The British spambestrijder Spamhaus has let know that in december, ddos attacks must be processing a relatively new type of. The attackers chose an snmp-based attack where the target is flooded with udp packets.
Spamhaus suggests that the shift signalled in the type of attack on his website. Instead of ‘classic’ dns amplification attacks, where the dns system is abused, the attackers of the spambestrijder recently chosen to be the snmp protocol to abuse. Also through this relatively new method they have been able to maintain a stream of udp packets with spoofed ip addresses to a destination to send. Because many snmp servers via this type of attack, with a relatively small aanvalsstroom on the knees to get, and therefore the underlying web servers become inaccessible, could an snmp attack is an effective weapon.
Spamhaus is in the course of the years several times due to ddos’ers are put to the test. In the month of december was, however, a snmp ddos attack process, which in size was comparable with the largest ‘classic’ ddos attack on its infrastructure. In cooperation with government agencies and security companies, says Spamhaus, the attacks have cut off and in the meantime steps have been taken to the instigators.
According to Spamhaus, a website is good to protect against snmp attacks. The lines of defence should preferably be as ‘high as possible’, so far away from the goal, to be erected. By using a firewall, ip packet filtering on potentially spoofed addresses through the ingress – and egress-filtering, most ddos attacks are all parried. Spamhaus, however, suggested that webhosts don’t have to make a firewall for their snmp server and to restrict access to a small number of ip addresses.