Root Server DDoS Attack & How MANRS Can Help Thumbnail
Building Trust 10 December 2015

Root Server DDoS Attack & How MANRS Can Help

By Megan KruseFormer Director, Advocacy and Communications

The Internet’s root servers sustained a Distributed Denial of Service (DDoS) attack last week that is gathering quite a bit of media attention. We once again call on all network operators to consider implementing the actions outlined in the Mutually Agreed Norms for Routing Security (MANRS) document and signing on as supporters of the MANRS initiative.

Specifically, in this case we encourage Action #2: Prevent traffic with spoofed source IP addresses.

“Network operator implements a system that enables source address validation for at least single-homed stub customer networks, their own end-users, and infrastructure. Network operator implements anti-spoofing filtering to prevent packets with an incorrect source IP address from entering and leaving the network.”

From the Root Server incident report: “On November 30, 2015 and December 1, 2015, over two separate intervals, several of the Internet Domain Name System’s root name servers received a high rate of queries.” The report concludes with, “Source Address Validation and BCP-38 should be used wherever possible to reduce the ability to abuse networks to transmit spoofed source packets.”

While Source Address Validation and BCP-38 are certainly important, we believe a culture of collective responsibility is vital to maintaining the security of the Internet’s routing infrastructure. By signing onto MANRS and implementing all four Actions called for in the document, we can make progress!

[This post first appeared on the Routing Resilience Manifesto blog at https://www.routingmanifesto.org/2015/12/root-server-ddos-attack-how-manrs-can-help/.]

[Photo Credit: iStock]

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...