Network Solutions Under Large-Scale DDoS Attack

netizen writes "CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers for the past 48 hours, potentially affecting millions of websites and emails around the world hosting their domain names on the company's servers. The NANOG mailing list indicates that it is due to a very large-scale UDP/53 DDoS which Network Solutions has also confirmed: 'There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.""

One must ask...

Does Network Solutions have any network solutions?

Slashdotting will help how?

[nwf]

Nice we can link to something in their domain to further add to the DNS traffic! Maybe someone could find a link to download some huge file from their servers, too!

Re:Slashdotting will help how?

[epiphani]

Hi! You're wrong. That would be Verisign.

This is DNS hosting provided by Network Solutions for people who buy domains from them and choose to have them host the DNS rather than host it themselves.

Thanks for playing.

Re:hummm

Rebooting is what you do to Windows boxes. Unix is what you use for important things like DNS.

Shashi B at Network Solutions

[shashib]

Here is a update that we posted on the Network Solutions Blog (http://cli.gs/GEWSs0) : DNS queries for web sites should be responding normally. Thank you all for your understanding. As always, we will continue to work to take measures to prevent these and other types of technical issues caused by third parties that may impact our customers. