OARC 2015 Spring Workshop (Amsterdam)

Name: OARC 2015 Spring Workshop (Amsterdam)
Start: 2015-05-09T08:30:00+02:00
End: 2015-05-10T18:00:00+02:00
Location: Okura Hotel

9–10 May 2015

Okura Hotel

Europe/Amsterdam timezone

Support

Dealing with large DNS packet floods

9 May 2015, 16:00

30m

Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam

Public Workshop

Mr Marek Majkowski (CloudFlare)

DDoS attacks against DNS providers have been on the increase over the last few years. They have been growing in size and complexity, taking many prominent DNS providers offline. Today these attacks are a major concern to anyone running DNS servers. Operators are in a continual arms race against attackers. CloudFlare, one of the largest authoritative non-TLD providers, has had to learn the hard way how to deal with these attacks. We have learned how to keep our network operational, even with packet floods in excess of 200Gbps. In this talk, we'll explain what DNS packet floods look like and we'll share the details of our mitigation pipeline. In order to deflect the attacks we have developed some unique techniques that are not fully RFC compliant, but in an arms race operational realities win over protocol purity. Keywords: kernel bypass, sflow, flowspec, bpf

Mr Marek Majkowski (CloudFlare) Mr Ólafur Guðmundsson (CloudFlare Inc.)

Slides

dealing-with-dns-packet-floods.pdf

OARC 2015 Spring Workshop (Amsterdam)

Support

Dealing with large DNS packet floods

Heian I/II

Okura Hotel

Speaker

Description

Primary authors

Presentation materials