Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: DNS.be DDOS SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DNS.be DDOS

Another DDOS slipped by almost unnoticed (thanks Arnt). A report in  Datanews (http://datanews.rnews.be/nl/ict/nieuws/nieuwsoverzicht/2011/04/04/botnet-viseert-belgie/article-1194984299269.htm# in Dutch) mentions that the .be domain was under attack last Sunday.  Requests were being made of the servers relating to MX records for other domains.  The .be name servers do not look after this information and correctly responded. However the end result was that two out of the 8 servers were overloaded. Even should the other servers be overloaded the TLD is anycast hosted and another 41 or so servers could jump into action.  Hence the attack went largely unnoticed by the public.

Mark H 

Mark

391 Posts
ISC Handler
This is a wrong article and the result of publishing before the facts are known. The facts are that a botnet was badly configured and so searched for wrong addresses over and over again. This has been established by CERT.be and FCCU.be and was published a bit later. http://datanews.rnews.be/nl/ict/aanval-op-be-was-mislukte-spamactie/article-1194985579030.htm
also the dns infrastructure itself was never totally hampered. But it shows that ddos protection is now one of the priorities for every critital infrastructure and webservice.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!