Tabletop Exercise - May 2016

Scenario:

Your agency has received various complaints about slow Internet access and that your website is inaccessible. After further investigation, it is determined that your agency is a victim of a DNS amplification attack which is currently overwhelming your DNS server and network bandwidth. An overwhelming large number of Internet spoofed IP addresses are involved in the attack.
 
What do you do?
 

Items to discuss:

  • Who would the help desk notify?
  • How would you confirm the claim?
  • Who would you call to address the scenario?

Items to report:

  • Did communications flow as expected?  If not, why?
  • Were processes and procedures followed?
  • Were there any surprises?
  • How well did the exercise work for your organization?