[192074] in North American Network Operators' Group
Re: Excessive Netflix DNS Traffic?
daemon@ATHENA.MIT.EDU (Eamon Bauman)
Fri Oct 14 11:43:07 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAC6=tfafLMrwLcN3hrHVaB9V5ozaCaviy2AYFJBdryrhei2ARg@mail.gmail.com>
From: Eamon Bauman <eamon@eamonbauman.com>
Date: Fri, 14 Oct 2016 10:43:03 -0500
To: Josh Reynolds <josh@kyneticwifi.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We're rate limiting it now, but it's definitely bad behavior. When I open
the flood gates, over a 5-min sample from a single host I received well
over 61,000 queries.
The size of the records being requested cause this to be an (unintended)
amplification attack, as a 30Mbps inbound sum is getting amplified to
150-200Mbps outbound.
On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <josh@kyneticwifi.com> wrote:
> Same here :)
>
> On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sryan@arbor.net> wrote:
>
>> I was going to point you to the reddit thread about it, but it looks to
>> be your thread :)
>>
>>
>> Spencer Ryan | Senior Systems Administrator | sryan@arbor.net<mailto:
>> sryan@arbor.net>
>> Arbor Networks
>> +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> www.arbornetworks.com<http://www.arbornetworks.com/>
>>
>>
>> ________________________________
>> From: NANOG <nanog-bounces@nanog.org> on behalf of Eamon Bauman <
>> eamon@eamonbauman.com>
>> Sent: Thursday, October 13, 2016 10:26:57 AM
>> To: nanog@nanog.org
>> Subject: Excessive Netflix DNS Traffic?
>>
>> Hi all,
>>
>> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
>> running Netflix? Starting 9/29 we have been seeing significant volume of
>> DNS traffic from game consoles on our campus to our caching recursive
>> boxes. Logs show repeated requests for api-global.netflix.com and
>> nrdp.nccp.netflix.com.
>>
>> Anyone else experiencing this?
>>
>> Eamon
>>
>
