| i think there is a larger strategy at play. this is pure speculation and anecdote. recently there has been an aggressive uptick of dns ddos attacks against smaller companies/service providers that run their own dns infrastructure. this includes small/regional internet service providers and individual sites/hosts that still run their own servers. in almost all of these cases that i'm aware of, the smaller companies immediately outsourced their dns services to a larger company, one that ostensibly is able to either absorb, scrub, or otherwise defend against these types of attacks. extrapolating to a global scale, what's happening is a forced consolidation of dns infrastructure into a handful of large players. even in the case of having redundant providers, it's usually two very large providers. and as we just saw today, a terabit-level attack is not something we can readily defend against. what if there's even more in reserve? in other words, we're putting all of our eggs into one basket. and someone is aggregating enough attack capacity to take out nearly the entire internet at once. it doesn't help that everyone is voluntarily consolidating their infrastructure onto a small handful of public cloud providers. we are setting ourselves up for a massive internet outage. |