DOS Attacks On DNS Provider

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Monday November 25, 2002 @05:15AM from the going-after-the-big-boys dept.

Greedo writes "Seems like UltraDNS was hit with a denial of service attack this weekend. Since these are the guys who are supposed to be running the .ORG DNS, and in light of recent attacks on the gTLD roots, attacks against DNS servers should be treated very seriously. What kind of protection can be had? What happens when an attack like this brings down an entire TLD? Do you want to give control of an entire gTLD to one organization? Read a follow-up discussion on comp.protoocols.dns.std."

4 of 224 comments (clear)

Min score:

Reason:

Sort:

Very surprising by ekrout · 2002-11-25 05:23 · Score: 5, Informative

I have seen the UltraDNS ads here at Slashdot and thusly decided to read up on their techniques as well.

Basically, they urge large important Web sites to outsource its DNS needs to another company (them). Before this DOS attack on their servers, they provided near perfect stability, security, and performance. If I recall correctly, Hotmail, Forbes, and Oracle have already used the services of UltraDNS.

It's a shame that such a wonderful resource (the Internet) is so often abused by a few rowdy hackers and trolls.

Here is a whitepaper that describes their services in depth and explains the reasons for outsourcing one's DNS needs.

--

If you celebrate Xmas, befriend me (538
1. Re:Very surprising by Johannes · 2002-11-25 06:40 · Score: 5, Informative
  
  Disclaimer: I used to work at UltraDNS until a couple of months ago when I was laid off.
  
  The service provides a couple of advantages:
  
  Better latency. They use an anycast routing network which guarantees that a query to their DNS servers will be received and answered by the closest server based on the network topology. Even though there is only 2 published IP's for nameservers. There are some 16 servers scattered around the globe to answer on those IP's.
  
  Near real time database updates. They use an Oracle advanced replication network to get updates out to the other servers in near real time.
  
  Proprietary software. The only significant advantage here is that it's not BIND.
  
  All in all, it's about as good as DNS will get. Do you need it for your personal domain? Hardly. Do you need it for a popular domain like slashdot.org? Probably not.
  
  It works best for really large and really popular zones, like TLDs.
  
  However, it's still going to be better (albeit not as significantly) for your personal domain too.
  
  Anyway, bandwidth isn't really the issue with DNS. It's latency and availability.
  
  The problem with your example is that chances are, your DNS server in LA will be getting queries for Europe, which isn't all that ideal. Once again, is it that important? Not really.
  
  But it will work obviously.
Re:From the author of qmail comes.... by dbretton · 2002-11-25 05:39 · Score: 5, Informative

From the DJBDNS page...

Denial-of-service attacks. (BIND 9's fragility makes denial of service completely trivial; but an attacker can easily take down the Domain Name System without using any of BIND's bugs. The DNS architecture needs to be decentralized.)

Seems to me like DJBDNS wouldn't help a lick!

-D
There's something at internettrafficreport.com by Jugalator · 2002-11-25 06:04 · Score: 5, Informative

Look at this, especially that huge packet loss spike at 11/24...

Seems suspicious, although that site hasn't put up any news about it like they did with the major DNS attack a copule of weeks ago.

--
Beware: In C++, your friends can see your privates!