digg

Facebook Connect Join Digg About

EveryDNS, OpenDNS Under Botnet DDoS Attack

securitywatch.eweek.com The attack started sometime Friday afternoon and, from all indications, was targeting Web sites that used the free DNS management services. "We were collateral damage," Ulevitch explained. "They were going after the DNS provider of these sites and we took the brunt of it."

Who dugg this? Made popular Dec 3, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

43 Comments

show profanity settings
expand all
  • TonyCubed, on 10/12/2007, -0/+27Bastards, I love OpenDNS :(
  • flag564, on 10/12/2007, -5/+26Someone should make a TV show about these guys who protect these networks. It would be as entertaining as 24.
  • gotamd, on 10/12/2007, -1/+14We need to stand up to the criminals. They use the internet for their activities and whenever any company or group of people has tried to stop them, they've been DDoS'd on a huge scale. They need to be stopped.
  • davidu, on 10/12/2007, -0/+13Here's a better explanation:
    http://blog.opendns.com/2006/12/03/opendns-recursive-dns-keeps-on-tickin-everydns-took-a-lickin/
  • jaydj, on 10/12/2007, -3/+16CSI:DNS?
  • davidu, on 10/12/2007, -0/+12Nothing. The attack wasn't against OpenDNS. This story is inaccurate.
  • davidu, on 10/12/2007, -1/+11FYI, This story is incorrect. OpenDNS was not affected. Our website was for like 30 minutes, but that was not related to OpenDNS. There was NO OpenDNS recursive DNS outage.
  • wilf_brim, on 10/12/2007, -1/+9What do these guys have against OpenDNS? I'm clearly missing something here.
  • sizza, on 10/12/2007, -0/+74x4 is 16 not 12.
  • jaydj, on 10/12/2007, -1/+6The network was crippled for 90 minutes. At the posting of the story they were STILL under attack.
  • davidu, on 10/12/2007, -1/+6Yes. But they aren't simple script-kiddies. HYIP scammers and worse.

    Usually run by organized crime syndicates.
  • inactive, on 10/12/2007, -0/+4This is retarded why would they do it to them?
  • shakin, on 10/12/2007, -0/+3I use EveryDNS for my web sites at work and I noticed the problem began Friday afternoon sometime after 4:00 pm. From about 5:30 pm through at least 9:00 pm EveryDNS was no longer serving DNS requests for my domains, so the outages was definitely much longer than 90 minutes.

    Still, the EveryDNS team did a great job to get their services running again pretty quickly. I'll make sure my boss makes a contribution to them on Monday.
  • Four20, on 10/12/2007, -1/+4it was only 90 minutes. . .they're lucky. I remember when our merchant account for UNS got attacked for almost an entire week.
  • brendanc, on 10/12/2007, -1/+4Actually, Qwest actually agrees with net neutrality... what have you been smoking?
  • brendanc, on 10/12/2007, -0/+3If your DNS is down, it won't serve you. Therefore all your name server lookups (e.g. typing digg.com into your browser) will not go through unless you still have your dns cache (most likely, if you're using windows)

    chances are for normal browsing you won't be affected at all, but if you try to visit new sites, you will be affected.
  • geronimo, on 10/12/2007, -1/+41.2gbit.

    I'm not a religious person but christ on a stick that's a lot. And that's just DNS traffic, I bet the traffic to the websites was even more. I'm curious what techniques ISPs or DNS service providers can use to stop this. Load balancers? Look for patterns and block that traffic?
  • davidu, on 10/12/2007, -0/+2I need to stop doing math while trying to route packets. clearly 4x4 is 16. Heh. 1.6gbps

    heh

    -david
  • geronimo, on 10/12/2007, -0/+2400mbit is a boatload of traffic. Wow. If you're a small site, that kinda traffic will do you in, not to mention the bandwidth fees. If this happens for over 33 hours with 95th percentile billing, you're screwed, your bandwidth fees could easily multiply by 100.. Instead of paying $100/mo you pay $10,000.
  • Cymrubeats, on 10/12/2007, -0/+2Cool....now the readers stretch the facts further than the press officers who write and submit the stories.
  • alphanerd, on 10/12/2007, -0/+2First the ddos and now the digg effect.
  • zephc, on 10/12/2007, -1/+3They all want to be king of the internets.
    1) DDoS
    2) ???
    3) Profit!!!
  • jer2eydevil88, on 10/12/2007, -0/+2Thanks David,

    I have been using OpenDNS for months and haven't noticed any outages so this article was a bit suprising.

