbps).


<snip>
It's a little disconcerting that an external group of people can literally make the internet crawl to a halt. I didn't think that was feasible.


Well, they're using an ampliication technique on the way DNS handles UDP requests to multiple the attack bytes... so yes it's feasible to grind things to a halt.

#6 hutchinson_1989

hutchinson_1989

    Neowinian

  • Joined: 01-November 08
  • Location: Leeds
  • OS: OS X 10.8 Mountain Lion
  • Phone: iPhone 5

Posted 28 March 2013 - 10:42

It might just be coincidence but I've noticed quite a few pages loading slower, as well as my download speed being affected quite dramatically.

Then again, I've also been on the receiving end of internet connection issues anyway, so maybe it's just that.

It's a little disconcerting that an external group of people can literally make the internet crawl to a halt. I didn't think that was feasible.


My Internet connection speed dropped by over 50% this week, never happened before at those particular times of the day. Could be coincidence.

#7 OP Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 16
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 28 March 2013 - 10:59

It's a little disconcerting that an external group of people can literally make the internet crawl to a halt. I didn't think that was feasible.


They are using a DNS reflection attack

A DNS amplification attack (aka DNS reflection attack) is a type of distributed denial of service (DDos) attack that takes advantage of the fact that a small DNS query can generate a much larger response. When combined with source address spoofing, an attacker can direct a large volume of network traffic to a target system by initiating relatively small DNS queries.

The amplification factor in this type of attack depends on the type of DNS query and whether or not a DNS server (used as a middleman in the attack) supports sending large UDP packets in a response, which is a feature intended to optimize DNS communications. If a DNS server does not support large (>512 bytes) UDP packets in a response, it can revert to TCP. This reduces the effectiveness of an amplification attack because TCP is much less vulnerable to source address spoofing.



#8 The Teej

The Teej

    Also known as The Tjalian

  • Joined: 03-October 05
  • Location: England, UK

Posted 28 March 2013 - 11:24

They are using a DNS reflection attack


I have now learned something today! Thank you!

#9 Teebor

Teebor

    Neowinian Senior

  • Joined: 12-January 10

Posted 28 March 2013 - 16:18

Its not that big a deal, its only Spamhaus that are really feeling the pain of it. Pretty much everyone else shouldn't notice anything

The media is hyping it up, much like how the internet survives an earthquake. Its the internet, lots of interconnected nodes, if one bit breaks (which happens almost daily) the rest carries on until that bit comes back - look up BGP for more information about routing on the internet.

Worst case scenario is that a link between one location and another that has no redundancy goes down, in which case that part is cut off from the rest until service is restored. In the case of this Spamhaus attack it might mean a website is responding a bit slower as the traffic on a particular link is heavy, but you will only really notice if you are accessing something over one of those links.
Most likely people in America haven't noticed a thing especially if they are only accessing local US websites