Spamhaus DNS Hit by DDoS SYN Flood Attack

Some DDoS attacks look like standard queries

June 6, 2007 - Spamhaus was hit by a Distributed Denial of Service (DDoS) SYN flood attack. Spamhaus is a voluntary organization that spends time in observing and gathering intelligence about the spammer community worldwide. Cyber criminals unhappy with the organization launched a DDoS Domain Name Service (DNS) server attack that brought down Spamhaus web mirrors for almost a day.

Spamhaus maintained a real-time blacklist that helped ISPs all over the world fight spam. Because the list was under tight security, it was not damaged by the DDoS SYN flood attack. "The blacklist is in so many mirrors around the world in different areas that it does not affect that. The billions of queries that we get each day would look like a distributed denial of service attack in itself if you did not know what it was" stated a volunteer from Spamhaus.

A SYN flood attack is a Denial of Service (DoS) attack that aims at the target's DNS network connectivity. The DoS attack forces the targeted DNS server not to communicate on the network. The hacker first establishes a connection that is configured to never complete. In response the targeted DNS server reserves one of a few kernel data structures and uses the data structures to complete the connection. Because the connection never ends, the DNS server runs out of structures meaning that no new legitimate connections can be established.

Source: MX Toolbox

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index