Spamhaus DDoS: History's biggest attack... since the last one

To all you vendors and PR folk filling my inbox with alarming emails about how the biggest DDoS attack in history is unfolding: Step back and breathe.

If not for my thick skin and cast-iron belly, I'd lose my breakfast over all the emails I'm getting about the DDoS attack that started with a fight beetween Spamhaus and their enemies.

"The biggest Internet attack in history"

"An attack that threatens the underpinnings of the Internet"

The news, as we reported yesterday, goes like this:

A tiff between a Dutch company and Spamhaus, which blacklists spammers, has turned into a cyber attack of epic proportions.

The distributed denial of service attack (DDoS) spread from the Spamhaus website to the rest of the Internet, reportedly affecting millions of rank and file Internet users.

Spamhaus became the target of the attack after it blacklisted Cyberbunker, a Dutch company, as a source of spam, The New York Times reported. Cyberbunker appears to be a wide open hosting service that will allow anyone to set up a website on its servers, save for pornographers and terrorists.

Although little is known about the group behind the cyber foray, an Internet activist, Sven Olaf Kamphuis, who claimed to be a representative for the attackers, told The Times the assault was in retaliation for Spamhaus "abusing their influence."

Spamhaus did not respond to a request for comment for this story.

The DDoS attack, which may be the largest ever seen in cyberspace, exploits the architecture of the Internet to marshal enormous amounts of traffic that can be aimed at a website to disrupt service to it.

True, this is a pretty big attack. True, it's causing slowdowns for a lot of people. But the biggest and most damaging? I heard that about the biggest DDoS of last week. And the week before. And last month. You get the picture.

We do need awareness when these attacks happen because infosec practitioners need the details to take appropriate action. But panic will never help them do their jobs. FUD usually has two outcomes: Some become desensitized and start to ignore their news feeds, leaving them open to peril when something serious is afoot, or they become overwhelmed. When you become overwhelmed on the job, you make mistakes.

Let's dial it down a few notches and carry on.

Copyright © 2013 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022