Starting May 11, 2024, Internet2 DNS infrastructure was the target of a Distributed Denial of Service (DDoS) attack.
The DDoS attack was designed in such a way that the volume and type of DNS requests would intermittently overwhelm specific DNS servers or, at times, the entire server group. This caused DNS resolution to be heavily delayed or disrupted entirely, resulting in severely degraded service for Internet2 and InCommon websites and applications, Confluence/Internet2 Wiki, and services that require InCommon federated authentication. The attack evolved and escalated over time.
An Internet2 team composed of security engineers, network engineers, and the trust and identity services engineering group completed an initial assessment that confirmed the nature and scope of the DDoS attack. The team then worked together to quickly implement a mitigation strategy and engaged with Radware for their cloud-based, volumetric DDoS mitigation service.
Technical Discussion
Initially, the impact of the attack was negated through the use of on-host mitigation strategies; however, by May 16 it was clear that additional scrubbing would be required. As a result, the team worked over 24 hours to provision the appropriate infrastructure to connect the DNS environment to Radware’s scrubbing services and initiate scrubbing for both IPv4 and IPv6 resources. Additional time was required by Radware to adapt their scrubbing methodologies to best match the profiles of the incoming traffic.
By the afternoon of May 17, both Internet2’s monitoring and Radware’s scrubbing portal began to show that full mitigation measures had taken effect. No further disruptions have been observed at the time of publishing this update.
Internet2 continues to monitor the situation and is in the process of determining next steps. Should you encounter any further issues, please contact us at network@internet2.edu
This update was made at 12:08 p.m. ET on Monday, May 20, 2024.
We have implemented mitigation measures for the recent technical difficulties that may be impacting your access to all services supported by DNS within the Internet2 and InCommon websites and applications, and while these initial steps have stabilized the situation, our team is continuing to monitor the systems closely.
Thank you for your continued patience and understanding. We will provide additional updates as soon as the situation is resolved. Immediate questions may be directed to network@internet2.edu.
This update was made at 4:45 p.m. on Friday, May 17, 2024.
Internet2 is currently experiencing technical difficulties that may be impacting your access to all services supported by DNS within the Internet2 and InCommon websites and applications, Confluence/Internet2 Wiki, and services that require InCommon federated authentication.
Internet2 is working diligently to resolve the issue as quickly as possible. Thank you for your patience and understanding. We will provide updates as soon as the situation is resolved. Immediate questions may be directed to network@internet2.edu.
This update was made at 3:56 p.m. on Thursday, May 16, 2024.