Following the news about Imperva Stats On Dyn DDoS Attack Size, Ofer Gayer, product manager at Imperva for the Incapsula product line commented below.
Ofer Gayer, Product Manager at Imperva for the Incapsula product line:
“There is still quite a bit of speculation swirling on the size of the DDoS attack on Dyn last Friday. We know there were 100,000 Mirai botnet nodes – which is not especially large in our experience. So, in our estimation, there are two likely causes. The attack may have been a high-volume attack – over 500 million packets per second – that overwhelmed the Dyn infrastructure. Or, the attack may have been relatively small – 50-100 million packets per second – and the attack itself was “amplified” by what is known as a retry storm from their millions of legitimate users, making the job of differentiating between good and bad traffic very hard.”
- Is a 100,000-node botnet big?
- Not really. Example of a 180,000-node botnet mitigated https://www.incapsula.com/blog/headless-browser-ddos.html
- Are DNS services especially vulnerable?
- They do suffer from being open systems:
“Effective DDoS mitigation is synonymous with accurate traffic filtering. For that reason DNS amplification attacks are actually easier to deflate as all uninitiated DNS responses are highly suspect and could be filtered on-edge, without any impact on the regular traffic flow. For example, one could categorically drop all unexpected DNS responses to port 53.
However, this isn’t the case for seemingly legitimate DNS flood queries, which cannot be dismissed before they are individually processed at the server level.
With on-edge filtering bypassed, and the path to the server CPU cores laid wide open, DNS floods have the potential to bring down even the most resilient of networks. ”
More here https://www.incapsula.com/blog/massive-dns-ddos-flood.html
- How can companies prevent attacks on their DNS infrastructure?
- How to Prevent DNS DDoS Attacks https://www.incapsula.com/blog/how-dns-attacks-work-and-what-you-can-do.html
- Is Mirai that sophisticated?
- Analysis of Mirai https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.htmland a 10/27 with our Mirai research team https://app.webinarjam.net/register/33114/1e3306e905
- Has the Incapsula network been hit with Mirai?
- Yes, on August 17 and October 7 https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
- What’s a big DDoS attack measured in million packets per second (Mpps)
- https://www.incapsula.com/blog/throughput-forwarding-rate-ddos-attacks.html
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.