Internet is falling

The headlines were apocalyptic. A disagreement between two companies had flared out of control and created the biggest ever cyberattack that had almost broken the internet. Armageddon was staved off for at least a bit longer,with cynics suggesting a security firm exaggerated the death of the Net to drum up business. Still,the incident highlighted gaps in internet infrastructure that are all too easily exploited.

It all started when a Dutch hosting company named Cyberbunker and a not-for-profit anti-spam registry called Spamhaus got into a spat,leading to distributed denial-of-service DDoS attacks,where multiple sources flood the resources of a targeted system with requests,leading to the target becoming overloaded and unable to accept new connections. DDoS attacks are used by hacktivist groups like Anonymous,but this was somewhat different in that it used Domain Name Service DNS reflection,which lets hackers send a small data packet,causing a DNS server to send,in turn,a larger packet at the target,amplifying the attack. What happened is that the attackers used a botnet,a network of connected computers controlled remotely,against Spamhaus and CloudFlare,a security firm Spamhaus hired to get it back online.

More than a decade ago,engineers presented a document called Best Current Practice 38,which described ways to thwart such attacks. BCP38 explained how internet service providers could detect forged internet addresses of the sort used here. But this simple fix has had few takers,mostly because ISPs have little economic or security incentive to adopt it. This attack was not as crippling as the hype made it out to be. But it pointed to critical gaps in internet security that can,and should,be plugged.