[192083] in North American Network Operators' Group
Re: Excessive Netflix DNS Traffic?
daemon@ATHENA.MIT.EDU (Velocity Lists)
Sat Oct 15 13:41:41 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CANsQFm8bs-q_-n3-zx_5-FSU8n4GSnGr3E4Y4KxvNeUQp8A8Mg@mail.gmail.com>
From: Velocity Lists <volists@staff.velocityonline.net>
Date: Sat, 15 Oct 2016 13:41:36 -0400
To: Eamon Bauman <eamon@eamonbauman.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We have seen it as well.
In our cases it is all TCP DNS traffic as well.
Velocity Online
850-205-4638
On Fri, Oct 14, 2016 at 11:43 AM, Eamon Bauman <eamon@eamonbauman.com>
wrote:
> We're rate limiting it now, but it's definitely bad behavior. When I open
> the flood gates, over a 5-min sample from a single host I received well
> over 61,000 queries.
> The size of the records being requested cause this to be an (unintended)
> amplification attack, as a 30Mbps inbound sum is getting amplified to
> 150-200Mbps outbound.
>
> On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <josh@kyneticwifi.com>
> wrote:
>
> > Same here :)
> >
> > On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sryan@arbor.net> wrote:
> >
> >> I was going to point you to the reddit thread about it, but it looks to
> >> be your thread :)
> >>
> >>
> >> Spencer Ryan | Senior Systems Administrator | sryan@arbor.net<mailto:
> >> sryan@arbor.net>
> >> Arbor Networks
> >> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> >> www.arbornetworks.com<http://www.arbornetworks.com/>
> >>
> >>
> >> ________________________________
> >> From: NANOG <nanog-bounces@nanog.org> on behalf of Eamon Bauman <
> >> eamon@eamonbauman.com>
> >> Sent: Thursday, October 13, 2016 10:26:57 AM
> >> To: nanog@nanog.org
> >> Subject: Excessive Netflix DNS Traffic?
> >>
> >> Hi all,
> >>
> >> Is anyone seeing excessive DNS traffic from game consoles (Xbox One,
> PS4)
> >> running Netflix? Starting 9/29 we have been seeing significant volume of
> >> DNS traffic from game consoles on our campus to our caching recursive
> >> boxes. Logs show repeated requests for api-global.netflix.com and
> >> nrdp.nccp.netflix.com.
> >>
> >> Anyone else experiencing this?
> >>
> >> Eamon
> >>
> >
>
