SlideShare a Scribd company logo

DDoS Attacks on Root DNS Servers

M
Michiel Cazemier

Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS University of Twente Holland Strikes Back 2016 www.hollandstrikesback.nl

Internet
1 of 26
Download to read offline
DDoS Attacks on the Root DNS Presented by Ricardo de Oliveira Schmidt October 4th, 2016 The Hague, Netherlands Presentation copyright © 2016 by Ricardo de Oliveira Schmidt
Reference: Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman To appear at ACM Internet Measurements Conference (IMC), 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)
Distributed Denial of Service
Distributed Denial of Service ? ? ? ?
Distributed Denial of Service ? ? ? ?
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service New record! 665 Gb/s!!!
Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up"
Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up" "Someone has a botnet with capabilities we haven't seen before" Martin McKeay, Akamai
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service More than 150,000 DDoS in two years with profit of US$ 600,000 vDos homepage
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service Image copyrights © thehackernews.com
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky "Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security
DNS is hierarchical Multiple layers of servers Root, TLDs, 2nd-level TLDs, ... The root is the very basis of it The DNS root-level top level domains 2nd-level TLDs . .nl .com .utwente .sidn 1 2 3 www.utwente.nl ? 130.89.3.249
13 nameservers (from a to m) Operated by 12 different organizations Each run a distributed service (anycast) Multiple physical locations Multiple servers per location 500+ instances of service More info at http://www.root-servers.org The Root DNS A B C D E F G H I J K L M EVN BCN AMS BEG BUD ATH ... BNE ZRH S1 S2 ... Sn
DDoS attack on the Root DNS Peak of 35+ Gb/s 5 million queries/sec Impact was moderate Thanks to the robustness of the whole system The Nov. 30 Event
What was the impact? Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H) Did not see attack traffic D, L, M Problems on reachability! The Nov. 30 Event 0 2000 9000 numberofVPswithsuccessfulqueries B C 0 5000 E F 1000 9000 G H 0 4500 7000 I J 0 6000 9000 0 5 10 15 20 25 30 35 40 45 hours after 2015-11-30t00:00 UTC K 0 5 10 15 20 25 30 35 40 45 A D L M
What was the impact? For those that still see service... ...performance problems ... 6x higher delay for G The Nov. 30 Event 0 50 100 150 200 250 300 350 0 5 10 15 20 25 30 35 40 45 medianRTT(ms) hours after 2015-11-30t00:00 UTC B-Root C-Root G-Root H-Root K-Root B-Root C-Root G-Root H-Root K-Root
Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR Frankfurt
Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR 0 7 29 45 .nlinstances hours after 2015-11-30t00:00 UTC NL-AMS NL-FRA
The Root DNS handled the situation quite well... ... at no time the service was completely unreachable Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering! True diversity is key to avoid collateral damage The Lessons Learned
Learn from the Root DNS experiences Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies It does not matter if... ... someone was showing off ... someone was testing/scanning the infrastructure ... someone is learning how to take down the Internet It was a big wake up call, this is critical infrastructure! Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with. And, What Now?
Acknowledgements: Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber SIDN Labs, NLnet Labs and SURFnet Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/ r.schmidt@utwente.nl http://www.ricardoschmidt.com

Recommended

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...APNIC
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3Moshe Zioni
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 

Recommended

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and RiskSukbum Hong
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...APNIC
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)btpsec
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3Moshe Zioni
 
DNS Security
DNS SecurityDNS Security
DNS Securityjohnmcclure00
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksAcquia
 
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Ruo Ando
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
9534715
95347159534715
9534715Pavel Odintsov
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020APNIC
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallGlenn McKnight
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingBeibei Yang
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиPositive Hack Days
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasuresthaidn
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019Milad Es'Haghi
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the nameSecurity BSides London
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
Brenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicBrenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicMichiel Cazemier
 
Giovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlGiovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlMichiel Cazemier
 

More Related Content

What's hot

Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Ruo Ando
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsAFRINIC
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentationjohnmcclure00
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Laura L. Adams
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020APNIC
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallGlenn McKnight
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingBeibei Yang
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиPositive Hack Days
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Suzanne Aldrich
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasuresthaidn
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSSuzanne Aldrich
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 

What's hot (20)

Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
9534715
95347159534715
9534715
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 

Viewers also liked

Brenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicBrenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicMichiel Cazemier
 
Giovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlGiovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlMichiel Cazemier
 
Roel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kansRoel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kansMichiel Cazemier
 
Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?Michiel Cazemier
 
Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)Michiel Cazemier
 
Melanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the UglyMelanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the UglyMichiel Cazemier
 
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS SaldırılarıDNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS SaldırılarıBGA Cyber Security
 
Ağ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziAğ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziBGA Cyber Security
 

Viewers also liked (8)

Brenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicBrenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de Titanic
 
Giovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlGiovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nl
 
Roel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kansRoel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kans
 
Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?
 
Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)
 
Melanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the UglyMelanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the Ugly
 
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS SaldırılarıDNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
 
Ağ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziAğ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim Analizi
 

Similar to DDoS Attacks on Root DNS Servers

Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016SURFnet
 
KRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityKRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityAPNIC
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaCloudflare
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Andreas Taudte
 
The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksSaumil Shah
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Brian Metzger
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportYuriy Yuzifovich
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructureWP Engine
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaCloudflare
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016Qrator Labs
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Wallarm
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation SecurityCybera Inc.
 

Similar to DDoS Attacks on Root DNS Servers (20)

Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016
 
R u hacked
R u hackedR u hacked
R u hacked
 
KRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityKRNIC Data Driven DNS Security
KRNIC Data Driven DNS Security
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South Africa
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
 
The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 

DDoS Attacks on Root DNS Servers

  • 1. DDoS Attacks on the Root DNS Presented by Ricardo de Oliveira Schmidt October 4th, 2016 The Hague, Netherlands Presentation copyright © 2016 by Ricardo de Oliveira Schmidt
  • 2. Reference: Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman To appear at ACM Internet Measurements Conference (IMC), 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)
  • 4. Distributed Denial of Service ? ? ? ?
  • 5. Distributed Denial of Service ? ? ? ?
  • 6. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 7. Distributed Denial of Service New record! 665 Gb/s!!!
  • 8. Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up"
  • 9. Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up" "Someone has a botnet with capabilities we haven't seen before" Martin McKeay, Akamai
  • 10. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 11. Distributed Denial of Service More than 150,000 DDoS in two years with profit of US$ 600,000 vDos homepage
  • 12. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 13. Distributed Denial of Service Image copyrights © thehackernews.com
  • 14. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com
  • 15. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky
  • 16. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky "Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security
  • 17. DNS is hierarchical Multiple layers of servers Root, TLDs, 2nd-level TLDs, ... The root is the very basis of it The DNS root-level top level domains 2nd-level TLDs . .nl .com .utwente .sidn 1 2 3 www.utwente.nl ? 130.89.3.249
  • 18. 13 nameservers (from a to m) Operated by 12 different organizations Each run a distributed service (anycast) Multiple physical locations Multiple servers per location 500+ instances of service More info at http://www.root-servers.org The Root DNS A B C D E F G H I J K L M EVN BCN AMS BEG BUD ATH ... BNE ZRH S1 S2 ... Sn
  • 19. DDoS attack on the Root DNS Peak of 35+ Gb/s 5 million queries/sec Impact was moderate Thanks to the robustness of the whole system The Nov. 30 Event
  • 20. What was the impact? Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H) Did not see attack traffic D, L, M Problems on reachability! The Nov. 30 Event 0 2000 9000 numberofVPswithsuccessfulqueries B C 0 5000 E F 1000 9000 G H 0 4500 7000 I J 0 6000 9000 0 5 10 15 20 25 30 35 40 45 hours after 2015-11-30t00:00 UTC K 0 5 10 15 20 25 30 35 40 45 A D L M
  • 21. What was the impact? For those that still see service... ...performance problems ... 6x higher delay for G The Nov. 30 Event 0 50 100 150 200 250 300 350 0 5 10 15 20 25 30 35 40 45 medianRTT(ms) hours after 2015-11-30t00:00 UTC B-Root C-Root G-Root H-Root K-Root B-Root C-Root G-Root H-Root K-Root
  • 22. Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR Frankfurt
  • 23. Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR 0 7 29 45 .nlinstances hours after 2015-11-30t00:00 UTC NL-AMS NL-FRA
  • 24. The Root DNS handled the situation quite well... ... at no time the service was completely unreachable Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering! True diversity is key to avoid collateral damage The Lessons Learned
  • 25. Learn from the Root DNS experiences Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies It does not matter if... ... someone was showing off ... someone was testing/scanning the infrastructure ... someone is learning how to take down the Internet It was a big wake up call, this is critical infrastructure! Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with. And, What Now?
  • 26. Acknowledgements: Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber SIDN Labs, NLnet Labs and SURFnet Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/ r.schmidt@utwente.nl http://www.ricardoschmidt.com