[dns-operations] Storm on the DNS

Marek Vavruša marek.vavrusa at nic.cz
Tue Dec 8 17:05:38 UTC 2015


On 8 December 2015 at 17:46, Paul Vixie <paul at redbarn.org> wrote:
> On Tuesday, December 08, 2015 05:18:33 PM Marek Vavruša wrote:
>
>> Interesting things:
>
>>
>
>> * 5mpps didn't consume the resources (back of the napkin calculations
>
>> says ~ 6 servers should cope with this), but saturated the pipes
>
>> * It looks easy to filter on fw, and RRL *should* mitigate this simple
>
>> attack (alas it wouldn't help much with saturated networks)
>
>
>
> yes, it should. and, RRL config changes were made during/after the attack.
>
>
>
> it is widely understood that any ddos mitigation countermeasure has its
> associated counter-countermeasures. there is no such thing as a silver
> bullet in this context. without arrests and lawsuits, which would depend on
> a level of identity and accountability that the internet generally fails to
> offer, security of this kind is a life-of-the-internet long dance.
>
>
>
>> Does anybody know what kind of countermeasures were deployed (both
>
>> in-DNS and other filtering)?
>
>
>
> it's difficult for me to precisely imagine how much you'd like any victim of
> any attack to say in public as to the precise nature, including the volume
> and the impact, of an attack. you are not the only audience for that
> information.

I'm comfortable with non-public disclosure or personal message.

> (yes, i know what kind of countermeasures were deployed. but i'm not going
> to speak for other rootops at all, and i'm not going to speak about c-root's
> experience in detail here in a public forum, and i'm mildly surprised that
> this reticence surprises anybody.)
>
>
>
> --
>
> P Vixie
>
> c-root

Okay.

--
Marek
no-root




More information about the dns-operations mailing list