from 31 March 2016 to 1 April 2016
Intercontinental Buenos Aires
America/Buenos_Aires timezone
Home > Timetable > Session details > Contribution details


Intercontinental Buenos Aires - Montserrat

Review and analysis of attack traffic against A-root and J-root on November 30 and December 1, 2015


  • Mr. Matt WEINBERG
  • Duane WESSELS

Primary authors

Abstract content

On November 30 and December 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. The twelve root operators jointly published a report of the incident ( The event also generated spirited discussion and speculation on public mailing lists, website forums, and blog postings.

This presentation will specifically cover Verisign's observations and analysis of the attack in operating both A-root and J-root. Topics to be discussed include:

  • A recap of the attack, including an exact timeline of the event along with some specifics of the traffic itself.
  • A brief discussion about any perceivable impact on A-root and J-root, and the root as a whole.
  • Actions taken before, during, and after the attack. What worked well? What could of been done better?
  • A video that visualizes the attack as a Hilbert Curve representation. This analysis clearly suggests that the source addresses were spoofed.
  • Assumptions regarding the purpose of the attack (Hint: the attacker was not specifically targeting the root servers)