Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root

Slides:

Advertisements

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Advertisements

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.

UNIT 13 Time Clauses. How do we show the time relationship between two sentences? We often use time words like: When Until Before After As / While Once.

L-Root: Expanding Distribution in Africa. 2 One of 13 root name servers containing Internet Protocol addresses Operated by ICANN using anycast technology.

Self-Managing Anycast Routing for DNS

SCION: Scalability, Control and Isolation On Next-Generation Networks

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

June 2007APTLD Meeting/Dubai ANYCAST Alireza Saleh.ir ccTLD

W4140 Network Laboratory Lecture 13 Dec 11 - Fall 2006 Shlomo Hershkop Columbia University.

Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Using Multiple Gateways to Foil DDOS Attack by David Wilkinson.

The iPremier Company: Denial of Service Attack

L-Root September, 2014 ICANN DNS Operations. 2  “L” is one of 13 independently operated root servers serving the DNS root zone  The ICANN DNS OPS team.

Routing for an Anycast CDN Martin J CloudFlare MENOG14 - Dubai - March 2014.

Best Practices in IPv4 Anycast Routing Version 0.9 August, 2002 Bill Woodcock Packet Clearing House.

Multicast and Anycast Mike Freedman COS 461: Computer Networks

IP Address Classes How large is the network part in an IP address? Today we use network masks to tell Originally, IP had address classes with fixed numbers.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

1 A 曾天財指導教授：梁明章教授. Types of Attacks  Penetration  Eavesdropping  Man-in-the-Middle  Flooding 2.

Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

DNS root server deployments George Michaelson DNS operations SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

STRENTHENING YOUR EXTERNAL DNS External DNS Overview DNS Background Strengthening External DNS with Anycast Example of an Anycast DNS Service.

Bill Trelease VP – CTO Delhi Telephone Company

A One Year Study of Internet IPv6 Traffic Haakon Ringberg Craig Labovitz Danny McPherson Scott.

ICANN Fellowship Program. 2  Program Goals  Awareness: Engage representatives from developing nations  Participation: Build capacity within ICANN community.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

ARIN Engineering Mark Kosters. Engineering Theme Continue to work on a surge Lots of work to do (but a great deal now done) Supplementing staff with contractors.

1 W. Owen – ISECON 2003 – San Diego Designing Labs for Network Courses William Owen Michael Black School of Computer & Information Sciences University.

ARIN on the Road, Halifax May 21, 2015 John Sherwood.

Architecting the Network Part 3 Geoff Huston Chief Scientist, Internet Telstra ISOC Workshop.

Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ

Measuring IPv6 Deployment Geoff Huston George Michaelson

Measuring IPv6 Deployment Geoff Huston George Michaelson

Natick Public Schools Technology Update April 23, 2007 Dennis Roche, CISA Director of Technology.

BCOP on Anti-Spoofing Long known problem Deployment status Reason for this work Where more input needed.

1 TWNIC Update Sheng Wei Kuo, TWNIC NIR SIG, 28 th APNIC OPM.

Tony McGregor RIPE NCC Visiting Researcher The University of Waikato DAR Active measurement in the large.

1 APNIC Update. 2 4th time at NZNOG … Let’s do something different this time.

Use cases Navigation Problem notification Problem analysis.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

SoCal Infrastructure OptIPuter Southern California Network Infrastructure Philip Papadopoulos OptIPuter Co-PI University of California, San Diego Program.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

FIRST TC 2002 John Kristoff - DePaul University 1 Local Network Attacks John Kristoff DePaul University Chicago, IL

台灣電腦網路危機處理中心暨協調中心 Taiwan Computer Emergency Response Team / Coordination Center Impacts of slammer worm in Taiwan The first message about the worm we got.

Sample Presentation Headline REPRESENTATIVE SUBHEAD TO SUPPORT SUBJECT Presenter’s Name Presenter’s Title Presentation Date DeterLab A Tool for Cybersecurity.

Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Root Server Deployment Update Frank Salanitri Project & Systems Services Manager, APNIC.

IEPG November 1999 APNIC Status Report. Membership Resource Status Recent Developments Future Plans Questions?

Mark Kosters Engineering Status Report. Engineering Theme 2011 success was aided by contractors Lots of work yet to do (but a great deal now done) An.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

Benefits and Value of an IXP The IXP Value Proposition.

Confidential – © 2014 Equinix Inc. IP Renumbering APRICOT 2016 S Vijayakumar Equinix IX – Peering Platform Updates.

Deployable Filtering Architectures Against Denial-of-Service Attacks Department of Computer Science University College London Telephone: +44 (0)

Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

IPv6 Matrix Project - Page 1 IPv6 Matrix Project Tracking IPv6 connectivity Worldwide Dr. Olivier MJ.

How LinkedIn used TCP Anycast to make the site faster Ritesh Maheshwari Shawn Zandi.

APNIC Report LACNIC VIII Lima, Perú.

Architecting the Network Part 3

Who should be responsible for risks to basic Internet infrastructure?

DDoS Attack and Its Defense

Presentation transcript:

Root Server Attacks on 6 Feb 2007 A perspective from the L Root Server Steve Conte - ICANN / L Root

6 Feb 2007 On 6 Feb 2007 a Distributed Denial of Service (DDoS) attack was launched against the DNS Root Servers. Packets were mostly mal-formed DNS Queries Traffic appears to have mainly come from the Asia / Pacific region Attack came in two distinct waves with a sustained baseline attack Most end-users would not have noticed the attack Anycasting was extremely successful in diluting the strength of this attack L Root is a unicast (one instance) network Pg 1

(not so) Pretty Pictures Pg 2

L Root Actions  Two action groups:  Team 1 worked on the attack and existing instance of L Root  Team 2 traveled to new location to bring up the new L Root cluster Pg 3

Team 1 (The Attack)  Two distinct attacks  Saw sustained attack traffic throughout the day  Participated with the other Root Server Operators  Acted as the information conduit to executive staff Pg 4

Team 2 (The Fix)  New instance was due to go live the week after the attack  Team 2 traveled to location to bring up instance  Some issues with BGP and announcements caused some route flaps  New instance immediately soaked the attack and still handled real queries  Teams shut off the “legacy” instance after new cluster stabilized Pg 5

Pg 6

New Infrastructure  Increased capacity by over 1000%  Better peering  Can handle more queries per second (qps)  Better monitoring, reporting and notification tools  Borrowed a packet generator to test the new infrastructure ( Pg 7

L Root Today Pg 8

Why Upgrade?  L Root’s infrastructure was “legacy”  Older model routers, switches and servers  Limited peering choices  Donated some equipment to NSRC and planning on donating most of the rest as soon as we finish disassembly. Pg 9

L Root - Future Plans  Site Hardening  Anycasting  First Anycast location for L Root will be in Miami, FL USA  Working on a roll-out schedule  Peering, Peering and more Peering Pg 10

Resources   (D. Knight - ISC)   (available at the ICANN Booth) Pg 11

Questions?