Massive DDoS attack sets records, but Internet keeps chugging along

A "massive" distributed denial of service (DDoS) attack directed against anti-spam organization Spamhaus slowed Internet speeds for some regions of the globe, but failed to cause widespread outages, numerous news sources reported.

At the height of the attack, CloudFlare, which was directly involved in helping London-based Spamhaus protect itself, recorded a flood of attack traffic in excess of 300 Gbps.

The scale of the DDoS attempt has Internet network and security providers like CloudFlare worried that similar attacks could overwhelm Internet exchanges (IXs), which interconnect networks across geographical regions.

"The largest routers that you can buy have, at most, 100 Gbps ports," CloudFlare's Matthew Prince wrote on a company blog. "It is possible to bond more than one of these ports together to create capacity that is greater than 100 Gbps however, at some point, there are limits to how much these routers can handle."

"(I)magine getting 1000s or even millions of gigantic catalogs delivered to your house _per second_," wrote Patrick Gilmore, Chief Architect, Akamai Technologies, in a company blog post. (Akamai and its customers weren't directly affected by the attack, but it has been providing information and guidance in its wake.) "You couldn't even leave your house. What's more, if they send enough, it can jam your whole street or even neighborhood, causing a significant amount of collateral damage.

What's interesting is that this particular attack, reportedly instigated by web hosting provider Cyberbunker against the Spamhaus organization, has been ongoing since March 18. "The attack, initially, was approximately 10 Gbps generated largely from open DNS recursors," Prince wrote. It gradually increased in size to 120 Gbps by March 21.

"Then the attackers changed their tactics. Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth," Prince wrote. Additionally, exchanges in Europe and Asia, including London, Amsterdam, Frankfurt and Hong Kong were targeted.

While the Spamhaus attack is the largest DDoS attack recorded, smaller-scale DDoS have been blamed or implicated in other high-profile network outages.

Last August, enterprise customers in AT&T's (NYSE: T) Southeast region experienced disruptions due to a DDoS attack on its DNS servers.  And Web services provider GoDaddy moved its DNS servers to VeriSign in September following a DDoS attack that brought down "scores" of its 5 million or so hosted websites.

For more:
- ZDNet has this coverage
- HuffPost says some are skeptical about the attack
- here's CloudFlare's blog

Related articles:
DDoS: AT&T isn't the only carrier at risk of attack
GoDaddy moves its DNS servers to VeriSign following major outage
Comcast enlists Lancope for data center DDoS fight