The BBC reports that Spamhaus, an anti-spam outfit, and Cyberbunker, a Web host that will host anything including spam sites, got in a spat recently after Spamhaus blocked a few of Cyberbunker’s servers. In retaliation, Cyberbunker reportedly launched a massive DDoS against Spamhaus.

So, how does this affect the Internet at large? Spamhaus’ DNS servers are under attack, and these servers are what helps convert IP addresses into domain names. Spamhaus hosts servers all around the world so these attacks are slowing down the Internet for everyone.

What’s terrifying about all of this is that Cyberbunker is launching attacks that peak at 300 gigabits per second. To put that into perspective, Spamhaus CEO Steve Linford says that a 50 gigabit attack is enough to bring down a major bank. How is Spamhaus still online then? The distributed nature of the company’s servers ensures that it can stay up amidst the attacks, and companies that rely on Spamhaus’ services, like Google, are reportedly offering up servers to absorb a lot of the traffic.

The attacks have been going on over a week now, and show no sign of slowing down. It’s already being called the biggest cyber attack in history. It’s gotten so bad that five national cyber-police-forces are launching investigations into the incident. There’s no telling when the attacks will die down either. Cyberbunker is reportedly coordinating the attacks, but the actual traffic is said to be coming from criminal outfits in Eastern Europe and Russia.

We’ll continue following this story, and let you know of any developments. It will be interesting to see what will happen if things escalate. Maybe Danny Hillis wasn’t too far off the mark when he argued that the Internet needed a Plan B just in case something like this happened.

To prevent this, Google is going to use its popularity to notify users of infected computers. The search engine will notify users using a large warning at the top of a Google search results page. The warning will only appear on computers that are infected.

This announcement came on the Google Online Security Blog in a Google+Online+Security+Blog%29″>post by Google Security Engineer Damian Menscher. From the post:

Our goal with this notification is to raise awareness of DNSChanger among affected users. We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it.

This isn’t the first time Google has used its considerable influence to try and help users protect their computers against malware. Last July, Google issued similar warnings to users who were being redirected through proxies by fake antivirus software.

It might look something like this, courtesy of the news section at YCombinator.com:

Today’s sysadmin todo list:

0. Get corporate membership with EFF.
1. Identify all applications with user-generated content.
2. Move all associated domains to a non-US based registrar.
3. Migrate DNS, web serving and other critical services to non-US based servers.
4. Migrate yourself to a non-US controlled country.

I’m sorry for US sites and users. Your government is hell-bent on turning the internet into a read-only device like TV, easily regulated and controlled. The population will be required to sit quietly and keep their eyes glued on the screen so they don’t miss the ads, with any infringers deemed terrorists and pedophiles and thus deserving of summary punishment by DHS squads.

Hopefully the internet will route around the damaged segment, and the rest of us can continue to enjoy the amazing interactivity it has brought our society.

As TechDirt points out, the attitude of the government, as well as the content industry’s lobbyists, is one that doesn’t seem to mind if these very valid criticisms exist. TechDirt refers to at as the “what’s the big deal” attitude, and it’s quite fitting, especially when you consider the haphazard disregard federal law enforcement couldn’t care less about the multitude of gigabytes worth of legitimate content on Megaupload.

All they cared about was taking down a notorious file-infringing service.

There is one caveat to the sysadmin todo list, and it concerns moving to a non-US DNS servers and registrars. After SOPA took its initial public relations beatdown, Lamar Smith quickly surfaced to amend the bill to only target foreign sites. So while the government might not be able to seize a site with the characteristics the todo list describes, if SOPA were to pass, they could very well block it.

Whatever the case, if you’re at all worried about getting seized, perhaps a move to another non-US-based service might be in order.

Lead image courtesy.

In a pastebin post that we won’t link to for obvious reasons, a member of Anonymous posted a document called “Operation Global Blackout.” You may remember #OpGlobalBlackout from a previous Anonymous video that promised the take down of major Web sites, but this threat is a lot bigger.

Anonymous claims that they are going to take down the 13 root DNS servers that power the entirety of the Internet on March 31. They even list the IP addresses for the 13 servers to let other members join in on the attack.

