Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Godaddy DDoS Attack SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Godaddy DDoS Attack

Godaddy is currently experiencing a massive DDoS attack. As of this writing, the main GoDaddy Website is not reachable. There are reports of outages of GoDaddy hosted e-mail as well as hosted website. We will update this as we learn more.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler
FYI: This also effects ALL SSL certificate verification from GoDaddy, crippling a good portion of secure web pages at this time. -Al
Al of Your Data Center

80 Posts
Why would it? One of the beauties and faults of SSL verification is that when the CRL site is unavailable, the certificate is still accepted. We've got several EV certs with them and they are all still showing a green bar.

I would have expected the green bar to go away but it hasn't.

Do you have an example? Other than www.godaddy.com, of course. :-)
Anonymous
Yes that is true. Unavailable results in acceptance with warnings, but if the site answers slooooooowly and fragments the answer that will fail the lookup for quite some time. It seems GoDaddy is aware of this and prioritized, shut or failed over their SSL chain accept servers. Certificates were not working a short while ago. They are now. I do get validated chains when I test a CERT with OpenSSL so apparently that is now restored at least partially.
Al of Your Data Center

80 Posts
I would hope that GoDaddy has already informed the FBI and/or other appropriate authorities.
KBR

63 Posts
It looks like godaddy is moving their own domain around to try and get something back up. For a while their NS record was at Verisign, now it's secureserver.net.
KBR
11 Posts
We have our DNS hosted at GoDaddy. It appears to be back up now.
Shawn

29 Posts
FYI: GoDaddy's network status page is http://support.godaddy.com/system-alerts/
pogue

17 Posts
GoDaddy is back up and all, and thank you guys at the ISC for reporting this. In retrospect, would this have merited raising the Infocon to yellow? Assuming the media reports of "millions of sites" being impacted is true...
Anonymous
was this just a dos attack or likely an attack on the crl/secure cert chain to access who knows what?
Anonymous
What did Godaddy do to deserve this? And why disturb all the users?
carol

10 Posts
In answer to "Bill" I would say that any time a major Domain/DNS host like GoDaddy is attacked it should go to yellow. The perps may have been few, but the effects were pretty significant for a lot of companies. And it was not just their corporate web sites either; their e-mail to and from the outside world was off-line too.
KBR

63 Posts
GoDaddy is claiming it was not DDoS.
Rudy

1 Posts
According to GoDaddy, it was corrupted network routing tables.
Rudy
2 Posts
Here is a comment from GoDaddy.

Yesterday, GoDaddy.com and many of our customers experienced intermittent service outages starting shortly after 10 a.m. PDT. Service was fully restored by 4 p.m. PDT.
The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.
At no time was any customer data at risk or were any of our systems compromised.
PW

63 Posts
I further validate what pwobble said above.

I also wish to add that AnonymousOwn3r is a liar, and a fool. He earns NO points for his false claims.
HackDefendr

65 Posts
Is GoDaddy experiencing a new DDos Attack? Appears so...
HackDefendr
2 Posts
Is this from today and now. Godaddy has 130,000 sites down... Sounds like a DDoS Attack.
Including my company site...
HackDefendr
2 Posts

Sign Up for Free or Log In to start participating in the conversation!