[dns-operations] Storm on the DNS
Marek Vavruša
marek.vavrusa at nic.cz
Tue Dec 8 16:18:33 UTC 2015
Interesting things:
* 5mpps didn't consume the resources (back of the napkin calculations
says ~ 6 servers should cope with this), but saturated the pipes
* It looks easy to filter on fw, and RRL *should* mitigate this simple
attack (alas it wouldn't help much with saturated networks)
Does anybody know what kind of countermeasures were deployed (both
in-DNS and other filtering)?
Marek
On 8 December 2015 at 16:05, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Tue, Dec 01, 2015 at 09:16:58AM +0100,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
> a message of 21 lines which said:
>
>> Same thing this morning: shorter but apparently more powerful (more
>> servers down).
>
> And a press release "corporate style":
>
> http://root-servers.org/news/events-of-20151130.txt
>
> Trying to downplay the problem by pretending that DNSmon is not
> indicative of what happens to normal traffic. (I used dig and other
> programs during the storm and they confirmed that DNSmon was right.)
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list