The infamous “top-secret” document-leaking web site WikiLeaks recovered just Monday from what appeared to be a massive, week-long DDoS attack from thousands of distinct IP addresses.
The group took assistance from security and performance firm Cloudfare in order to handle the extra capacity needed to withstand the attack– over 10 gigabits per second.
A posting on the site states:
“The bandwidth used is so huge it is impossible to filter without specialized hardware, however… the DDoS is not simple bulk UDP or ICMP packet flooding, so most hardware filters won’t work either. The range of IPs used is huge. Whoever is running it controls thousands of machines or is able to simulate them.”
The attack targeted most all of the WikiLeaks infrastructure, including its auxiliary sites and donations system.
WikiLeaks administrators believe that the attack involved the Domain Name System, remarking:
We believe that the attack method is a so called “DNS amplification
attack.” Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.
A group calling itself “Anti Leaks” has claimed credit for the DDoS attack.