The DDoS Attack That Caused an Extended Internet Outage
Yesterday a massive DDoS attack targeted the DNS service of the Dyn company, one of the most authoritative domain name system (DNS) provider, and caused an extended Internet outage. A large portion of Interner users was not able to reach most important web services, many websites like including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify were down for netizens in the US.

Manchester, New Hampshire-based Dyn Inc. said its data centers were hit by three waves of distributed denial-of-service attacks, which overwhelm targeted machines with junk data traffic. The attacks, shifting geographically, had knock-on effects for users trying to access popular websites across the U.S. even in Europe.

[Image: dyn.png]

The DNS DDoS attack started early on Friday morning, though Dyn reported that normal services had been restored by 13:20 UTC (9:20 am EDT), with another DDoS attack, detected approximately two and a half hours after that.

Quote:Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available. – Dyn

The security intelligence firm Flashpoint published an interesting post on the massive DDoS in which confirm that its experts have observed the Mirai bots driving the attack against DynDNS.

Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs’ blog “Krebs On Security” and French internet service and hosting provider OVH.” reads the analysis published by Flashpoint “Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks.

[Image: mirai-botnet.png]

The botnet source code was leaked on the hacking community Hackforums. The malware, dubbed ‘Mirai’ spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Instead of attacking and taking out an individual website for short periods of time, these hackers took down a massive piece of the internet backbone for an entire morning, not once but twice with new reports of a potential 3rd wave. At the moment there have been no claims of ownership for the attack nor has there been any concrete evidence of who perpetrated the attack.

And that kids, is why we use DNS replication. :)
Must admit, one hell of a DDoS attack! It's incredible to see how much DDoS has grown over the recent years.

Sadly, companies providing mitigation often don't have enough bandwidth to deal with the rapidly increased data transfer in DDoS attacks.
"I'm a gamer, not because I don't have a life... But because I choose to have many"

A huge company like DYN should have a ton of DDOS protection, especially when they are charging anything from $7/month to over $2,660/month.
It seems nowadays that budget providers care more about the service they provide.

Users browsing this thread: 1 Guest(s)