Large Scale DDoS Attempted Take Down of DNS Root Servers
Bohs Hansen / 5 years ago
Someone actually tried the impossible on two separate occasions, to take down the internet’s backbone. They did ultimately fail for multiple reasons, but at the same time, they actually got a surprisingly good result out of their attack.
Early last week the Internet’s DNS Root Servers, that are the authoritative reference for mapping domain names to IP addresses, were hit with a flood of as many as 5 million queries per second for up to three hours with the goal to crash the servers. The Distributed Denial of Service (DDoS) attack took place on November the 30th and December the 1st.
The DDoS attack effectively managed to take 3 of the 13 DNS Root Servers offline for a couple of hours which in itself is quite impressive. It does however not have any real effect on the world due to the nature of DNS’ structure. DNS servers are built up in a mesh structure which means that you’ll need to take down all of them at the same time to have any real effect. And that includes the thousands of DNS servers that users connect to from their ISPs as well as all the public ones. Should the request to one DNS server fail, another will jump in and you’ll merely have a minor delay and no breakdown.
According to an analysis published by the root server operators on Tuesday, each attack fired up to 5 million queries per second per DNS root name server, and that was enough to flood the network and cause timeouts on the B, C, G, and H root servers.
At this time, there is no indication of who or what was behind this large-scale DDoS attacks. The source IP addresses used in the attacks were very well distributed and randomized across the entire IPv4 address space, so there is no clue to go by. The same goes for the motive, maybe it was a ‘let’s see if we can do it’ thing.