Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - DNS.be DDOS InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DNS.be DDOS

Published: 2011-04-05
Last Updated: 2011-04-05 06:37:33 UTC
by Mark Hofman (Version: 1)
1 comment(s)

Another DDOS slipped by almost unnoticed (thanks Arnt). A report in  Datanews (http://datanews.rnews.be/nl/ict/nieuws/nieuwsoverzicht/2011/04/04/botnet-viseert-belgie/article-1194984299269.htm# in Dutch) mentions that the .be domain was under attack last Sunday.  Requests were being made of the servers relating to MX records for other domains.  The .be name servers do not look after this information and correctly responded. However the end result was that two out of the 8 servers were overloaded. Even should the other servers be overloaded the TLD is anycast hosted and another 41 or so servers could jump into action.  Hence the attack went largely unnoticed by the public.

Mark H 

Keywords: DDOS DNS
1 comment(s)
Diary Archives