Earlier this month, some security companies disclosed that the global domain name root servers suffered two large-scale attacks, but the attack has begun now.
Earlier this month, some security companies disclosed that the global domain name root servers suffered two large-scale attacks, but the attack has begun now. The name server’s (ROOT DNS) main role is to help customers worldwide resolve domain names, rather than each time a user enters the corresponding IP addresses.
Also Read: Best Website To Learn Ethical Hacking
If ROOT DNS is paralyzed, then we do not have a direct access method that uses the domain name of the corresponding Web site; you may have to manually enter the string of numbers for access.
For Domain Name Root Server (ROOT DNS), DDoS Attacks Began
However, ROOT DNS in early December already suffered two large-scale attacks, each lasting for about two hours, a query peak of 500 million times per second.
Despite the early attack does not seem to affect anything for ordinary Internet users, the puzzle is now attacked began; it seemed like a test of new means of attack.
Kaspersky released yesterday called for ROOT DNS Tweets attacks to begin; Kaspersky tweets also said this is not the end of the show off what.
December 4, 2015
Event of 2015-11-30
On November 30, 2015, and December 1, 2015, over two separate intervals, several of the Internet Domain Name System’s root name servers received a high rate of queries. This report explains the nature and impact of the incident.
While it’s common for the root name server to see anomalous traffic, including high energy loads for varying periods of time, this event was large, noticeable via external monitoring system, and fairly unique in nature, so this report is offended in the interests of transparency.
1. Nature of Traffic
On November 30, 2015, at 06:50 UTC DNS root name server began receiving a high rate of queries. The queries were well-formed, valid DNS messages for a single domain name. The elevated traffic levels continued until approximately 09:30 UTC.
On December 1, 2015, at 05:10 UTC DNS root name server again received a similar rate of queries, this time for a different domain name. The event traffic continued until 06:10 UTC.
Most, but not all, DNS root name server letters received the query load. DNS root name servers that use IP anycast observed this traffic at a significant number of anycast sites.
The source addresses of these particular queries appear to be randomized and distributed throughout the IPv4 address space. The observed traffic volume due second, per DNS root name server letter receiving the traffic.
2. Impact of Traffic
The incident traffic saturated network connections near some DNS root name server instances. This resulted in timeouts for valid, normal queries to some DNS root name servers from some locations.
As Kaspersky said, peak 500 times per second query ROOT DNS hardly any impact on the global user almost no feeling. But if someone is testing new means of attack, the attacker may not stop within a short time and may continue to increase the scale of the attack, it may eventually have an impact on ROOT DNS.
Currently, IANA (Internet Assigned Numbers Authority, the Internet Assigned Numbers mechanism) that cannot trace the source of the attacker because the attacker can easily forge IP addresses to avoid tracking.