 |
Castlecops Hit with Major DDoS Attack on DNSWhile IT worked on HTTP attack, DNS server brought downNovember 24, 2006 - Castlecops was hit by a massive Distributed Denial of Service (DDoS) attack. The DDoS attack lasted for more than a week and flooded the company's Domain Name Service (DNS) server with more than 1Gbps of traffic. This amount of DNS traffic can easily be generated by a bot network consisting of 30,000 infected PCs. Castlecops was an anti-spam and anti-malware website that had experience with DDoS attacks and used what they knew to increase DNS security. This time it looked like their DNS attracted some new types of DDoS bots. "Typically, attacks involve some sort of HTTP GET, but this one seems to include a POST instead," stated Paul Laudanski, founder and administrator of the CastleCops website. At first, Paul noticed an increase of the DNS server load, and after checking the DNS server logs, found the problem - a powerful DDoS attack. During the DDoS attack, the hacker did not manage to bring the website offline, but caused some connectivity problems for visitors. The Apache server was saturated a few times and required manual httpd restarts. This DNS troubleshooting sequence was well-reflected in a statement made by Roger A. Grimes,"Spend your time protecting against HTTP attacks, and the attacker will just take out your DNS services or the upstream router." To stop the attack, Castlecops began filtering the DNS traffic while posting the attacking IPs. The combined efforts of Catlecops and its upstream service provider prevented the site from getting crippled. "We have been rattling a lot of cages lately and to me, this DDOS shows we are on the right track," stated in a posting made by "Ernstl" (Paul Laudanski) on the Castlecops message board. Source: Dark Reading About Secure64 Software Corporation
|
|
|