A spat be­tween Spamhaus, a Dutch-based an­ti-spam firm, and Cy­ber­bunk, a com­pa­ny ac­cused of host­ing spam trans­mit­ting web­sites, quick­ly es­ca­lat­ed in­to one of the largest ever com­put­er Dis­trib­uted De­nial of Ser­vice (DDoS) at­tacks on the In­ter­net.

As a re­sult, In­ter­net users in dif­fer­ent parts of the word ex­pe­ri­enced de­lays in In­ter­net ser­vices or dif­fi­cul­ties ac­cess­ing pop­u­lar Web sites. How­ev­er, re­ports of the im­pact of last week's large scale cy­ber-at­tack on the In­ter­net may have been overblown.Ac­cord­ing to one of the lead­ing In­ter­net ex­perts in the re­gion, Bevil Wood­ing: "The large-scale DDoS at­tacks tar­get­ing Spamhaus were not as un­prece­dent­ed­ly dev­as­tat­ing to the In­ter­net as some me­dia out­lets re­port­ed. How­ev­er, what the at­tacks high­light­ed is the vul­ner­a­bil­i­ties that still ex­ist in net­works that can im­pact or­gan­i­sa­tions or en­tire coun­tries."

Wood­ing heads the Caribbean Net­work Op­er­a­tors Group, a vol­un­teer-based or­gan­i­sa­tion that pro­vides gov­ern­ments and or­gan­i­sa­tions with train­ing and ad­vice in In­ter­net se­cu­ri­ty and net­work de­sign and hi-tech ar­eas.He pro­vid­ed some per­spec­tive as to how the at­tacks were im­ple­ment­ed.The ba­sic at­tack tech­nique con­sists of an at­tack­er send­ing a DNS name lookup re­quest to what is known as an open re­cur­sive DNS serv­er. In this re­quest the source ad­dress (is) spoofed to be the vic­tim's ad­dress.

He ex­plained, The Do­main Name Sys­tem, or DNS, func­tions like a tele­phone switch­board for the In­ter­net. The DNS is a glob­al­ly dis­trib­uted data­base used to trans­late a hu­man-un­der­stood do­main name such as www.google.com, to a ma­chine-un­der­stood In­ter­net Pro­to­col (IP) ad­dress like 75.125.45.113. Da­ta pack­et rout­ing on the In­ter­net is based on these nu­mer­ic ad­dress­es.

"This is why DNS servers are so crit­i­cal to the core func­tion­al­i­ty of In­ter­net–they help di­rect traf­fic to the cor­rect IP ad­dress lo­ca­tion. "In a DNS Am­pli­fi­ca­tion at­tack, the at­tack­er takes ad­van­tage of mis­con­fig­u­ra­tion in a DNS serv­er in or­der to flood a serv­er with DNS re­sponse traf­fic."

The first step in mit­i­gat­ing against the risks of DNS Am­pli­fi­ca­tion at­tacks is to prop­er­ly con­fig­ure re­cur­sive DNS servers. CaribNOG pro­vides three rec­om­men­da­tions:IT ad­min­is­tra­tors can use the Open­Re­solver site to search their IP space to see if they have an open re­cur­sive re­solver that the project has al­ready pub­licly in­dexed.A re­lat­ed tool is DNSIn­spect (http://www.dnsin­spect.com/) which al­so pro­vides an on­line tool for ad­min­is­tra­tors to check for mis­con­fig­ured DNS servers.

An­oth­er op­tion is the Open Re­solver Test (http://dns.mea­sure­ment-fac­to­ry.com/cgi-bin/open­re­solvercheck.pl/) from The Mea­sure­ment Fac­to­ry.Safe­guard­ing DNS and oth­er pieces of the In­ter­net's crit­i­cal in­fra­struc­ture is a top pri­or­i­ty for the in­ter­na­tion­al bod­ies and in­di­vid­u­als re­spon­si­ble for man­ag­ing and pro­tect­ing the In­ter­net. Wood­ing con­clud­ed: "The im­pact of this re­cent head­line grab­bing at­tack may have been ex­ag­ger­at­ed. How­ev­er, the risks of a sim­i­lar at­tack crip­pling a busi­ness, or even a coun­try are quite re­al."