Category: DDoS Tools and Services

On DNS and DDoS

The global DNS infrastructure provides the critical function of mapping seeming random sets of numbers in IP addresses (like 1.1.1.1) to a name that an Internet consumer may recognize (like www.myfavoritestore.com).   To scale to a global level, the DNS system was designed as a multi-level reference network that would allow any user on the Internet to query a set of servers that will iteratively find where a specific domain is owned and get the name to IP address mapping from that location.  To accomplish this, it is made up of root servers controlling top level domains such as .com, .gov, and .org, Global Top Level Domains (TLDs) controlling regional domains such as .br, .fr and .uk, authoritative servers controlling specific domains such as myfavoritestore.com and a very large group of recursive resolvers that end user systems connect to.  A query from a user for a domain name would be sent to a recursive resolver and that resolver would work with the root, GTLD and varying levels of authoritative servers to track down the DNS authoritative server responsible for the domain from which it would receive a DNS reply.  This is a very high level and simplified representation of the most common way that DNS is used.

Read more

Amplifying Black Energy

Click here to download the full report. The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 […]

Read more

ATLAS October Snapshot

DDoS attack size continues to rise with average attacks hitting the 1.67 Gbps range, a rise of 72% year-over-year. This data comes from ATLAS, is an innovative partnership with our customers who share traffic data with us on an anonymous basis. It’s through ATLAS that […]

Read more