Spamhaus apparently handled this attack like a champ, and one of their providers is bragging about their handling of this event. (indeed, defending successfully against the largest DDOS attack in history is worth bragging about). The Cloudflare blog has a lot of interesting information about this event as well, so I recommend reading it if you're in the IT field, and are curious how this particular attack / defense went down.
The main problem about this attack is it introduced a new form of DDOS, apparently related to Open DNS recursors. It is difficult to determine the attacker's IP addresses, and as long as there is some improperly configured DNS server out there... this attack is possible. There are discussions around tech blogs about how to solve the problem, but I'm not following it very much >_<. It looks pretty complicated, with no real solution, so this attack methodology may remain possible for the near future.
http://www.nytimes.com/2013/03/27/techn ... .html?_r=0
Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time.
However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, like e-mail and online banking.
http://www.foxnews.com/tech/2013/03/27/ ... tack-many/
“It's the largest publicly announced DDoS attack in the history of the Internet,” Gilmore said to the New York Times.
http://www.cbsnews.com/8301-205_162-575 ... e-effects/
"It is a small miracle that we're still online," Spamhaus researcher Vincent Hanna said in an interview.
I understand the issues with DNS reflection, but why are open resolvers the issue? Isn't the point of DNS to respond to requests with correct information?
Surely if random people can't connect to DNS resolvers and get information, they can't surf the net either? Someone has to resolve DNS for people for the internet to function, don't they?
DNS runs over UDP, which means the source of requests for information can be spoofed. Also, the amount of data of a response is significantly larger than the request, so you can use DNS resolvers to send significantly more data to a victim than you yourself need to generate by sending DNS queries with your victim as the source IP.
http://blog.cloudflare.com/the-ddos-tha ... e-internet
/\ Just a good overview. Gotta read it.