[dns-operations] Continued weekly DDoS fun

Tom Daly tom at dyn-inc.com
Mon Jan 12 08:33:32 UTC 2009

We're running into a recurring problem with DDoS to our ns1-5.dyndns.org nameservers on a weekly basis. Seems as though Saturday rolls around and *wham*, we get the packet love.

Sources appear to be spoofed, but typically reverse/trace back to space in APAC. Characters of the attack is usual large size ICMP and/or TCP SYN floods to 15000, 19000, 34000 (and sometimes 25, and 80). Typical magnitude is around 500 megabits. They payloads don't have anything meaningful in them near as I can tell.

Our normal countermeasures are holding this back no problem, but the frequency is getting pretty annoying. Is anyone else seeing anything similar? Anyone have any more advanced mitigation techniques then the good old 'find and filter' cat and mouse game?


Tom Daly
tom at dyn-inc.com
Dynamic Network Services, Inc.

More information about the dns-operations mailing list