They say that by cutting off these DNS servers, they will essentially disable the HTTP Internet. Anybody looking up something as simple as http://www.google.com will be met with an error page. They want to remind citizens, however, that they are not trying to kill the Internet, they just want to hit where it hurts most.

They outline the new tool that will be used to accomplish this goal. It’s called the Reflective DNS Amplification Tool. It will attack the root servers with static IP addresses that will allow them to keep on attacking the servers while the Internet is down.

They end the post with these words:

We know you wont’ listen. We know you won’t change. We know it’s because
you don’t want to. We know it’s because you like it how it is. You bullied us into your delusion. We have seen you brutalize harmless old womans who were protesting for peace. We do not forget because we know you will only use that to start again. We know your true face. We know you will never stop. Neither are we. We know.

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
You know who you are, Expect us.

It’s hard to really tell if this is a true threat due to the decentralized nature of Anonymous. It could just be a baseless threat. We’ve reached out to one of the few confirmed Anonymous sources for comment, but have yet to hear back. If we do, we will update this story.

It’s now the biggest such service in the world, according to Google, handling an average of over 70 billion requests a day. Google Public DNS software engineer Jeremy K. Chen writes on the Official Google Blog:

DNS acts like the phone book of the Internet. If you had to look up hundreds or thousands of phone numbers every day, you’d want a directory that was fast, secure and correct. That’s what Google Public DNS provides for tens of millions of people.

Google Public DNS has become particularly popular for our users internationally. Today, about 70 percent of its traffic comes from outside the U.S. We’ve maintained our strong presence in North America, South America and Europe, and beefed up our presence in Asia. We’ve also added entirely new access points to parts of the world where we previously didn’t have Google Public DNS servers, including Australia, India, Japan and Nigeria.

Shortly after launch, we made a technical proposal for how public DNS services can work better with some kinds of important web hosts (known as content distribution networks, or CDNs) that have servers all of the world. We came up with a way to pass information to CDNs so they can send users to nearby servers. Our proposal, now called “edns-client-subnet,” continues to be discussed by members of the Internet Engineering Task Force. While we work with the IETF, other companies have started experimenting with implementing this proposal.

Google Public DNS complies with the Google’s main privacy policy, and collects the IP address (temporarily), ISP, and location information (in permanent logs). Google says this is to make the service “faster, better, and more secure.” The data is used for debugging purposes, as well as to analyze abuse and improve prefetching. IP info is erased after 24 hours.

Amazon Route 53 can be used to route end users to multiple AWS services including Amazon EC2, an Amazon Elastic Load Balancer or an Amazon S3 bucket, and to infrastructure outside of AWS.

Route 53 features a self-service design with a pay-as-you-go model where users pay only for managing domains through the service and the number of queries that the service answers.

Amazon Route 53 uses a network of DNS servers located across the globe, which  allows businesses to keep their web applications available. Amazon Route 53 also lets users place controls over who can manage their DNS system by allowing integration with AWS Identity and Access Management (IAM).

“Our customers have asked for a DNS service with all the same qualities of the other AWS services that they use every day – flexible, scalable, no commitment, inexpensive, and pay-as-you go,” said Tal Saraf, General Manager of Amazon CloudFront.

“That’s exactly what Amazon Route 53 provides. Now AWS customers who need a DNS service don’t have to work with a separate provider and instead can get this additional infrastructure service with the AWS platform.”

Google says the service is part of its ongoing effort to make the web faster. This is an initiative that the company stresses time and time again. In its announcement, the company says:

Most of us aren’t familiar with DNS because it’s often handled automatically by our Internet Service Provider (ISP), but it provides an essential function for the web. You could think of it as the switchboard of the Internet, converting easy-to-remember domain names — e.g., www.google.com — into the unique Internet Protocol (IP) numbers — e.g., 74.125.45.100 — that computers use to communicate with one another.

The average Internet user ends up performing hundreds of DNS lookups each day, and some complex pages require multiple DNS lookups before they start loading. This can slow down the browsing experience. Our research has shown that speed matters to Internet users, so over the past several months our engineers have been working to make improvements to our public DNS resolver to make users’ web-surfing experiences faster, safer and more reliable. You can read about the specific technical improvements we’ve made in our product documentation and get installation instructions from our product website.

