[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Excessive Netflix DNS Traffic?
- Subject: Excessive Netflix DNS Traffic?
- From: eamon at eamonbauman.com (Eamon Bauman)
- Date: Fri, 14 Oct 2016 10:43:03 -0500
- In-reply-to: <CAC6=tfafLMrwLcN3hrHVaB9V5ozaCaviy2AYFJBdryrhei2ARg@mail.gmail.com>
- References: <CANsQFm-VnSQmzAc=nrCuu8mc3dO0mQ5QZtOS_ZOQtAVbhqH6ZA@mail.gmail.com> <BN3PR0101MB1201BA378CDB9CA9DF43F91DB0DC0@BN3PR0101MB1201.prod.exchangelabs.com> <CAC6=tfafLMrwLcN3hrHVaB9V5ozaCaviy2AYFJBdryrhei2ARg@mail.gmail.com>
We're rate limiting it now, but it's definitely bad behavior. When I open
the flood gates, over a 5-min sample from a single host I received well
over 61,000 queries.
The size of the records being requested cause this to be an (unintended)
amplification attack, as a 30Mbps inbound sum is getting amplified to
150-200Mbps outbound.
On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <josh at kyneticwifi.com> wrote:
> Same here :)
>
> On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sryan at arbor.net> wrote:
>
>> I was going to point you to the reddit thread about it, but it looks to
>> be your thread :)
>>
>>
>> Spencer Ryan | Senior Systems Administrator | sryan at arbor.net<mailto:
>> sryan at arbor.net>
>> Arbor Networks
>> +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> www.arbornetworks.com<http://www.arbornetworks.com/>
>>
>>
>> ________________________________
>> From: NANOG <nanog-bounces at nanog.org> on behalf of Eamon Bauman <
>> eamon at eamonbauman.com>
>> Sent: Thursday, October 13, 2016 10:26:57 AM
>> To: nanog at nanog.org
>> Subject: Excessive Netflix DNS Traffic?
>>
>> Hi all,
>>
>> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
>> running Netflix? Starting 9/29 we have been seeing significant volume of
>> DNS traffic from game consoles on our campus to our caching recursive
>> boxes. Logs show repeated requests for api-global.netflix.com and
>> nrdp.nccp.netflix.com.
>>
>> Anyone else experiencing this?
>>
>> Eamon
>>
>