Image

Image

The DNS requests had source IP addresses belonging to recursive DNS servers, obfuscating the originating host(s) or attacker, and were largely for non-existent subdomains of the targeted website. During a sample three minute window, 24 IP addresses used by recursive DNS servers made 2,121 DNS requests. A small sample of the DNS request traffic contained roughly 1,020 requests for unique subdomains, of which 956 were single requests for non-existent subdomains which appeared to be randomly generated.At the end of its PIN, the FBI provided some mitigation techniques that organizations can use to defend themselves against a DDoS attack. It specifically recommended that organizations implement automated patching of their operating system, web browser and software. Additionally, the FBI urged organizations to develop an incident response plan that included a DDoS mitigation strategy. This anti-DDoS plan should consist of several elements. First, organizations should invest in technology, expertise and training to help them determine the difference between a potential DDoS attack and a normal spike in network or web traffic. They should then use this familiarity to notify their Internet Service Provider if they suspect a potential attack is in progress. Organizations can use this resource to learn additional tips that will help them defend against a DDoS attack.