Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: DDOS - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free! DDOS

Another DDOS slipped by almost unnoticed (thanks Arnt). A report in  Datanews ( in Dutch) mentions that the .be domain was under attack last Sunday.  Requests were being made of the servers relating to MX records for other domains.  The .be name servers do not look after this information and correctly responded. However the end result was that two out of the 8 servers were overloaded. Even should the other servers be overloaded the TLD is anycast hosted and another 41 or so servers could jump into action.  Hence the attack went largely unnoticed by the public.

Mark H 


392 Posts
ISC Handler
Apr 5th 2011
This is a wrong article and the result of publishing before the facts are known. The facts are that a botnet was badly configured and so searched for wrong addresses over and over again. This has been established by and and was published a bit later.
also the dns infrastructure itself was never totally hampered. But it shows that ddos protection is now one of the priorities for every critital infrastructure and webservice.

Sign Up for Free or Log In to start participating in the conversation!