inc-ops-notifications - [InCommon NOTICE] Issue Resolved re: Internet2 is Experiencing Difficulties Impacting Some Applications
Subject: InCommon Operations Notifications
List archive
[InCommon NOTICE] Issue Resolved re: Internet2 is Experiencing Difficulties Impacting Some Applications
Chronological Thread
- From: Johnny Lasker <>
- To: "" <>
- Subject: [InCommon NOTICE] Issue Resolved re: Internet2 is Experiencing Difficulties Impacting Some Applications
- Date: Mon, 20 May 2024 20:59:11 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1Td8g88xaod0oct3iuopZzUa211IWL8lTohmoIF4p/0=; b=Osm7m6EIou5aHgoXkJbXkko/u2dcg5Lgkq7m1O4Y+pqKWlKdNZ92O7j4j7a3r1UFI4TFia0rKDyy5q9GgIZDR0q7JrkcE64ZALYFWAS6f5lgDmq1q4uA6VC+3jS+4Z/jSNDt13exz7HAs8ZyRSsKenM3pukR26mRSwa6BHja32WO06R0clSkv3JZvEpZy+EEzCh/w/bPBdSgAzOiWiZcj0Hg3H1aoNEQXRG+Cz1HUYQK1h4ocdBnc2c6CuPxW5fvDMC4ROAPAJVAC2uGXJB0YYur+mcagSr7LHJi9P4MGIBS1dN4pr4MPr3VKsu2dJ5MRg+X9ouCjR8nd8xGpxXQfg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GRgtfn222IX3JaTVkkuCfXrPXzzbGFbH8muZsliI19DjNI8r8BhycIfQUFAu+DqQOB3wa+T7uWD7INmTq/WJwPGiqBLOJwOL4/9TVsr1p7UQxhIDl7Ffy6js4cyKYwD67Wmbfp9UnjP8TUMGG9al2zeaVbMDBbB0mdoJqxRFkAf0Tjd48GLDz277GL40yU/ox3cdblJrVFMV3yAsrE2ODRTyyMMbVdlG3tTPC71KE1VRLeczqHnt82sFFGsOG9X4tc/1DSs+t7o9REuCE43gCuNi5wD24pQ/+FeIu0DoYdTG7cSjGchZ269oZ3ScZV6YZhO6C5VywElsa4sgsd5nFQ==
Starting May 11, 2024, Internet2 DNS infrastructure was the target of a Distributed Denial of Service (DDoS) attack.
The DDoS attack was designed in such a way that the volume and type of DNS requests would intermittently overwhelm specific DNS servers or, at times, the entire network of servers. This caused DNS resolution to be heavily delayed or disrupted entirely, resulting in severely degraded service for Internet2 and InCommon websites and applications, Confluence/Internet2 Wiki, and services that require InCommon federated authentication. The attack evolved and escalated over time.
An Internet2 team composed of security engineers, network engineers, and the trust and identity services engineering group completed an initial assessment that confirmed the nature and scope of the DDoS attack. The team then worked together to quickly implement a mitigation strategy and engaged with Radware for their cloud-based, volumetric DDoS mitigation service.
Technical Discussion Initially, the impact of the attack was negated through the use of on-host mitigation strategies; however, by May 16 it was clear that additional scrubbing would be required. As a result, the team worked over 24 hours to provision the appropriate infrastructure to connect the DNS environment to Radware’s scrubbing services and initiate scrubbing for both IPv4 and IPv6 resources. Additional time was required by Radware to adapt their scrubbing methodologies to best match the profiles of the incoming traffic.
By the afternoon of May 17, both Internet2's monitoring and Radware’s scrubbing portal began to show that full mitigation measures had taken effect. No further disruptions have been observed at the time of publishing this update.
Internet2 continues to monitor the situation and is in the process of determining next steps. Should you encounter any further issues, please contact us at
Johnny Lasker Principal Service Integration Engineer Internet2 Trust & Identity Pronouns: he, him, his
|
- [InCommon NOTICE] Issue Resolved re: Internet2 is Experiencing Difficulties Impacting Some Applications, Johnny Lasker, 05/20/2024
Archive powered by MHonArc 2.6.24.