March 31, 2016 to April 1, 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone

Review and analysis of attack traffic against A-root and J-root on November 30 and December 1, 2015

Apr 1, 2016, 11:00 AM
Montserrat (Intercontinental Buenos Aires)


Intercontinental Buenos Aires

Buenos Aires, Argentina
Public Workshop Public Workshop: Research


Duane Wessels (Verisign)Mr Matt Weinberg (Verisign)


On November 30 and December 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. The twelve root operators jointly published a report of the incident ([][1]). The event also generated spirited discussion and speculation on public mailing lists, website forums, and blog postings. This presentation will specifically cover Verisign's observations and analysis of the attack in operating both A-root and J-root. Topics to be discussed include: - A recap of the attack, including an exact timeline of the event along with some specifics of the traffic itself. - A brief discussion about any perceivable impact on A-root and J-root, and the root as a whole. - Actions taken before, during, and after the attack. What worked well? What could of been done better? - A video that visualizes the attack as a Hilbert Curve representation. This analysis clearly suggests that the source addresses were spoofed. - Assumptions regarding the purpose of the attack (Hint: the attacker was not specifically targeting the root servers) [1]:

Primary authors

Duane Wessels (Verisign) Mr Matt Weinberg (Verisign)

Presentation materials