Thoughts on Cricket Liu’s DDoS Webcast

I’m always excited when I get to hear Cricket speak about DNS. Why? Because the man knows his stuff. Cricket Liu literally wrote the book on DNS and I first got to meet him back  in 2007 when I worked for Corporate Express. He is one of the few hyper-smart people that also possesses solid public-speaking chops and ability to story-tell.

Today’s Webcast was sponsored by InfoBlox; and it was titled ‘Lessons from the Latest DDoS attack’ ; referring to the Oct 21st attack that took out DYN, ( DNS provider ) for several hours. Companies who host their DNS through DYN were affected – and not available.

The take away I got from listening to Cricket today was – Redundancy!  Specifically, when Cricket highlighted adding Redundant Authoritative Name Servers across different providers to a company’s Architecture as a way to ensure availability when a single DNS provider is going through 3.2Gbps DD0S or other outage. ( e.g. deploy your Redundant Authoritative Name Servers in BOTH DYN and RackSpace have )

Cricket also talked briefly about Response Policy Zones as a DDoS defense, likening them to fancy customization blacklists with the added kick of being able to redirect that traffic elsewhere. Response Policy Zones  is a deep dive topic I will tackle in a future blog.

He talked about the IoT devices that made up the attack; and how they were conscripted by the Mirai code to become slavebots; due to poor password design / users not changing defaults.  Brian Krebs the best write up on this Cricket also mentioned something I had not heard anywhere else; and that was that many of the IoT devices are connected to high bandwidth links; each saturated with junk traffic.

Listening to someone, really listening, can tell you a lot about how they think. His simple, yet powerful advice on DNS provider redundancy is solid. I’m a believer. Redundancy is a topic we’ve covered here before when talking about Cloud Providers. I understand that it is a cost decision not to implement layers of redundant architecture; yet at some point – when weighing the risks; and likelihood of that risk manifesting [ DDoS ], it becomes more expensive not to implement redundant architectures.

This gets more interesting, DDoS attacks are growing – take a look ! I think we will see more DDoS defense tools / talks and news in the very near future.

Stay Protected!


This entry was posted in Cyber Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s