DNS.be DDOS

Published: 2011-04-05
Last Updated: 2011-04-05 06:37:33 UTC
by Mark Hofman (Version: 1)
1 comment(s)

Another DDOS slipped by almost unnoticed (thanks Arnt). A report in  Datanews (http://datanews.rnews.be/nl/ict/nieuws/nieuwsoverzicht/2011/04/04/botnet-viseert-belgie/article-1194984299269.htm# in Dutch) mentions that the .be domain was under attack last Sunday.  Requests were being made of the servers relating to MX records for other domains.  The .be name servers do not look after this information and correctly responded. However the end result was that two out of the 8 servers were overloaded. Even should the other servers be overloaded the TLD is anycast hosted and another 41 or so servers could jump into action.  Hence the attack went largely unnoticed by the public.

Mark H 

Keywords: DDOS DNS
1 comment(s)

Comments

This is a wrong article and the result of publishing before the facts are known. The facts are that a botnet was badly configured and so searched for wrong addresses over and over again. This has been established by CERT.be and FCCU.be and was published a bit later. http://datanews.rnews.be/nl/ict/aanval-op-be-was-mislukte-spamactie/article-1194985579030.htm
also the dns infrastructure itself was never totally hampered. But it shows that ddos protection is now one of the priorities for every critital infrastructure and webservice.

Diary Archives