The ongoing traffic attack on European anti-spam group Spamhaus has escalated from 75 Gbps peak last week to 300Gbps, making it the biggest on public record, according to experts.
The distributed denial of service attacks on Spamhaus are the result of a dispute that started after the anti-spam group added Dutch bulletproof host, Cyberbunker, to its domain name server DNS blocklists, according to the New York Times.
Spamhaus maintains several DNS lists for different spam, botnet and malware related threats, which it distributes to internet service providers that use them to block IP addresses deemed malicious.
As reported by CSO Australia last week, on Tuesday last week Spamhaus sought refuge with CDN provider, CloudFlare, after a sustained attack knocked Spamhaus’ mailserver and website offline. CloudFlare reported the attacks had reached 75Gbps.
Spamhaus reported some services returning this week, however the attacks have not stopped and their scale has begun to impact on higher tier internet providers.
Patrick Gilmore, chief architect for CDN heavyweight, Akamai Technologies, told the Times that the current attacks at 300Gbps is the “largest publicly announced DDoS attack in the history of the internet”.
Spamhaus has previously blamed a “Russian criminal malware gang” for the attacks, but had not named them.
The Times reported that Sven Olaf Kamphuis, an internet activist claiming to be a spokesperson for the attackers, said that Cyberbunker was attacking Spamhaus because it abused its position as a self-appointed deputy of the internet.
Kamphuis, however, has denied saying the attacks were launched from Cyberbunker, but does blame Spamhaus for Cyberbunker losing its upstream provider connections.
“The republic cyberbunker got all of its upstreams disconnected over the past month because spamhaus kept abusing its influence to list -their- mailservers so they were forced to breach contracts tata communications and tinet to name a few there have been others in the past.
"Those are multinationals, letting a vague offshore 'spam fighting' firm decide who they can take on as customers... that -is- a bit weird to say the least if spamhaus is under the impression that our clients would be 'criminals' then thats fine, they're free to file police reports, if not, they can go to hell they can't prescribe to the whole world who can have internet and who can't."
The dispute between Spamhaus and Cyberbunker is a long-running one.
Sven Olaf Kamphuis was also the identity used as a spokesperson for CB3ROB, a German hosting provider that Spamhaus’ block list ties to over 120 operations it considers spam, including the Russian Business Network and the notorious Grum botnet. Spamhaus says CB3ROB is Cyberbunker.
The attacks have impacted several of CloudFlare’s ‘points of presence’ over the past week, most recently forcing it to reroute traffic in parts of its European networks.
In an update today, CloudFlare CEO Matthew Prince says the attacks have even caused tremors at several of the world’s dozen Tier 1 providers.
“At the core of the Internet, if all else fails, it is these Tier 1 providers that ensure that every network is connected to every other network. If one of them fails, it's a big deal,” said Prince.
“Over the last few days, as these attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare. If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."
Follow @CSO_Australia and sign up to the CSO Australia newsletter.