Excessive Netflix DNS Traffic?

Eamon Bauman eamon at eamonbauman.com
Fri Oct 14 15:43:03 UTC 2016


We're rate limiting it now, but it's definitely bad behavior. When I open
the flood gates, over a 5-min sample from a single host I received well
over 61,000 queries.
The size of the records being requested cause this to be an (unintended)
amplification attack, as a 30Mbps inbound sum is getting amplified to
150-200Mbps outbound.

On Thu, Oct 13, 2016 at 7:52 PM, Josh Reynolds <josh at kyneticwifi.com> wrote:

> Same here :)
>
> On Oct 13, 2016 1:09 PM, "Ryan, Spencer" <sryan at arbor.net> wrote:
>
>> I was going to point you to the reddit thread about it, but it looks to
>> be your thread :)
>>
>>
>> Spencer Ryan | Senior Systems Administrator | sryan at arbor.net<mailto:
>> sryan at arbor.net>
>> Arbor Networks
>> +1.734.794.5033 (d) | +1.734.846.2053 (m)
>> www.arbornetworks.com<http://www.arbornetworks.com/>
>>
>>
>> ________________________________
>> From: NANOG <nanog-bounces at nanog.org> on behalf of Eamon Bauman <
>> eamon at eamonbauman.com>
>> Sent: Thursday, October 13, 2016 10:26:57 AM
>> To: nanog at nanog.org
>> Subject: Excessive Netflix DNS Traffic?
>>
>> Hi all,
>>
>> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
>> running Netflix? Starting 9/29 we have been seeing significant volume of
>> DNS traffic from game consoles on our campus to our caching recursive
>> boxes. Logs show repeated requests for api-global.netflix.com and
>> nrdp.nccp.netflix.com.
>>
>> Anyone else experiencing this?
>>
>> Eamon
>>
>


More information about the NANOG mailing list