An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses. The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million queries per second, were fired at the servers. The Internet Assigned Numbers Authority (IANA) stated that there was minimal impact to the Internet at large, though some traffic saturated network connections near some DNS root name server instances. There are no known reports of end-user visible error conditions during, and as a result of this incident. Since the DNS protocol is designed to cope with partial reachability among a set of name servers, the impact was limited to potentially minor delays for some name lookups when a recursive name server needs to query a DNS root name server (e.g. a cache miss “This would have manifested itself as a barely perceptible initial delay in some web browsers or other client programs (such as “ftp” or “ssh”). As per IANA, the amplified queries were sent to most of the DNS root name server letters, and the source addresses were randomized and distributed.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street