[nsp-sec] DNS DDoS uptick
Chris Morrow
morrowc at ops-netman.net
Tue Apr 7 12:24:00 EDT 2009
On Tue, 7 Apr 2009, Rodney Joffe wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> I wanted to share with you an observation that may describe a coming
> problem...
>
> we've been on the end of two DDoS's in the last week. One is port 53 against
> our DNS infrastructure, the other against a DNS related service, our mail and
> web forwarding capability. We have not had a measurable DDoS for at least the
> last year.
>
> Register.com has been suffering from a major DNS DDoS since last week.
Register seemed to make their lives way worse with their mitigation
provider though... so it's hard to say what impact the DDoS had vs
config/admin tomfoolery on the mitigation/customer end of the problem.
>
> I understand that AfterNIC is currently undergoing an attack - believed to be
> DNS.
>
> This "feels" like a sea change in the environment.
could be, or it could be that other folks have a turn in the barrel after
ultra's last 5 years? Do the other folks (non-ultra) have decent
mitigation options? Do they do it in house or emergency-turnup with an
outside provider like Register seems to have done? Are their local eng
folks up to date on their dos monitoring/alerting/mitigation
practices/procedures?
There are quite a few factors here, and often it's been clear that
customers don't prepare for DoS issues until it's their turn in the barrel
:( I would chalk up register to just this sort of mess actually... sadly.
-Chris
More information about the nsp-security
mailing list