Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Solutions Under Large-Scale DDoS Attack

Posted by Soulskill on from the but-they're-so-friendly dept.

netizen writes "CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers for the past 48 hours, potentially affecting millions of websites and emails around the world hosting their domain names on the company's servers. The NANOG mailing list indicates that it is due to a very large-scale UDP/53 DDoS which Network Solutions has also confirmed: 'There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.""

17 of 139 comments (clear)

  1. One must ask... by Anonymous Coward · · Score: 5, Funny

    Does Network Solutions have any network solutions?

  2. hummm by WillRobinson · · Score: 3, Interesting

    Rebooted the DNS server today cause things seemed funny ... maybe this is what it really was.

    1. Re:hummm by Anonymous Coward · · Score: 4, Informative

      Rebooting is what you do to Windows boxes. Unix is what you use for important things like DNS.

  3. Slashdotting will help how? by nwf · · Score: 5, Funny

    Nice we can link to something in their domain to further add to the DNS traffic! Maybe someone could find a link to download some huge file from their servers, too!

    --
    I don't know, but it works for me.
    1. Re:Slashdotting will help how? by epiphani · · Score: 4, Informative

      Hi! You're wrong. That would be Verisign.

      This is DNS hosting provided by Network Solutions for people who buy domains from them and choose to have them host the DNS rather than host it themselves.

      Thanks for playing.

      --
      .
  4. Shashi B at Network Solutions by shashib · · Score: 5, Informative

    Here is a update that we posted on the Network Solutions Blog (http://cli.gs/GEWSs0) : DNS queries for web sites should be responding normally. Thank you all for your understanding. As always, we will continue to work to take measures to prevent these and other types of technical issues caused by third parties that may impact our customers. Thanks, ShashiB

    --
    Social Media Swami | Network Solutions | http://blog.networksolutions.com
    1. Re:Shashi B at Network Solutions by TheSeer2 · · Score: 3, Funny

      A shortened url? On /.?

      http://blog.networksolutions.com/2009/potential-latency-on-network-solutions-dns/

  5. mistatement by WillRobinson · · Score: 3, Informative

    Actually I did change the forwarders and restarted the service, no reboot, just a bad description.

  6. Re:Someone should be fired! by ColdWetDog · · Score: 5, Funny

    is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

    I've heard that unplugging the network cable works OK.

    --
    Faster! Faster! Faster would be better!
  7. Re:Someone should be fired! by timmarhy · · Score: 3, Informative

    you can't prevent them. they come from legit clients that have been infected with a virus. you can block the traffic by dropping traffic that matches the attach pattern, that's about it.

    --
    If you mod me down, I will become more powerful than you can imagine....
  8. Re:Someone should be fired! by Anonymous Coward · · Score: 5, Insightful

    Do you even know what a DDoS attack is?

    If you did, you'd realize you can't both operate a service online, and be immune. The two things are mutually exclusive.

    The best you can do is slap the attack down when you see one happening. Even that isn't exactly easy. Banning a few million IP addresses tends to be a problem all by itself.

  9. Re:Downright Gibsonian by zappepcs · · Score: 5, Insightful

    You might be getting old, but reporting malicious attacks like the weather is a good thing. Some will get tired of it, but the good thing is that perhaps the average joe public user will become aware of how vulnerable their on-line experience and computer are. Fighting DDoS attacks has been done successfully, but it takes a lot of work, and a lot of hardware. There are a couple of stories on the Internet about such.

    The most recent botnet reports show that 100s of millions of PCs are infected with via a MS vulnerability that was fixed with a patch last year.

    We need to see the awareness level increased, and some serious attention to detail on the patch/upgrade cycles.

    --
    Support NYCountryLawyer RIAA vs People
  10. That would explain the surge in DDoS spray packets by Swordfish · · Score: 3, Interesting

    That would help to explain the surge in this kind of thing in the last few days.

    15:07:13.666770 IP 63.217.28.226.17498 > 158.64.65.65.53: 36407+ NS? . (17)
    15:07:13.750783 IP 63.217.28.226.61231 > 158.64.65.65.53: 46118+ NS? . (17)
    15:07:13.831834 IP 63.217.28.226.44626 > 158.64.65.66.53: 51544+ NS? . (17)

    Except that that source IP address doesn't look like a Network Solutions address to me.

    Is it possible that there is a DDoS technique where the source IP addresses on DNS packets to 3rd party DNS servers are spoofed so as to generate the appearance of an attack from a different source? I guess that's what they're saying. But it doesn't seem to multiply the power of an attack much. They just get 17 bytes of DNS response from each 17 byte request.

    It's all a bit confusing really....

  11. Re:That would explain the surge in DDoS spray pack by epiphani · · Score: 5, Interesting

    The problem seems to kick in for DNS servers that arent rejecting the queries. Someone is channeling ye 'ole smurfing methods.

    They're requesting a list of all DNS root servers. If the server don't reject the query, a 17 byte query becomes a 50k response (or something like that) to the spoofed address.

    --
    .
  12. Re:Someone should be fired! by totally+bogus+dude · · Score: 5, Funny

    ...and so ends the era of "useless use of cat"; now begins the era of "completely nonsensical attempt to use cat".

  13. Re:The Beginning? by Rayban · · Score: 4, Funny

    Damn whoever first started spelling that as "Cornfucker". I keep seeing that now - just waiting to say it accidentally.

    --
    æeee!
  14. Look for DNS/SSL/MITM attacks about now... by DamnStupidElf · · Score: 3, Interesting

    The only obvious reason to DDoS a bunch of DNS servers is if you're going to be doing some cache poisoning and mounting a massive MITM attack, and if you're lucky you recently obtained a trusted intermediate CA via an MD5 collision attack on a lousy root CA like RapidSSL.

    Has anyone bothered to petition Mozilla to remove all the offending root CAs with the weakness shown in MD5 considered harmful today?