A “major volumetric DDoS attack” caused significant downtime for DNSimple with traffic up to 25 GB per second and about 50 million packets per second.
The attack on Monday on DNSimple was not directed at the website or any user, said founder Anthony Eden in a blog, who said that the traffic was sufficient enough to overwhelm the four DDoS devices it had placed in its data centres after a previous attack.
He said that analysis of the traffic discovered that the attack targeted random sub-domains under a specific target domain and included both UDP and TCP requests. Once it determined that the traffic could not be handled with the DDoS devices it had in place and that we would not be able to remove the delegation, it worked with providers to find a larger device.
“Our upstream provider had one such device, with capacity for 20GB in and 20GB out in their primary data centre,” he said. “We decided to try to put this device into production to see if it could act as a scrubber for all DNS traffic. All traffic would be sent to one data centre, thus losing the Anycast benefits, but this was better than having all systems remaining unresponsive.”
Following a series of technical failures and repeated attacks, Eden said that during the entire outage, team members traded off handling customer support, Twitter and updating our status page. “Keeping customers up-to-date is critical in an event like this, and everyone stepped in to make sure we did our best to keep the updates flowing,” he said.
“These sorts of attacks come with the business of hosting DNS services and for our failure to mitigate this attack faster we are deeply sorry. We are doing all we can to improve our response in situations like these in the future and hope to prevent such wide reaching effects of future attacks.”
According to research by Arbor Networks, one DDoS attack in Q2 reached 124Gbps while there were 133 attacks over 100Gbps this year so far.