Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoS on Domain Registrar

Posted by ryuzaki0 on from the paint-by-numbers dept.

miller60 writes "Netcraft is reporting that 'domain registrar Joker.com says its nameservers have been hit with a massive DDoS attack, causing outages for customers. More than 550,000 domains are registered with Joker, meaning the outages could be widely felt. It's not clear why the DDoS is succeeding, as most registrars have implemented sturdy DDoS protection since the attack on the root nameserver system back in 2002.' Some security experts have warned in recent weeks about DNS recursion attacks as previously discussed here on Slashdot, which can amplify the power of attacks launched from botnets."

5 of 69 comments (clear)

  1. But why? by Minwee · · Score: 4, Interesting
    In case anyone has missed the significance of a major European domain registrar getting whacked right now, you should recall that the .EU domains go on sale to the public in about a week.

    If anything, I'm surprised that more regitstrars aren't being hit by this. Maybe they agreed to pay up instead.

  2. Not that surprising! by Anonymous Coward · · Score: 5, Informative

    Anyone that has had to deal with DDoS attacks against their networks lately should know that it isn't terribly uncommon to see DDoS attacks that saturate over 1Gbps of bandwidth. With a sizeable botnet, even if the registrar has two gigabit uplinks, it wouldn't be too difficult for an attacker to knock them compleetly offline. Take whatever DDoS prevention methods you want, if your upstream links are saturated... you're boned.

  3. Can still switch DNS servers by pixelbeat · · Score: 4, Informative

    Their website is still functional enough to allow
    one to change the DNS servers away from [abc].ns.joker.com
    I did this last for my domain.

  4. Getting sick of this by totya · · Score: 4, Interesting

    I think it's time for the sensible businesses to form an alliance to defend themselves from these DDOS attacks. We've got to be able to switch along storage, location, share the load among us. If there was a few dozen or hundred larger sites with huge pipes, then actions like this could be avoided. Virtualization looks like a very good help for this. Send along a vmware image to the emergency network, fire up the systems, vpn to the backend, and you're set. I know I oversimplify this, but I guess something along these lines could work (technically). Of course politics and such come into play, but if major players started to float this idea - again, I think it could work. Any thoughts (or flames)?

  5. Re:Considering... by arivanov · · Score: 5, Informative

    Can't really say anything about that, but a quick investigation of their DNS shows that it is not geographically distributed (RFC3258). OK, I do not have the tools to do it properly, but it does not look like.

    On top of that they do not look like they have their own connectivity to peering points in EU.

    So frankly, they look like they are ripe for the picking. It is utterly trivial to run a domain registrar out of several diverse locations using RFC 3258. A registrar that is not doing it is in clear need of a cluebat on the head several times. I hope that this DDOS finally delivers it.

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/