[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency

Damian Menscher damian at google.com
Fri Dec 26 17:42:17 UTC 2014


On Fri, Dec 26, 2014 at 9:27 AM, Anthony Eden <anthony.eden at dnsimple.com>
wrote:

> We published an incident report after our outage:
>
> http://blog.dnsimple.com/2014/12/incident-report-ddos/
>
> I have not yet seen an incident report from Rackspace.
>

Thank you for posting that (I'd forgotten I'd seen it).  And thank you for
the detailed report, not just describing the root cause (DDoS on DNS
servers), but also revealing traffic type and volume (random subdomain
attack at 50Mpps/25Gbps) and your internal procedure for responding to it
(black-box monitoring to detect the outage, post status notice after 10
minutes, assemble team via a Hangout after 20 minutes, try various
technical mitigations, etc).  This level of detail is rare in a public
report, but greatly appreciated.  Hopefully others will learn from your
example.

Damian

On Fri, Dec 26, 2014 at 2:02 AM, Damian Menscher <damian at google.com> wrote:
>
>> Has anyone seen details of the attack styles or volumes?  It would be
>> helpful to share attack knowledge with the community so others know what to
>> prepare for.
>>
>> Damian
>>
>> On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>
>> wrote:
>>
>>>
>>> https://news.ycombinator.com/item?id=8784210
>>>
>>> After the successful attacks against Rackspace, Namecheap, DNSsimple
>>> and 1&1, it is clear that dDoS attacks against DNS servers are very
>>> common this winter, and they succeed :-(
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141226/dd57c78b/attachment.html>


More information about the dns-operations mailing list