Home / Blogs

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

Click to Enlarge / Download PDFIt has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we've ever observed and mitigated — an attack over 300 Gbps against one of our Media and Entertainment customers.

This attack is significant for a number of reasons and I encourage you to read a detailed recounting of the attack timeline as well as the various trends we track in the report.

Here are a few highlights:

  • Verisign saw a 216 percent increase in average peak attack size over Q1 2014 and a 291 percent increase in average peak attack size year over year.
  • Overall, Verisign saw an 87 percent increase in peak DDoS attack size year over year.
  • Attacks in the 5-10 Gbps range increased 33 percent and attacks greater than 10 Gbps increased 16 percent.
  • 65 percent of attacks were greater than 1 Gbps.
  • Media and Entertainment was the most targeted industry, followed closely by IT Services/Cloud/SaaS, both making up 84 percent of all attacks mitigated in Q2.

If you'd like to read about what we saw in Q1, you can access that report here.

By Danny McPherson, Executive Vice President and Chief Security Officer at Verisign

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


dns resolution By Carl Byington  –  Aug 14, 2014 8:09 am PDT


Trying to resolve that URL, we need:

dig www.verisigninc.com ns @a1.verisigndns.com. +edns +norecur
www.verisigninc.com.  600 IN NS gslb.shared-fo.brn1.verisign.com.

dig www.verisigninc.com a @gslb.shared-fo.brn1.verisign.com. +edns +norecur
www.verisigninc.com.  30 IN A

dig www.verisigninc.com ns @gslb.shared-fo.brn1.verisign.com. +edns +norecur
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48652

dig www.verisigninc.com a @gslb.shared-fo.brn1.verisign.com. +edns +norecur +nsid
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 338

The load balancer at gslb.shared-fo.brn1.verisign.com does not know about NS records, and it chokes on edns options. See rfc5001 from 2007. One might think that verisign could handle an option that was standardized 7 years ago.

Add Your Comments

 To post your comments, please login or create an account.



Brand Protection

Sponsored byAppdetex

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign


Sponsored byVerisign


Sponsored byWhoisXML API


Sponsored byThreat Intelligence Platform