Many large cyber attacks could easily be prevented, but Internet Service Providers are failing to take basic, well-known security measures to stop them. This according to the European cyber security agency ENISA which said this week that Internet Service Providers in the EU have failed to implement a set of best practice recommendations which have been in place for 13 years, and which could reduce the scope of even the largest DDoS attacks.
The statement refers to the DDoS attack on anti-spam organisation Spamhaus, which was widely reported as being the largest such attack of all time. “Spamhaus started experiencing a significant DDoS attack on its servers on 16th March,” says ENISA.
“The attack spanned a period of more than one week and in the last stage of the attack, the enormous amount of traffic generated by the attack caused problems at the London Internet Exchange.”
ENISA says that the technique used, DNS amplification, has been known for “many years” and that a set of recommendations, Network Ingress Filtering or Best Current Practice 38 (BCP 38), would reduce the number of servers that could be used in such attacks.
“If the available recommendations were implemented by all networks, traffic filtering on border routers would block such attacks,” said ENISA. The organisation also recommended that operators of DNS servers should implement a separate set of recomendations, Preventing Use of Recursive Nameservers in Reflector Attacks (BCP 140), from 2008.
ENISA’s Executive Director, Professor Udo Helmbrecht, said: “Network Operators that have yet to implement BCP38 and BCP140 should seriously consider doing so without delay, failing which their customers, and hence their reputations, will suffer. Prevention is key to effectively countering cyber-attacks.”
Author Rob Waugh, We Live Security