Support - Help
Review and analysis of attack traffic against A-root and J-root on November 30 and December 1, 2015
On November 30 and December 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. The twelve root operators jointly published a report of the incident (http://www.root-servers.org/news/events-of-20151130.txt). The event also generated spirited discussion and speculation on public mailing lists, website forums, and blog postings.
This presentation will specifically cover Verisign's observations and analysis of the attack in operating both A-root and J-root. Topics to be discussed include:
- A recap of the attack, including an exact timeline of the event along with some specifics of the traffic itself.
- A brief discussion about any perceivable impact on A-root and J-root, and the root as a whole.
- Actions taken before, during, and after the attack. What worked well? What could of been done better?
- A video that visualizes the attack as a Hilbert Curve representation. This analysis clearly suggests that the source addresses were spoofed.
- Assumptions regarding the purpose of the attack (Hint: the attacker was not specifically targeting the root servers)