[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency

Kumar Ashutosh askuma at microsoft.com
Sat Dec 27 05:56:36 UTC 2014


Great details Anthony.

From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf Of alex flores
Sent: Friday, December 26, 2014 23:32
Cc: dns-operations
Subject: Re: [dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency


Very nice and detailed report, I have learned a lot of it!
Thanks

Alejandro Flores Lopez
On Dec 26, 2014 11:56 AM, "Damian Menscher" <damian at google.com<mailto:damian at google.com>> wrote:
On Fri, Dec 26, 2014 at 9:27 AM, Anthony Eden <anthony.eden at dnsimple.com<mailto:anthony.eden at dnsimple.com>> wrote:
We published an incident report after our outage:

http://blog.dnsimple.com/2014/12/incident-report-ddos/

I have not yet seen an incident report from Rackspace.

Thank you for posting that (I'd forgotten I'd seen it).  And thank you for the detailed report, not just describing the root cause (DDoS on DNS servers), but also revealing traffic type and volume (random subdomain attack at 50Mpps/25Gbps) and your internal procedure for responding to it (black-box monitoring to detect the outage, post status notice after 10 minutes, assemble team via a Hangout after 20 minutes, try various technical mitigations, etc).  This level of detail is rare in a public report, but greatly appreciated.  Hopefully others will learn from your example.

Damian

On Fri, Dec 26, 2014 at 2:02 AM, Damian Menscher <damian at google.com<mailto:damian at google.com>> wrote:
Has anyone seen details of the attack styles or volumes?  It would be helpful to share attack knowledge with the community so others know what to prepare for.

Damian

On Wed, Dec 24, 2014 at 1:56 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr<mailto:bortzmeyer at nic.fr>> wrote:

https://news.ycombinator.com/item?id=8784210

After the successful attacks against Rackspace, Namecheap, DNSsimple
and 1&1, it is clear that dDoS attacks against DNS servers are very
common this winter, and they succeed :-(

_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net<mailto:dns-operations at lists.dns-oarc.net>
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141227/436f978d/attachment.html>


More information about the dns-operations mailing list