8-9 September 2014
Assembly Buildings
Europe/London timezone

Latest Internet Plague: Random Subdomain Attacks

9 Sep 2014, 09:40
Assembly Buildings

Assembly Buildings

2-10 Fisherwick Place Great Victoria Street Belfast Antrim BT1 6DW
Main Session


Mr Ralf Weber (Nominum)


DNS DDoS attacks continue, fueled by open DNS proxies. Now they're stressing resolvers and authorities worldwide using pseudo random subdomains. In June of 2014 there was a 400% increase in this traffic and popular domains continue to be targeted. Analysis of recent DNS data reveals other interesting details. For instance, Response Rate Limiting in authorities appears to aggravate attacks. This presentation will cover the latest attack data as well as tests of the major resolvers showing the impact of capabilities to mitigate them, ranging from changes in recursive behaviors to filtering traffic at ingress.

Primary authors

Bruce Van Nice (Nominum) Mr Ralf Weber (Nominum)

Presentation Materials