DDoS attack mitigation
Incident Report for NS1
Resolved
At this time, we are considering this incident resolved. While attack traffic has continued and we will remain in a defensive posture for the near term, there has been no impact to DNS delivery for an extended period. In case of further impact, we will open a new incident.
Posted over 2 years ago. May 18, 2016 - 09:56 UTC
Monitoring
We have returned to nominal status at this time and are continuing to monitor.
Posted over 2 years ago. May 17, 2016 - 18:57 UTC
Update
At this time we are back to nominal status, except we are filtering the bulk of traffic destined to our network sourced from Russia. We will relax the filtering as attack traffic subsides.
Posted over 2 years ago. May 17, 2016 - 18:49 UTC
Identified
The central European attack has returned and we are again adjusting in response to the attack. Updates will follow.
Posted over 2 years ago. May 17, 2016 - 18:27 UTC
Monitoring
The most recent attack has been fully mitigated and we are continuing to monitor.
Posted over 2 years ago. May 17, 2016 - 18:15 UTC
Identified
We are mitigating another attack affecting some users in central Europe at this time.
Posted over 2 years ago. May 17, 2016 - 18:11 UTC
Monitoring
At this time we are seeing full recovery following another attack in the European region. We are continuing to monitor the situation.
Posted over 2 years ago. May 17, 2016 - 12:23 UTC
Identified
We are observing a resurgence of attack traffic in the Europe region and are actively working to mitigate.
Posted over 2 years ago. May 17, 2016 - 11:42 UTC
Update
We continue to observe intermittent attacks across our infrastructure but are successfully mitigating at this time. While we remain in a defensive posture and do not currently expect any further impact, as a precautionary measure we will stay at an elevated alert status.
Posted over 2 years ago. May 17, 2016 - 03:21 UTC
Update
We are continuing to observe large and evolving attack traffic but are mitigating without impact at this time. We will provide updates if any impact to DNS delivery is observed.
Posted over 2 years ago. May 16, 2016 - 23:12 UTC
Update
We have adjusted our mitigation strategy in response to the latest attack, and are seeing normal traffic levels and no reported issues at this time.
Posted over 2 years ago. May 16, 2016 - 20:33 UTC
Monitoring
We are again seeing elevated attack traffic primarily in Europe. NS1 engineers are monitoring the situation closely and will mitigate as needed.
Posted over 2 years ago. May 16, 2016 - 19:53 UTC
Identified
We are observing a return of the attack traffic, primarily impacting the European region at this time. We are actively working to mitigate.
Posted over 2 years ago. May 16, 2016 - 19:52 UTC
Update
We have made several configuration changes with our upstream carriers in Europe and North America to adjust our routing strategy following reports of ongoing issues via specific paths. At this time both our internal and external telemetry shows full recovery. We remain in a defensive posture.
Posted over 2 years ago. May 16, 2016 - 19:02 UTC
Monitoring
At this point our internal tests show full recovery. We are continuing to verify all our systems but at this time services should be back to normal.
Posted over 2 years ago. May 16, 2016 - 18:01 UTC
Update
We are seeing recovery in most markets, but do continue to observe some packet loss in Europe and Western USA. We will continue to provide updates.
Posted over 2 years ago. May 16, 2016 - 17:01 UTC
Update
We are still working to mitigate the attack, and we continue to see some impact in Asia and the Americas, and greater impact in continental Europe.
Posted over 2 years ago. May 16, 2016 - 16:14 UTC
Update
We are continuing to work to mitigate the attack, which has evolved. We are seeing some impact in Asia and Western United States in addition to Europe at this time.
Posted over 2 years ago. May 16, 2016 - 15:54 UTC
Update
We are continuing to mitigate this attack. We are observing some traffic impact, primarily in Europe. We will continue to provide updates.
Posted over 2 years ago. May 16, 2016 - 15:15 UTC
Identified
We are observing a DDoS attack against the NS1 platform. The issue is being mitigated by engineers and we will post further updates here as soon as we have them.
Posted over 2 years ago. May 16, 2016 - 14:45 UTC