UPDATE 05/02/14 9:30 am: This article has been updated with a statement from Neustar DNS and new information about the size of the attack.
Neustar UltraDNS has mitigated a DDoS attack targeted at one customer that reached over 200Gbps, bringing down its DNS service for several hours on Wednesday.
According to the SANS Institute’s Internet Storm Center, who had monitored the attack, the DDoS was launched Wednesday morning at around 10:45 PT. By 11 pm, UltraDNS had mitigated most of the attack.
The following is a statement sent via email from a spokesperson for Neustar DNS: “The Neustar UltraDNS network experienced a massive DDoS attack on April 30. We are still conducting a detailed forensic analysis of the data but I can tell you that the initial attacks began against a specific customer late in the evening on April 29. The attacks continued to change vectors and targets and increased in volume. We saw multiple traffic spikes over 200 Gbps and at one point, we saw over 250 Gbps at our edges. And this was seen after our transit providers had already trimmed traffic and dealt with much larger numbers at their edge in an attempt to lessen the negative impact to their networks.”
“We are still in the process of analyzing the attack data and will provide further details as they become available. We will also continue to provide frequent updates to customers via email and to the community at @ultraDNS on Twitter,” the spokesperson said.
Some customers were critical of UltraDNS’ response to the attack, as it didn’t start communicating with customers until after the attack was underway.
Customers appreciate truth and transparency when dealing with attacks. Although the company did eventually provide updates to customers through its normal customer notification process, it didn’t post any detailed information on its website, Twitter or Facebook page. 123-reg followed a similar pattern of non-disclosure in a recent DDoS attack.
DDoS attacks are growing in size, and a report released last week by Neustar showed that the number of attacks between 1-5 Gbps in size grew by 150 percent in 2013.