SlideShare a Scribd company logo

Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS

M
Michiel Cazemier

Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS University of Twente Holland Strikes Back 2016 www.hollandstrikesback.nl

Internet
1 of 26
Download to read offline
DDoS Attacks on the Root DNS Presented by Ricardo de Oliveira Schmidt October 4th, 2016 The Hague, Netherlands Presentation copyright © 2016 by Ricardo de Oliveira Schmidt
Reference: Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman To appear at ACM Internet Measurements Conference (IMC), 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)
Distributed Denial of Service
Distributed Denial of Service ? ? ? ?
Distributed Denial of Service ? ? ? ?
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service New record! 665 Gb/s!!!
Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up"
Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up" "Someone has a botnet with capabilities we haven't seen before" Martin McKeay, Akamai
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service More than 150,000 DDoS in two years with profit of US$ 600,000 vDos homepage
Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
Distributed Denial of Service Image copyrights © thehackernews.com
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky
Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky "Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security
DNS is hierarchical Multiple layers of servers Root, TLDs, 2nd-level TLDs, ... The root is the very basis of it The DNS root-level top level domains 2nd-level TLDs . .nl .com .utwente .sidn 1 2 3 www.utwente.nl ? 130.89.3.249
13 nameservers (from a to m) Operated by 12 different organizations Each run a distributed service (anycast) Multiple physical locations Multiple servers per location 500+ instances of service More info at http://www.root-servers.org The Root DNS A B C D E F G H I J K L M EVN BCN AMS BEG BUD ATH ... BNE ZRH S1 S2 ... Sn
DDoS attack on the Root DNS Peak of 35+ Gb/s 5 million queries/sec Impact was moderate Thanks to the robustness of the whole system The Nov. 30 Event
What was the impact? Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H) Did not see attack traffic D, L, M Problems on reachability! The Nov. 30 Event 0 2000 9000 numberofVPswithsuccessfulqueries B C 0 5000 E F 1000 9000 G H 0 4500 7000 I J 0 6000 9000 0 5 10 15 20 25 30 35 40 45 hours after 2015-11-30t00:00 UTC K 0 5 10 15 20 25 30 35 40 45 A D L M
What was the impact? For those that still see service... ...performance problems ... 6x higher delay for G The Nov. 30 Event 0 50 100 150 200 250 300 350 0 5 10 15 20 25 30 35 40 45 medianRTT(ms) hours after 2015-11-30t00:00 UTC B-Root C-Root G-Root H-Root K-Root B-Root C-Root G-Root H-Root K-Root
Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR Frankfurt
Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR 0 7 29 45 .nlinstances hours after 2015-11-30t00:00 UTC NL-AMS NL-FRA
The Root DNS handled the situation quite well... ... at no time the service was completely unreachable Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering! True diversity is key to avoid collateral damage The Lessons Learned
Learn from the Root DNS experiences Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies It does not matter if... ... someone was showing off ... someone was testing/scanning the infrastructure ... someone is learning how to take down the Internet It was a big wake up call, this is critical infrastructure! Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with. And, What Now?
Acknowledgements: Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber SIDN Labs, NLnet Labs and SURFnet Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/ r.schmidt@utwente.nl http://www.ricardoschmidt.com

Recommended

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
Ozkan E
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3
Moshe Zioni
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
 

Recommended

DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
How to launch and defend against a DDoS
How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
Ozkan E
 
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
 
DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3DDoS mitigation EPIC FAIL collection - 32C3
DDoS mitigation EPIC FAIL collection - 32C3
Moshe Zioni
 
DNS Security
DNS SecurityDNS Security
DNS Security
johnmcclure00
 
The Anatomy of DDoS Attacks
The Anatomy of DDoS AttacksThe Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
 
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Ruo Ando
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
AFRINIC
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
johnmcclure00
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
Laura L. Adams
 
9534715
95347159534715
9534715
Pavel Odintsov
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020
APNIC
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
Glenn McKnight
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
Beibei Yang
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
Positive Hack Days
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
Suzanne Aldrich
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
Security Session
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
thaidn
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
Pavel Odintsov
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
Pavel Odintsov
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
Milad Es'Haghi
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
Devang Badrakiya
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Brenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicBrenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de Titanic
Michiel Cazemier
 
Giovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlGiovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nl
Michiel Cazemier
 

More Related Content

What's hot

IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
johnmcclure00
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
Laura L. Adams
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
Peter R. Egli
 

What's hot (20)

Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
Grehack2013-RuoAndo-Unraveling large scale geographical distribution of vulne...
 
Dnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defsDnssec tutorial-crypto-defs
Dnssec tutorial-crypto-defs
 
IPv6 Threat Presentation
IPv6 Threat PresentationIPv6 Threat Presentation
IPv6 Threat Presentation
 
Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014Cloudshield_DNS Tips_032014
Cloudshield_DNS Tips_032014
 
9534715
95347159534715
9534715
 
DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020DNS-OARC 34: Measuring DNS Flag Day 2020
DNS-OARC 34: Measuring DNS Flag Day 2020
 
DNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael CasadevallDNS Over HTTPS by Michael Casadevall
DNS Over HTTPS by Michael Casadevall
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
 
Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017Anatomy of DDoS - Builderscon Tokyo 2017
Anatomy of DDoS - Builderscon Tokyo 2017
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
DDoS Attacks and Countermeasures
DDoS Attacks and CountermeasuresDDoS Attacks and Countermeasures
DDoS Attacks and Countermeasures
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigation
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
DrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
 
DNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security ExtensionsDNSSEC - Domain Name System Security Extensions
DNSSEC - Domain Name System Security Extensions
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 

Viewers also liked

DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS SaldırılarıDNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
BGA Cyber Security
 

Viewers also liked (8)

Brenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de TitanicBrenno de Winter - Op naar de Titanic
Brenno de Winter - Op naar de Titanic
 
Giovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nlGiovane Moura - Cybersecurity voor .nl
Giovane Moura - Cybersecurity voor .nl
 
Roel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kansRoel van Rijsewijk - Cyberrisisco als kans
Roel van Rijsewijk - Cyberrisisco als kans
 
Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?Erik de Jong - Cybersecurity - waar gaat het fout?
Erik de Jong - Cybersecurity - waar gaat het fout?
 
Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)Stan Hegt - Een bank beroven (in 15 minuten)
Stan Hegt - Een bank beroven (in 15 minuten)
 
Melanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the UglyMelanie Rieback - The Good, the Bad, and the Ugly
Melanie Rieback - The Good, the Bad, and the Ugly
 
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS SaldırılarıDNS Hizmetine Yönetlik DoS/DDoS Saldırıları
DNS Hizmetine Yönetlik DoS/DDoS Saldırıları
 
Ağ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziAğ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim Analizi
 

Similar to Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
Saumil Shah
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 

Similar to Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS (20)

Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016Lightning talks - Cyber Security Congres 2016
Lightning talks - Cyber Security Congres 2016
 
R u hacked
R u hackedR u hacked
R u hacked
 
KRNIC Data Driven DNS Security
KRNIC Data Driven DNS SecurityKRNIC Data Driven DNS Security
KRNIC Data Driven DNS Security
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South Africa
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
 
The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016Nominum Data Science Security Report, Fall 2016
Nominum Data Science Security Report, Fall 2016
 
Nominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security ReportNominum 2016 Fall Data Revelations Security Report
Nominum 2016 Fall Data Revelations Security Report
 
Securing your web infrastructure
Securing your web infrastructureSecuring your web infrastructure
Securing your web infrastructure
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
Network Security in 2016
Network Security in 2016Network Security in 2016
Network Security in 2016
 
Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017Network and Application Security 2017. Prediction 2017
Network and Application Security 2017. Prediction 2017
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 

Recently uploaded

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Delhi Call girls
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 

Recently uploaded (20)

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Samalka Delhi >༒8448380779 Escort Service
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 

