[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency

alex flores alex at mordormx.net
Fri Dec 26 18:01:55 UTC 2014


Very nice and detailed report, I have learned a lot of it!
Thanks

Alejandro Flores Lopez
On Dec 26, 2014 11:56 AM, "Damian Menscher" <damian at google.com> wrote:

> On Fri, Dec 26, 2014 at 9:27 AM, Anthony Eden <anthony.eden at dnsimple.com>
> wrote:
>
>> We published an incident report after our outage:
>>
>> http://blog.dnsimple.com/2014/12/incident-report-ddos/
>>
>> I have not yet seen an incident report from Rackspace.
>>
>
> Thank you for posting that (I'd forgotten I'd seen it).  And thank you for
> the detailed report, not just describing the root cause (DDoS on DNS
> servers), but also revealing traffic type and volume (random subdomain
> attack at 50Mpps/25Gbps) and your internal procedure for responding to it
> (black-box monitoring to detect the outage, post status notice after 10
> minutes, assemble team via a Hangout after 20 minutes, try various
> technical mitigations, etc).  This level of detail is rare in a public
> report, but greatly appreciated.  Hopefully others will learn from your
> example.
>
> Damian
>
> On Fri, Dec 26, 2014 at 2:02 AM, Damian Menscher <damian at google.com>
>> wrote:
>>
>>> Has anyone seen details of the attack styles or volumes?  It would be
>>> helpful to share attack knowledge with the community so others know what to
>>> prepare for.
>>>
>>> Damian
>>>
>>> On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr>
>>> wrote:
>>>
>>>>
>>>> https://news.ycombinator.com/item?id=8784210
>>>>
>>>> After the successful attacks against Rackspace, Namecheap, DNSsimple
>>>> and 1&1, it is clear that dDoS attacks against DNS servers are very
>>>> common this winter, and they succeed :-(
>>>>
>>>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141226/d42a8390/attachment.html>


More information about the dns-operations mailing list