The Internet's demise has now been officially downgraded to Exaggerated. If you are reading this, then the WebberNets did not nearly melt down this week, despite the best efforts of Russian spam merchants and Egyptian cable cutters.
As InfoWorld's Ted Samson reports, the Net's latest near-death experience was neither all that near nor very deadly. But you could be forgiven for believing the Net was about to join the choir invisible, if you read the headlines of most mainstream reports or visited the websites of the parties involved.
[ Cash in on your IT stories! Send your IT tales to email@example.com. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
Simply put, some very nasty spammers decided to try and put a virtual bullet into the head of Spamhaus, a volunteer organization that keeps a close watch on these scum and provides a continually updated blacklist of the worst offenders, all to help ISPs keep most of this trash off their networks. First they flooded Spamhaus' servers with traffic, then they took aim at some of the Web's interconnection points; CloudFlare, the vendor Spamhaus asked to help mitigate the attacks, has a nice account of it. In a matter of days CloudFlare was able to deter the attack, but not until after massive waves of garbage traffic flooded the InterWebs, possibly slowing access for users in Europe.
DDoS: The last refuge of the spammer scoundrels
The attack on Spamhaus is very reminiscent of a similar DDoS attack against an antispam company called Blue Security, which began marketing its Blue Frog software in 2005. Blue Frog's method for combating spam was simple: Any time a Blue Frog user flagged a message as spam, the software automatically sent a legal opt-out request to the spammer. The huge volume of opt-out requests worked as a kind of DDoS attack in reverse, overwhelming the servers of the spam merchants. As an early user of Blue Frog, I have to say it made flagging spam much more satisfying knowing that the bastards were getting some of their own thrown back at them.
The trick must have worked, because the spammers launched a relentless, massive zombie attack against Blue Security's website. In an attempt to defend itself, Blue redirected the traffic to its blog, which was hosted by Six Apart. That ended up taking Six Apart's server farm offline, along with a few thousand other blogs. Nobody was very happy with that outcome.
In that instance, the spammers won. After nearly three weeks of relentless attacks, Blue Security threw in the towel in May 2006 and exited the antispam business. For years afterward, Blue Security CEO Eran Reshef refused to talk about what happened.
Fortunately for us in the nonspam world, Spamhaus was better prepared for an attack on this scale, probably because DDoS attacks are nothing new to Spamhaus' founder Steve Linford.