Presentation is loading. Please wait.

Presentation is loading. Please wait.

Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root

Published byCora Davidson Modified over 8 years ago

Similar presentations

Presentation on theme: "Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root"— Presentation transcript:

1 Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root steve.conte@icann.org

2 6 Feb 2007 On 6 Feb 2007 a Distributed Denial of Service (DDoS) attack was launched against the DNS Root Servers. Packets were mostly mal-formed DNS Queries Traffic appears to have mainly come from the Asia / Pacific region Attack came in two distinct waves with a sustained baseline attack Most end-users would not have noticed the attack Anycasting was extremely successful in diluting the strength of this attack L Root is a unicast (one instance) network Pg 1

3 (not so) Pretty Pictures Pg 2

4 L Root Actions  Two action groups:  Team 1 worked on the attack and existing instance of L Root  Team 2 traveled to new location to bring up the new L Root cluster Pg 3

5 Team 1 (The Attack)  Two distinct attacks  Saw sustained attack traffic throughout the day  Participated with the other Root Server Operators  Acted as the information conduit to executive staff Pg 4

6 Team 2 (The Fix)  New instance was due to go live the week after the attack  Team 2 traveled to location to bring up instance  Some issues with BGP and announcements caused some route flaps  New instance immediately soaked the attack and still handled real queries  Teams shut off the “legacy” instance after new cluster stabilized Pg 5

7 http://dnsmon.ripe.net Pg 6

8 New Infrastructure  Increased capacity by over 1000%  Better peering  Can handle more queries per second (qps)  Better monitoring, reporting and notification tools  Borrowed a packet generator to test the new infrastructure (http://www.ixiacom.com/) Pg 7

9 L Root Today Pg 8

10 Why Upgrade?  L Root’s infrastructure was “legacy”  Older model routers, switches and servers  Limited peering choices  Donated some equipment to NSRC and planning on donating most of the rest as soon as we finish disassembly. Pg 9

11 L Root - Future Plans  Site Hardening  Anycasting  First Anycast location for L Root will be in Miami, FL USA  Working on a roll-out schedule  Peering, Peering and more Peering Pg 10

12 Resources  http://www.root-servers.org http://www.root-servers.org  http://www.nanog.org/mtg-0702/presentations/knight.pdf (D. Knight - ISC) http://www.nanog.org/mtg-0702/presentations/knight.pdf  http://dnsmon.ripe.net http://dnsmon.ripe.net  http://icann.org/announcements/factsheet-dns-attack-08mar07_v1.1.pdf (available at the ICANN Booth) http://icann.org/announcements/factsheet-dns-attack-08mar07_v1.1.pdf Pg 11

13 Questions? john.crain@icann.org steve.conte@icann.org

Download ppt "Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root"

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.
UNIT 13 Time Clauses. How do we show the time relationship between two sentences? We often use time words like: When Until Before After As / While Once.

UNIT 13 Time Clauses. How do we show the time relationship between two sentences? We often use time words like: When Until Before After As / While Once.
L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.

L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
SCION: Scalability, Control and Isolation On Next-Generation Networks

SCION: Scalability, Control and Isolation On Next-Generation Networks
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD
W4140 Network Laboratory Lecture 13 Dec 11 - Fall 2006 Shlomo Hershkop Columbia University.

W4140 Network Laboratory Lecture 13 Dec 11 - Fall 2006 Shlomo Hershkop Columbia University.
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.

Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.
The iPremier Company: Denial of Service Attack

The iPremier Company: Denial of Service Attack
L-Root September, 2014 ICANN DNS Operations. 2  “L” is one of 13 independently operated root servers serving the DNS root zone  The ICANN DNS OPS team.

L-Root September, 2014 ICANN DNS Operations. 2  “L” is one of 13 independently operated root servers serving the DNS root zone  The ICANN DNS OPS team.
Routing for an Anycast CDN Martin J CloudFlare MENOG14 - Dubai - March 2014.

Routing for an Anycast CDN Martin J CloudFlare MENOG14 - Dubai - March 2014.
Best Practices in IPv4 Anycast Routing Version 0.9 August, 2002 Bill Woodcock Packet Clearing House.

Best Practices in IPv4 Anycast Routing Version 0.9 August, 2002 Bill Woodcock Packet Clearing House.
Multicast and Anycast Mike Freedman COS 461: Computer Networks

Multicast and Anycast Mike Freedman COS 461: Computer Networks
IP Address Classes How large is the network part in an IP address? Today we use network masks to tell Originally, IP had address classes with fixed numbers.

IP Address Classes How large is the network part in an IP address? Today we use network masks to tell Originally, IP had address classes with fixed numbers.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
1 A0953355 曾天財 指導教授:梁明章 教授. Types of Attacks  Penetration  Eavesdropping  Man-in-the-Middle  Flooding 2.

1 A 曾天財 指導教授:梁明章 教授. Types of Attacks  Penetration  Eavesdropping  Man-in-the-Middle  Flooding 2.

Similar presentations

Ads by Google