Security Bytes

May 18 2007   2:36PM GMT

New details from cyberattack on Estonia

Leigha Leigha Cardwell Profile: Leigha

This morning I wrote about the blistering cyberattacks against the Baltic nation of Estonia in recent weeks. We’ve since come across an interesting blog posting from Jose Nazario over at Arbor Networks offering more detail on the size and scope of the attacks.

He analyzed a couple weeks of DDoS attacks on Estonia using internal tools and reporting systems, and identified 128 unique DDoS attacks on Estonian Web sites. Of these, 115 were ICMP floods, four were TCP SYN floods, and nine were generic traffic floods. Attacks were not distributed uniformly, with some sites seeing more attacks than others, he noted.

“The attacks themselves haven’t been steady … If we look at how many attacks occurred on every day, we can see that they peaked a week or so ago, but they haven’t necessarily stopped,” Nazario wrote. “As for how long the attacks have lasted, quite a number of them last under an hour. However, when you think about how many attacks have occurred for some of the targets, this translates into a very long-lived attack.”

The longest attacks were more than 10 and a half hours long, dealing a “truly crushing blow” to the endpoints, he added.

This was originally seen as an attack sponsored by the Russian government, fueled by anger over Estonia’s decision to move a Soviet-era World War II memorial statue. But infosec experts think this was more likely the work of smaller, organized hacking groups in control of hijacked computers around the world.

Technorati Tags: , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: