Wednesday, March 27, 2013


The designation of a Dutch web hosting company, Cyberbunker, as a spammer by an informal Internet organization called Spamhaus has touched off a private cyberwar with public consequences thanks to what many regard as a basic flaw in the architecture of the Internet.

Beginning on March 19, a distributed denial of service attack (DDoS) began in an effort to shut down Spamhaus and CloudFlare, the Internet security company in Silicon Valley employed by Spamhaus to try to defeat the attack. The attack, however, has affected not only its primary targets but many innocent bystanders as well. One observer compared what was happening to firing a machine gun into a crowd of people surrounding the actual target.

What makes this particular attack noteworthy is that it is the largest DDoS attack ever publicly announced, having achieved rates of data traffic to the targets ranging from 75 to 300 Gbps (gigabits per second). The attack has reportedly slowed Internet traffic all over the world. This has been achieved using an amplification effect made possible by open DNS servers. DNS (or Domain Name System) servers are open computer servers that provide the essential function of translating domain names (e.g., into the number string that makes it possible for messages (including requests to see what's available on a web site) to be routed to the right servers. As a consequence of spoofing, or pretending to be from a different computer, the DDoS attack launched against Spamhaus and CloudFlare used an estimated 30,000 of the DNS servers (out of 25,000,000 worldwide) to send messages back to the servers hosting Spamhaus and CloudFlare. (For more on the technical aspects of the attack, see this story in Tech Week Europe.)

The Internet's present architecture requires the existence of publicly accessible DNS servers to route information properly. It also provides few ways to protect these servers against malicious attacks such as the one targeting Spamhaus and CloudFlare. "Ingress filtering"--analyzing incoming traffic to detect spoofing so that requests associated with DDoS attacks can be rejected--is a possibility, but because it involves financial costs to the private companies that maintain the DNS servers, few have responded to the need.

Internet access has become a public good that is largely under private control with consequences that some experts believe could be catastrophic. The current cyberwar provides a glimpse of what is to come under the current arrangements.