Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

ENISA analyses the Spamhaus attack

In its analysis of the recent cyber-attack on Spamhaus, ENISA, the EU cyber-security agency, confirmed the analysis made by David Gibson in a recent Continuity Central article; that Internet service providers have failed to apply well-known security measures which have been available for over a decade.

ENISA concluded that the technique used for the DDoS attack is by no means new; and its impact was felt because many network providers do not use Best Current Practice 38 (BCP38), which have been around for almost 13 years. A similar set of recommendations for DNS server operators (BCP140, published in 2008) would have reduced the number of servers that can be misused for DNS amplification attacks. If these recommendations had been implemented by all operators, traffic filtering would block such attacks.

In its information Flash Note, ‘Can Recent Cyber Attacks Really Threaten Internet Availability?’ ENISA also reports that the ‘digital assault caused noticeable delays for Internet users, primarily in the UK, Germany and other parts of Western Europe’. The attack on Spamhaus lasted more than one week. In its final phase, the enormous amount of traffic generated caused problems at the London Internet Exchange.

ENISA says that a number of lessons can be learned from the attack, including:

  • Attacks are increasing in size. The March 2013 attack on Spamhaus reached a size of more than 300 Gigabits of data per second while the biggest reported DDoS attack in 2012 was at 100 Gigabits of data per second.
  • Size matters. At this size of attack, even commercial Internet exchange points, which normally have very high capacity infrastructure, can be compromised.

The Agency makes three technical recommendations:

  • Relevant service operators should implement BCP38;
  • Operators of DNS servers should check whether their servers can be misused, and should implement BCP 140;
  • Internet exchange point operators should ensure they are protected against direct attacks.

Read the ENISA Flash Note

•Date: 12th April 2013 • Europe/UK •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here