    Best of luck to those guys at everydns and I hope that OpenDNS doesn't get hit by the same lame attack.
  • davidu, on 10/12/2007, -4/+5400mbps x 4 sites == 1200mbps == 1.2gbps

    :-)

    -david
  • r00tus3r, on 10/12/2007, -0/+1What kind of moron would try to bring down a free service? That stuff benefits all of us. That's like vandalizing a charity! Morons!
  • growler1, on 10/12/2007, -0/+1"I've always been concerned about PhishTank being a big target [for these kinds of attacks] but, in this case, we took a hit because someone else was the target."

    "We've figured out who these targets were and we've terminated a bunch of domains. We don't want to be the free DNS providers for miscreants on the Internet," he added.

    --So, is this script-kiddies attacking other script-kiddies?
  • growler1, on 10/12/2007, -0/+1"We need to stand up to the criminals. They use the internet for their activities and whenever any company or group of people has tried to stop them, they've been DDoS'd on a huge scale. They need to be stopped."

    +dig, and agree. But it would take a lot of white/grey hats to get it done, and they'd have to be organized, 'cause these folks sure as hell are. Plus, as davidu points out, it's serious horsehead-in-your-bed business.
  • atomic16, on 10/12/2007, -1/+2I use openDNS (after the pogue article) I know what a DDos attack is but how can this affect a user of openDNS?
  • netMASA, on 10/12/2007, -2/+3I bet the 90 min downtime was qwest's fault. They are against anything free that works and is fast.

    Qwest is the worst internet provider ever. They probably hired some hitman to try to slow down some servers.
  • eathan, on 10/12/2007, -0/+1As my own blog mentions http://penishero.blogspot.com/2006/12/botnet-web-mob-ddos-buttholes-you-suck.html my sites were taken out too. Can you tell I wasn't very happy about it...?
  • OrangeTide, on 10/12/2007, -0/+1Well it's down again, so the attack is still ongoing. this is pretty brutal. my domain comes and goes now. I think I should donate some money to EveryDNS or something.
  • sizza, on 10/12/2007, -1/+2"has been hit by a massive DDoS (distributed denial-of-service attack) that affected thousands of sites"

    "The 400mbps botnet attack did not affect the core recursive DNS resolution service offered by OpenDNS but the company's home page and corporate blog were crippled"

    So just how many sites went down, or where unreachable due to offline DNS servers again? Thousands or just 2?

    If they have a 400mbit pipe for all their customers DNS traffic, then they're obviously under allocated. However if only the company's home page and blog went offline, why is this news?
  • inactive, on 10/12/2007, -0/+1Valueweb got nailed. 45,000 domains down. Not sure if it was because of the DDOS but it is definitely a DNS issue.
  • inactive, on 10/12/2007, -0/+1I don't want to be in the bottom of a river any time soon.
  • OrangeTide, on 10/12/2007, -1/+1please explain.
  • nanoage, on 10/12/2007, -2/+2Cisco Riverhead Guard FTW!!
  • JimV, on 10/12/2007, -2/+1No, it wouldn't.
  • lambright, on 10/12/2007, -2/+1Our http://sfsurvey.com got hit by it, we were living off DNS caching between 1:00PM and 3:30, then our other solution kicked in. http://sfsurvey.com/talk/forum_posts.asp?TID=20&PN=1
  • brendanc, on 10/12/2007, -3/+2if 2 out of the four sites are on the same connection then: 400 + 400 + 400

    so, it could be 1.2gbps
  • ReliableSource, on 10/12/2007, -2/+1Could it have anything to do with this?:

    http://today.reuters.com/news/articlenews.aspx?type=businessNews&storyid=2006-12-01T021743Z_01_WBT006236_RTRUKOC_0_US-SECURITY-USA-QAEDA.xml&src=rss&rpc=23

    Thu Nov 30, 2006 9:17pm ET21
    WASHINGTON (Reuters) - The U.S. government warned American private financial services on Thursday of an al Qaeda call for a cyber attack against online stock trading and banking Web sites beginning on Friday, a source said. ***
    ----
    I know these aren't 'financial institutions' per se, but some in the world view the entire US as a 'financial institution'.

  • dbr_onix, on 10/12/2007, -5/+2*Clicks non-existant comment delete button*
  • secretivecoward, on 10/12/2007, -4/+1Marked as inaccurate
  • runedude, on 10/12/2007, -8/+1TV Show about this stuff? Sounds great.
    but anyways.. my DNS provider, pmsdns.org, also died sometime today - but only for a few hours. Are these attacks related?

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.