Lessons from Surviving a 300Gbps Denial of Service Attack

Explore the behind-the-scenes story of the largest distributed denial of service (DDoS) attack in history, targeting Spamhaus in March 2013. Delve into the full range of DDoS methods employed, including Layer 3, Layer 4, and Layer 7 attacks, and discover how Spamhaus.com managed to stay online throughout the onslaught. Learn about the key vulnerabilities exposed across the Internet and gain practical insights on protecting your own networks. Examine the attack's nature, the countermeasures implemented, and the broader implications for Internet security. Understand the surprisingly simple ingredients required for such a massive attack, including misconfigured DNS servers and basic technical skills. Gain valuable lessons on network resilience, including the importance of edge filtering, protocol hygiene, infrastructure ACLs, and maintaining strong relationships with upstream providers. This comprehensive analysis offers critical knowledge for IT professionals, network administrators, and anyone interested in cybersecurity and the evolving landscape of large-scale DDoS attacks.

Lessons from Surviving a 300Gbps DDOS Attack
The Story 1. The nature of the attack 2. What we did to stop it 3. Practical steps to protect your own networks
March 18-21
What you don't need... 1. Botnets 2. A lot of people 3. Significant technical skill
Misconfigured DNS servers running without limits on what they respond to
Ingredients for the Spamhaus attack?
Attacker could do the math
Caused temporary regional disruptions
Worked with IXs and providers
"Next Hop Self" internal routing
Edge filtering of IPs/protocols with an understanding of our application
Four suggestions
Second, practice good protocol hygene...
Third, implement infrastructure ACLS...
Fourth, know your upstreams...