Blackhole Filtering & DDoS attack on Blue Security’s operational system
What on earth is a DoS attack..
A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.
A DoS attack can be perpetrated in a number of ways. There are three basic types of attack:
- consumption of computational resources, such as bandwidth, disk space, or CPU time
- disruption of configuration information, such as routing information
- disruption of physical network components
So what on earth is DDoS..
In a distributed attack, the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack, often through a botnet/dosnet. With enough such slave hosts, the services of even the largest and most well-connected websites can be denied.
Starting Monday, May 1st, the Blue Community has been the target of a criminal spammer. This criminal spammer, PharmaMaster, is attempting to deny our community the right to opt-out from his spam messages.
Aside from blackmail emails sent to community members, there were two separate attacks on Blue Security itself. The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system.
When we realized the spammer had blocked access to our website to obstruct members from using our service or access our website to receive more information, we performed a series of tests to determine what had happened. These tests clearly indicated that the corporate site was not subject to a DDoS attack since it was accessible from inside Israel and there was no load on the system. These symptoms were in accordance to what the spammer had indicated he would do (i.e. block all traffic to our site from outside of Israel) in an ICQ session.
In order to inform our community of what had happened, we used a previously-existing blog site for the Blue Community which had been host to our corporate website prior to July 2005. We posted a short blog item to inform our users and other constituents of the situation and how we were working to solve the issue. After the name server had been updated such that traffic to www.bluesecurity.com reached the blog, the blog was active and functioning and many users had posted comments. It was only 40 minutes after the redirection that PharmaMaster decided to launch a DDoS attack on www.bluesecurity.com, now hosted at TypePad.
Blue Security shares the pain of blogs.com's community that was seriously affected PharmaMaster's criminal acts. Those who blame Blue Security for the attack only further the agenda of PharmaMaster to impose his will on all Internet users.
Courtesy: bluesecurity