Ricardo de Oliveria Schmidt - DDoS Attacks on the Root DNS

  • 1. DDoS Attacks on the Root DNS Presented by Ricardo de Oliveira Schmidt October 4th, 2016 The Hague, Netherlands Presentation copyright © 2016 by Ricardo de Oliveira Schmidt
  • 2. Reference: Anycast Vs. DDoS: Evaluating the November 2015 Root DNS Event Giovane C. M. Moura, Ricardo de O. Schmidt, John Heidemann, Wouter B. de Vries, Moritz Müller, Lan Wei and Cristian Hesselman To appear at ACM Internet Measurements Conference (IMC), 2016 (Technical Report ISI-TR-2016-709, USC/Information Sciences Institute)
  • 4. Distributed Denial of Service ? ? ? ?
  • 5. Distributed Denial of Service ? ? ? ?
  • 6. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 7. Distributed Denial of Service New record! 665 Gb/s!!!
  • 8. Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up"
  • 9. Distributed Denial of Service New record! 665 Gb/s!!! Even Akamai "gave up" "Someone has a botnet with capabilities we haven't seen before" Martin McKeay, Akamai
  • 10. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 11. Distributed Denial of Service More than 150,000 DDoS in two years with profit of US$ 600,000 vDos homepage
  • 12. Big and getting bigger 2012: 100 Gb/s 2016: 100 Gb/s is common, >1 Tb/s is possible Easy and getting easier 2012: many botnets with 1000+ nodes 2016: DDoS-as-a-service (Booters) offer few Gb/s @ US$ 5 Frequent and getting frequent-er 2002: the October 30 DNS Root event 2016: 3 recent big attacks (2015-11-30, 2015-12-01, 2016-06-25) Distributed Denial of Service
  • 13. Distributed Denial of Service Image copyrights © thehackernews.com
  • 14. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com
  • 15. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky
  • 16. Distributed Denial of Service Image copyrights © thehackernews.com "Someone Just Tried to Take Down Internet's Backbone with 5 Million Queries/Sec" Swati Khandelwal, thehackernews.com "Root DNS servers DDoS'ed: was it a show off?" Yuri Ilyin, Kaspersky "Someone Is Learning How to Take Down the Internet" Bruce Schneier, Schneier on Security
  • 17. DNS is hierarchical Multiple layers of servers Root, TLDs, 2nd-level TLDs, ... The root is the very basis of it The DNS root-level top level domains 2nd-level TLDs . .nl .com .utwente .sidn 1 2 3 www.utwente.nl ? 130.89.3.249
  • 18. 13 nameservers (from a to m) Operated by 12 different organizations Each run a distributed service (anycast) Multiple physical locations Multiple servers per location 500+ instances of service More info at http://www.root-servers.org The Root DNS A B C D E F G H I J K L M EVN BCN AMS BEG BUD ATH ... BNE ZRH S1 S2 ... Sn
  • 19. DDoS attack on the Root DNS Peak of 35+ Gb/s 5 million queries/sec Impact was moderate Thanks to the robustness of the whole system The Nov. 30 Event
  • 20. What was the impact? Most letters suffered a bit (E, F, I, J, K) a lot (B, C, G, H) Did not see attack traffic D, L, M Problems on reachability! The Nov. 30 Event 0 2000 9000 numberofVPswithsuccessfulqueries B C 0 5000 E F 1000 9000 G H 0 4500 7000 I J 0 6000 9000 0 5 10 15 20 25 30 35 40 45 hours after 2015-11-30t00:00 UTC K 0 5 10 15 20 25 30 35 40 45 A D L M
  • 21. What was the impact? For those that still see service... ...performance problems ... 6x higher delay for G The Nov. 30 Event 0 50 100 150 200 250 300 350 0 5 10 15 20 25 30 35 40 45 medianRTT(ms) hours after 2015-11-30t00:00 UTC B-Root C-Root G-Root H-Root K-Root B-Root C-Root G-Root H-Root K-Root
  • 22. Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR Frankfurt
  • 23. Collateral damage! D-Root was not targeted... ... but felt the attack Even SIDN (.nl) felt the attack: NO traffic in FRA and AMS The Nov. 30 Event 0 20 40 60 80 100 120 0 5 10 15 20 25 30 35 40 45 540 580 620 660 numberofVPs hours after 2015-11-30t00:00 UTC D-FRA D-SYD D-AKL D-DUB D-BUR 0 7 29 45 .nlinstances hours after 2015-11-30t00:00 UTC NL-AMS NL-FRA
  • 24. The Root DNS handled the situation quite well... ... at no time the service was completely unreachable Resilience of the Root DNS is not an accident... ... consequence of fault tolerant design and good engineering! True diversity is key to avoid collateral damage The Lessons Learned
  • 25. Learn from the Root DNS experiences Have in mind the possible very large DDoS attacks when... ... designing Internet systems ... improving countermeasures and mitigation strategies It does not matter if... ... someone was showing off ... someone was testing/scanning the infrastructure ... someone is learning how to take down the Internet It was a big wake up call, this is critical infrastructure! Things are escalating pretty fast and apparently we are not fully aware of what we are dealing with. And, What Now?
  • 26. Acknowledgements: Arjen Zonneveld, Jelte Jansen, Duane Wessels, Ray Bellis, Romeo Zwart, Colin Petrie, Matt Weinberg and Piet Barber SIDN Labs, NLnet Labs and SURFnet Self-managing Anycast Networks for the DNS (SAND) project | http://www.sand-project.nl/ NWO DNS Anycast Security (DAS) project | http://www.das-project.nl/ r.schmidt@utwente.nl http://www.ricardoschmidt.com