Thanks for the information Romeo I wonder if perhaps you would consider doing a presentation at the next WG meeting on the issues you encountered and mitigation techniques you used.
Thanks Brett -- Brett Carr Senior DNS Engineer Nominet UK > On 15 Dec 2015, at 12:35, Romeo Zwart <[email protected]> wrote: > > Dear colleagues, > > Yesterday, Monday 14 December 2015, RIPE NCC Authoritative DNS services > were functioning in a severely degraded state during parts of the day. > > This was due to an attack on one of the ccTLDs for which the NCC hosts a > secondary DNS service. The attack traffic started around 08:00 UTC. RIPE > NCC staff applied various countermeasures during the day. These > mitigations were effective for some time. However, after implementing > each of these mitigations, the traffic patterns were modified to evade > them. Towards the end of the day, the volume of the attack traffic > targeted at our servers had increased to such a level that it was > overloading our incoming links and our mitigation measures were no > longer sufficiently effective. > > At that time we were forced to contact our upstream peers to assist us > with mitigation measures. Apart from the ccTLD service for the attacked > domain, normal services were restored at around 18:30 UTC. > > The attack is ongoing, and we continue with mitigation measures in order > to provide the best service possible under the circumstances. > > We note that attacks like this rely on spoofing source addresses in the > attack packets. Therefore, Source Address Validation and BCP-38 should > be used wherever possible to reduce the ability to abuse networks to > transmit spoofed source packets. > > Kind regards, > Romeo Zwart >
