How a DNS DDoS clogged my router
Posted on 2013-06-20
Can anyone explain to me why a small DDoS attack brought my internet connection to its knees? Last week I started receiving a larger number of DNS requests for the domain ddostheinter.net which caused a 60% loss of internet communications. I am using a Cisco 2821 router with a 30MB Ethernet connection to the ISP. At the maximum peak time, we were receiving approximately 265,000 requests per hour or about 72 per second. The incoming packet size is approximately 81 bytes with a return packets size of around 1.5 kBytes. With this low amount of traffic, our router should have been able to handle this just fine but it didn't . CPU utilization remained less than 15% at all times.