Privacy

Google says Google Public DNS complies with the company’s main privacy policy. Google collects the IP address (temporarily), ISP, and location information (in permanent logs) to make the service "faster, better, and more secure."  They use the data to conduct debugging, analyze abuse, and improve prefetching. Any IP info is erased after 24 hours. No information collected is stored with the user’s Google account, they don’t share the data with anyone, and they don’t use information with any other Google products.

Google has information available on setting up Google Public DNS on your computer or router at the Google Code Blog. The product page has additional info, and the FAQ page goes into support and technical information.

Related Articles:

> Google Launches Site Performance Feature

> Google Announces SPDY Application-Layer Protocol

> Google Provides Tool For Speeding Up Web Pages

Although the details behind the DNS flaw were leaked ahead of Kaminsky’s talk at the Black Hat Conference, numerous nameservers around the Internet received a crucial fix even before the leak.

Getting those nameservers patched started for admins on July 9, when a number of major technology vendors jointly released a patch for the problem. Left unpatched, a vulnerable system could be tricked into sending people requesting a given domain name to a different domain.

That would be a conduit to stealing personal information and/or infecting the arriving visitor’s machine. Making the patch available required a significant effort, one that Kaminsky credited the industry with taking during his Black Hat talk.

“The industry rallied pretty ridiculously to do something about this, with hundreds of milllions protected,” Kaminsky noted in presentation slides he made available on his blog.

Administrators for Apple systems running DNS will see a patch among the items arriving in a newly-released security update for their OS X operating system. The widely discussed cache poisoning flaw could cause a nameserver to return forged information to a system requesting it.

Numerous major vendors met earlier in the year to discuss the problem with DNS. On July 8, Microsoft, Cisco, and others released a patch to address what has been described as the most serious flaw ever seen online.

Exploit code quickly became available once a security researcher, Halvar Flake, speculated on the nature of the flaw. A security firm briefed on the flaw confirmed the hypothesis with a blog post they published and subsequently withdrew, unfortunately not before many witnessed that confirmation.

If exploited, a cracked nameserver could redirect requests for websites to any site of the attacker’s choosing. Couple that with a well-forged financial site, and the criminal owns an easy way to steal personal information with no indication to the victim about the event.

The BIND nameserver is turned off by default in OS X, limiting the scope of the vulnerability on the platform. But considering the deep roots OS X has in Unix-type operating systems, it seems strange the company took so long to follow the rest of the industry in patching DNS.

Improvements include:

• Site owners can now see their own backlinks.
• Verify an IP address is really Googlebot done but by using a reverse+forward DNS lookup.
• An option to easily remove URLs from the index. Google’s URL removal tool has been ported into the webmaster console, and it allows site owners to see and revoke their self-removals.
• Show how many people are subscribed to my website’s feeds in Google Reader: DONE, but not in the console. Google Reader now reports these numbers when fetching feeds. Feedburner will give you even more stats for free.
• Communicate with webmasters in an authenticated way: DONE. Just last week, Google added a webmaster message center provide authenticated communication with site owners. The Webmaster Central team has done of ton of other stuff in the last few months as well.

Upcoming features will be based on the list below:

• More information about penalties or other scoring issues
• Tools for detecting or reporting duplicate content
• Show links on your site that are broken
• Score the crawlability or accessibility of pages
• Tool to help move from one domain to a new domain
• Tell Google the correct country or language for a site
• Show PageRank numbers instead of none/low/medium/high
• Diagnostic wizard for common site problems
• Some type of rank checking
• Show causes of 404 errors
• A way to list supplemental result pages
• Option to "disavow" backlinks from or to a site
• Fetch a page as Googlebot to verify correct behavior
• Tell Google a parameter doesn’t matter
• More documentation and examples
• Ability to show/download all pages from a site (e.g. if your server crashed)
• Integrate "Add URL" feature.

If you have more ideas, post your suggestions at his blog.

Comments