Skip to main content

Suspected botnet tried to break the Internet by attacking root DNS servers

Someone tried to break the Internet last week by DDoSing the root DNS servers. Fortunately, It didn’t work.

For two and a half hours on November 30 a barrage of requests — five million queries every second — hit most of the Internet’s 13 root DNS servers. Another attack lasted an hour the next day. A sophisticated botnet is the likely source, but no one is sure what motivated the attack.

Recommended Videos

In any case, safeguards in place meant the Internet did not go down on November 30, or December 1st. Most people didn’t even notice the attack.

“My takeaway is that the event pretty much ‘didn’t happen’ for the ordinary user,” professor Randal Vaughn of Baylor University told Ars Technica. “They either failed to observe it or just didn’t associate any connectivity issues with an ongoing attack.”

Part of the reason for this is the robustness of the root DNS servers: they’re designed to stand up to a lot of traffic, so even attacks like this don’t amount to much. More importantly, most Internet users don’t make requests of the root DNS servers, instead using the DNS servers provided by an ISP or third party services like Google or OpenDNS.

“The DNS root name server system functioned as designed, demonstrating overall robustness in the face of large-scale traffic floods observed at numerous DNS root name servers,” said a report on the attack.

Still, the attack was unique. Geographically scattered computers sent billions of seemingly valid queries for a single domain name, then repeated the process for another domain the next day. The volume of traffic means someone has access to massive amounts of computing power, and even if it wasn’t nearly enough to cause any actual problems, it’s still troubling. The same power, directed at any other target, would’ve been far more successful at achieving its goal.

Justin Pot
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
Cloudflare just stopped one of the largest DDoS attacks ever
Hands on a laptop.

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

The HTTPS DDoS attack was one of the largest such attacks ever recorded, and it came from unusual sources -- data centers.

Read more
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more
Cloudflare reports a massive 175% increase in DDoS attacks
Person using laptop with security graphics in front.

Cloudflare, a web infrastructure and security company, has just released a report titled "DDoS Attack Trends for Q4 2021." According to Cloudflare, 2021 has been a particularly bad year in terms of DDoS attacks.

Ransom distributed denial of service (DDoS) attacks increased by over 175 percent quarter over quarter, highlighting the large scale of the problem described by Cloudflare.

Read more