Blog Post

DNS DDoS Mid-Year Summary

By Bruce Van Nice

Posted on June 24, 2015 in: Network, Security

Tags: , ,

 

2014 saw numerous huge spikes in DDoS traffic – some as large as 5 billion queries per day across Nominum worldwide data set which covers around 3% of overall ISP DNS traffic. Extrapolating, this meant more than 150 Billion unwanted queries across the Internet on the peak days.

Read more

Blog Post

New Best Practice: Ingress Filtering to Deter DNS DDoS

By Bruce Van Nice

Posted on June 15, 2015 in: Security

Tags: , ,

DNS DDoS continues on the trend line established in 2014 – with tens of billions of malicious queries Internet-wide every day. Many of the domains attacked are lightly trafficked, but popular (Alexa 5000) domains are commonly targeted. For example alternative news sites, a university, and ecommerce sites have been attacked in the past couple of months. Attacks on popular domains require extra care when mitigating to avoid blocking legitimate queries.

Read more

Blog Post

DNS Amplification Attacks and Truncated Responses

By Erik Wu

Posted on June 12, 2015 in: Security

Tags: , ,

Nominum Research shows about 15% of DNS DDoS traffic is amplification yet it still has impact (the rest are random subdomains). Data also shows bad guys continue to leverage open DNS resolvers which after more than 2 years might be considered an “old-days” technique, yet there are still around 17 million of them on the Internet. More recently our research teams have seen bots sending amplification queries.

Read more

Blog Post

Software is Strategic, Hardware is Generic

By Thomas Orthbandt

Posted on December 16, 2013 in: Network, Security

Tags: , ,

Network Functions Virtualization (NFV) is getting a lot of attention in Telecom circles these days.  Initiated by leading providers around the world the NFV effort now has more than 150 participants crossing all of the functional boundaries in networking.   NFV has been motivated by the astonishing array of appliances that have crept into provider networks.  Even DNS appliances have emerged but the value proposition is almost exclusively around convenience rather than optimizing DNS for carrier environments.

Read more

Blog Post

DNS on Defense, DNS on Offense

By Thomas Orthbandt

Nominum Logo

Posted on April 18, 2012 in: Security

Tags: ,

Spam is a never-ending problem for service providers.  Unfortunately criminals can still make money at someone else’s expense so they persist in their mindless campaigns.  The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn’t get delivered to inboxes.

Read more

Blog Post

Smarter DNS Makes a Smarter Security Solution

By Thomas Orthbandt

Nominum Logo

Posted on December 20, 2011 in: Network, Security

Tags: , , ,

Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users.  New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS.  That’s raising an obvious question: “how in the world does the DNS become a security platform?”.

Read more

Blog Post

Resilient DNS: Maximizing Internet Performance and Preparing for DDOS (part 3 of 3)

By Thomas Orthbandt

Nominum Logo

Posted on December 8, 2011 in: Network, Security

Tags: , , , ,

Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS.  Some of the issues are similar, but ensuring security of Authoritative data also has to be considered.

Read more

1 2