[dns-operations] DNS servers "probed" by people who want to kill the Internet?

Roland Dobbins rdobbins at arbor.net
Thu Sep 15 08:45:12 UTC 2016

On 15 Sep 2016, at 14:37, Stephane Bortzmeyer wrote:

> But is there a chance someone here knows more about it?

We tend to see a repeated cycle of between 18 and 36 months wherein 
upper management and executives of some Internet-facing networks (both 
enterprise and ISPs) gradually become aware of the unfortunate 
operational reality of constant DDoS attacks - often as a result of a 
successful DDoS attack which had a negative impact on the availability 
of their organizations, or organizations within their vertical market 
peer-group.  Once they gain this new awareness, some become quite 
alarmed, and make the assumption that they're being targeted 
specifically - which may be true - and that the sophistication and size 
of the attacks they're seeing are beyond the means of anyone but 
state-sponsored actors - which is manifestly untrue.

This is perfectly understandable; it is a very serious situation, and is 
quite disturbing for those who are just becoming acquainted with this 
Hobbesian state of affairs on the global Internet.  There's a high 
degree of threat asymmetry in favor of the attackers - unless the 
defenders take positive steps to alter that calculus in their own favor.

The abovementioned awareness cycle seemed to kick off about 4 months 
ago; it of course takes time to reach its peak.  We're now at the peak, 
or near it, IMHO.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list