Code Room
On-callMediumoc-g142
Subject DdosLevel Mid–Senior~35 minCommon in Networking & APIs interviewsIndustries Technology, Telecom

Question

Your authoritative DNS and a couple of edge POPs go unreachable. The network dashboard shows inbound traffic at 380 Gbps — 50x normal — almost entirely UDP packets on source port 53 with spoofed sources, hitting your edge link to saturation. Your upstream transit provider just paged you about link congestion. No application servers are unhealthy; the problem is pure link saturation upstream of your boxes. It started 8 minutes ago with no deploy or product change. How do you triage and mitigate this volumetric attack?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.