It is ! They made specific tshirts for these videos :)

great question! This is why the AFM (Advanced Firewall Manager) can learn the subdomains of your web application and block the attack before it consumes all the resources when requesting illegitimate subdomains.

Hi there...if I understand the question correctly, you are asking if the attacker needs to know the IP address of your web server in order to attack using DNS Water Torture. This attack specifically targets the authoritative name server that would respond with the proper DNS information for your web server. So, the attack is not directly against the web server. Rather, it's against the name server that tells the Internet how to get to your web server. The idea is that, if the attacker can consume the resources of the authoritative name server for your website, then the name server can't respond to legitimate requests for your web server. Then, users won't be able to access your web server because they weren't given the proper DNS information (IP address) for how to access it. Hope this helps!

Hi Abhay, great question! A filter for the client side wouldn't work for this because there's no way to reach out and configure every possible client that might attack you in this situation. Specifically for the Mirai botnet, many of the clients would be things like a DVR, wireless camera, etc. These are many of the "Internet of Things (IoT)" devices that have been taken over by the Mirai botnet. So, while these internet-connected devices can send DNS requests on behalf of the botnet, it would be basically impossible to reach out and try to put a filter on each of them. This is why it's important to implement a firewall (like the BIG-IP AFM) to filter out these malicious requests. I hope this helps!

glad you enjoyed it!

glad you enjoyed it!