2013/12/17 - DNS Denial of Service Attack

Tue, 17 Dec 2013 10:05:55 +0200

At approximately 11PM last night, the University's two DNS servers came under a sustained denial of service attack. The DNS servers are responsible for translating computer names into IP addresses, and without them, it becomes difficult or impossible to access network resources.

The servers responsible also provide DHCP responses, and are thus responsible for allocating IP addresses to computers on the local network. It is possible that this resulted in some desktop PCs and phones being unable to obtain an IP address.

The source of the denial of service was isolated at about 9.15AM this morning, and thus things are slowly starting to recover. People who's PC or telephone is not working should first attempt to reboot them.

guy

Tue, 17 Dec 2013 10:10:45 +0200

QUOTE(guy @ Dec 17 2013, 10:05 AM)

At approximately 11PM last night, the University's two DNS servers came under a sustained denial of service attack.

For interest, at the peak of this attack the two DNS servers were seeing a combined total of 1Gbps of DNS traffic, or approximately 25,000 requests per second. The attack was originated internally, from a computer that was most likely compromised. Thus the scope of the attack was limited only by the speed of the port that the computer in question was connected to.

post.5532691

noticeboard.ru.ac.za