Comments on: Twitter denial-of-service reveals fragile infrastructure, morphing motives http://lastwatchdog.com/twitter-denial-of-service-reveals-fragile-infrastructure/ on Internet security by Byron Acohido Sat, 19 May 2012 12:59:58 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Joe Gersch http://lastwatchdog.com/twitter-denial-of-service-reveals-fragile-infrastructure/#comment-646 Joe Gersch Mon, 10 Aug 2009 20:00:17 +0000 http://lastwatchdog.com/?p=2491#comment-646 It's interesting to watch as the facts begin to get publicized in the twitter case. At first it was speculated to be a DNS attack, then later it wasn't. Now it is again. In any event, attacks against authoritative DNS servers can be mitigated, at least until the network pipes get saturated. DNS servers can be designed to reject amplified DNS floods as well as other types of DDoS attacks, and are being built to respond to huge amounts of DNS queries that modern networks are imposing on DNS systems. Nevertheless, I am surprised that other sites being served by the same DNS server at NTT didn't suffer. A DNS attack should affect ALL sites listed on the DNS server, not just twitter. It seems there is some more explanation needed on just what really happened. It’s interesting to watch as the facts begin to get publicized in the twitter case. At first it was speculated to be a DNS attack, then later it wasn’t. Now it is again.

In any event, attacks against authoritative DNS servers can be mitigated, at least until the network pipes get saturated. DNS servers can be designed to reject amplified DNS floods as well as other types of DDoS attacks, and are being built to respond to huge amounts of DNS queries that modern networks are imposing on DNS systems.

Nevertheless, I am surprised that other sites being served by the same DNS server at NTT didn’t suffer. A DNS attack should affect ALL sites listed on the DNS server, not just twitter. It seems there is some more explanation needed on just what really happened.

]]>