This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] RIPE NCC Authoritative and Secondary DNS services on Monday 14 December
- Previous message (by thread): [dns-wg] RIPE NCC Authoritative and Secondary DNS services on Monday 14 December
- Next message (by thread): [dns-wg] RIPE NCC Authoritative and Secondary DNS services on Monday 14 December
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Romeo Zwart
romeo.zwart at ripe.net
Tue Dec 15 18:48:25 CET 2015
Hi Brett, On 15/12/15 18:25 , Brett Carr wrote: > Thanks for the information Romeo I wonder if perhaps you would consider doing a presentation at the next WG meeting on the issues you encountered and mitigation techniques you used. We will consider it. As you will understand, and will have noticed in our communication about this, we are trying to balance providing operationally relevant information about the event with a desire to not aid in designing any future events. So the information we give will likely be unsatisfactory for many people in the technical audience we have here. However, we might be able to present more information in a somewhat generalised way that is still useful to the community. As said, we will consider it. Regards, Romeo > Thanks > > Brett > > -- > Brett Carr > Senior DNS Engineer > Nominet UK > >> On 15 Dec 2015, at 12:35, Romeo Zwart <romeo.zwart at ripe.net> wrote: >> >> Dear colleagues, >> >> Yesterday, Monday 14 December 2015, RIPE NCC Authoritative DNS services >> were functioning in a severely degraded state during parts of the day. >> >> This was due to an attack on one of the ccTLDs for which the NCC hosts a >> secondary DNS service. The attack traffic started around 08:00 UTC. RIPE >> NCC staff applied various countermeasures during the day. These >> mitigations were effective for some time. However, after implementing >> each of these mitigations, the traffic patterns were modified to evade >> them. Towards the end of the day, the volume of the attack traffic >> targeted at our servers had increased to such a level that it was >> overloading our incoming links and our mitigation measures were no >> longer sufficiently effective. >> >> At that time we were forced to contact our upstream peers to assist us >> with mitigation measures. Apart from the ccTLD service for the attacked >> domain, normal services were restored at around 18:30 UTC. >> >> The attack is ongoing, and we continue with mitigation measures in order >> to provide the best service possible under the circumstances. >> >> We note that attacks like this rely on spoofing source addresses in the >> attack packets. Therefore, Source Address Validation and BCP-38 should >> be used wherever possible to reduce the ability to abuse networks to >> transmit spoofed source packets. >> >> Kind regards, >> Romeo Zwart >> > >
- Previous message (by thread): [dns-wg] RIPE NCC Authoritative and Secondary DNS services on Monday 14 December
- Next message (by thread): [dns-wg] RIPE NCC Authoritative and Secondary DNS services on Monday 14 December
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]