Maybe the sky is only falling a little bit

There was quite a bit of breathless reporting last week about the DoS against Spamhaus and how it was large enough to break the Internet. As the postmortem has gone on, a few things are becoming clear.

  1. There was a lot of traffic, enough to swamp some major transit points.
  2. Most people, particularly in the US, saw no problems.
  3. Network engineers had more than a few sleepless nights trying to route around the DoS.
  4. Open DNS resolvers are evil and should be closed.

The Open DNS resolvers are, I think, a big issue. These are machines working as intended (ie, not infected with any software) that can be used to amplify traffic and maliciously attack other machines. It’s not the first time standard configurations of machines facilitated abuse (see smurf attack or open relay as examples). In those cases, though, there was considerable response by the Internet and security community to prevent abuse from those machines. Large providers instituted ingress filtering to stop their networks (and their customer networks) from participating in smurf attacks. List of open relays were published and prevented from mailing to large networks.
Overall, neither the number of smurf amplifiers nor the number of open relays have been brought to zero, their numbers have been reduced sufficiently so they are no longer major attack vectors.
I expect to see the  number of open resolvers decrease in the future as well. And if open resolvers aren’t closed, they may be isolated so they can’t hurt the rest of us. This may cause network problems for folks using open resolvers. But I can’t feel too sorry for them, when closing a resolver is simple and the price of leaving it open is so high for the rest of us.

Related Posts

So you want to start a company? (part 4)

You’re setting up a company (or a new division or maybe even a new brand) and you’d like to use email to communicate with your customers. In this series of posts I’m going to touch on some of the things you can do today to make email life easier for you in the future. Today’s final post is on DNS hosting and setup.

Read More

Spamhaus answers about the recent DoS attack

Answers about recent DDoS attack on Spamhaus

Read More

Troubleshooting tools

There have been a number of comments on my post about Hotmail moving to SPF authentication having to do with troubleshooting authentication failures. I have been helping clients troubleshoot these issues, and am able to take on new clients to solve authentication problems. Contact me for more information.
Of course, many of these issues can be solved with access to the right tools. Steve’s been working on a number of tools that may help the troubleshooting process and we’ve recently launched them on Emailstuff.org. The website itself contains a number of DNS and data related tools we use for investigations and thought we’d share with the public at large.
One of the really useful tools is the SPF record expander. Plug in any domain, like google.com, and see what IP addresses they authorize to send mail.

Read More