|
Dyn.com, a popular dynmic DNS provider and provider of commercial managed DNS services is currently experiencing a massice DDoS attack. As a result, many sites that are using Dyn.com's services are experiencing issues. Affected are not just home/hobby sites that traditionally use dynamic DNS services, but also large "name brand" sites that use Dyn.com's managed DNS service. For example Twitter, Spotify, Etsry, Github and others (domains hosted by Dyn.com often use *.dynect.net name servers) You can find status updates from Dyn.com here: https://www.dynstatus.com --- |
Johannes 4350 Posts ISC Handler Oct 21st 2016 |
| Thread locked Subscribe |
Oct 21st 2016 5 years ago |
|
I don't have any IOT gadgets to exploit, but clearly lots of people do. Please have one of your experts write a tutorial about how homeowners or small businesses can use their firewall or router to block out-bound, inappropriate, traffic from IOT crap they have on their network. Obviously this needs to evolve to be more effective, but what can we do NOW?
|
Bill 1 Posts |
| Quote |
Oct 21st 2016 5 years ago |
|
The scale of this is quite astounding; it's even reached mainstream news media as a banner article: http://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html
|
amcgregor 11 Posts |
| Quote |
Oct 21st 2016 5 years ago |
|
That is the price we ar paying for the concentration in internet business...
|
amcgregor 2 Posts |
| Quote |
Oct 21st 2016 5 years ago |
|
This is the price we are paying for the ongoing concentration among ISP's. Defense from DDOS need Distributed Internet Service Providers ...
|
amcgregor 2 Posts |
| Quote |
Oct 21st 2016 5 years ago |
|
Curious to know Dyn DNS setup. NSLOOKUP lists 7 name servers for Dyn. Are they using Anycast DNS, Geo DNS or other means to protect against attacks?
If a site is well protected, the attacker can still bring it offline by attacking the name servers. Most company sites have anti-DDoS protection, but how well do they secure their DNS services? Will we see more attacks via a company's DNS servers? Something to think about... |
Mike7 43 Posts |
| Quote |
Oct 22nd 2016 5 years ago |
|
Just for the record ...
Some of the affected sites "rely" on DYN, and some "use" DYN ... CNBC.com nameserver = ns1.p24.dynect.net CNBC.com nameserver = ns2.p24.dynect.net CNBC.com nameserver = ns3.p24.dynect.net CNBC.com nameserver = ns4.p24.dynect.net Amazon.com nameserver = ns1.p31.dynect.net Amazon.com nameserver = ns2.p31.dynect.net Amazon.com nameserver = ns3.p31.dynect.net Amazon.com nameserver = ns4.p31.dynect.net Amazon.com nameserver = pdns1.ultradns.net Amazon.com nameserver = pdns6.ultradns.co.uk Twitter.com nameserver = ns1.p34.dynect.net Twitter.com nameserver = ns2.p34.dynect.net Twitter.com nameserver = ns3.p34.dynect.net Twitter.com nameserver = ns4.p34.dynect.net Spotify.com nameserver = ns2.Spotify.com Spotify.com nameserver = ns3.Spotify.com Spotify.com nameserver = ns4.Spotify.com Spotify.com nameserver = ns5.Spotify.com PayPal.com nameserver = ns1.p57.dynect.net PayPal.com nameserver = ns2.p57.dynect.net PayPal.com nameserver = pdns100.ultradns.net PayPal.com nameserver = pdns100.ultradns.com PayPal.com nameserver = ppns1.phx.PayPal.com PayPal.com nameserver = ppns2.phx.PayPal.com Netflix.com nameserver = ns-81.awsdns-10.com Netflix.com nameserver = ns-659.awsdns-18.net Netflix.com nameserver = ns-1372.awsdns-43.org Netflix.com nameserver = ns-1984.awsdns-56.co.uk Hmm. SPOTIFY (currently) has no reliance on DYN. Did they migrate away? |
Anonymous |
| Quote |
Oct 22nd 2016 5 years ago |
|
A number of customers did migrate away, including GitHub. I can't confirm Spotify specifically migrated DNS providers to mitigate, but it stands to reason.
|
amcgregor 11 Posts |
| Quote |
Oct 22nd 2016 5 years ago |
|
Besides using multiple DNS providers, any other best practices, such as the TTL value?
|
Steve 5 Posts |
| Quote |
Oct 24th 2016 5 years ago |
|
see the "Briefing" article for a bit more about this. But TTLs are tricky. Long TTLs will limit the damage of a DDoS attack against your DNS service, but they can make it harder to mitigate an attack against your Web or Mail server. It is important to find the right balance. I don't think there is a "one size fits all" solution.
|
Johannes 4350 Posts ISC Handler |
| Quote |
Oct 24th 2016 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
