The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Tuesday, May 09, 2006

Renesys calls BS on B.S.

I really need to learn to listen to those nagging doubts in the back of my head.

Yesterday, I wrote about the details of the attack on Blue Security. To summarize, according to Blue Security, the Russian spammer/hacker known as PharmaMaster somehow managed to arrange for the routers at an internet backbone site to null-route all communications to Blue Security from the outside world (in a technique that Blue Security called "blackhole filtering").

The questions remaining were: which internet backbone was it, and how did PharmaMaster manage it? Was it an inside job by someone in the pay of PharmaMaster, or did PharmaMaster actually break in? And why was corrupting a single backbone site sufficient to do the job?

Well today, Todd Underwood, Chief Operations and Security Officer of Renesys Corporation has a few things to say about it. Note that Renesys is a company that monitors internet routing changes.

In short, Underwood asserts that the attack was a simple garden-variety denial of service attack. This actually makes sense to me as I think about it. When a denial of service (DOS) attack is underway, one of the first things that the upstream providers will do is to use blackhole routing to protect the rest of the network.

Bottom line: the business about the blackhole filtering seems to be PR spin on Blue Security's part. More as this develops.


Post a Comment

<< Home