[Outages-discussion] [outages] NeuStar UltraDNS ? ** Why DDOS Neustar?

David Conrad drc at virtualized.org
Thu Jul 12 11:04:03 EDT 2012


> Having scared and been at the front line myself like many of you, a
> couple speculation comes to my mind,
> 
> 1. political
> 2. possibly someone trying to challenge ultradns ddos protection claim

3. Victim pisses off Attacker.  Attacker buys some time on Botnet.  Botnet targets Victim's name server in addition to other resources used by Victim.  Name server happens to be shared amongst lots of people.  If Botnet is big enough ("crunch all you want, we'll zombify more"), Attacker takes down Victim, but also every other person sharing the name server.

> What I like to understand is, being heavily anycasted did this outage
> impact several anycast instances?

Wild supposition with no actual data:

With an anycast deployment, it generally makes sense to deploy anycast instances close to eyeballs.  However, in a botnet attack, the sources of traffic are those eyeballs.  As a result, the anycast instances used by most folks are the ones that get hammered the hardest.

Regards,
-drc




More information about the Outages-discussion mailing list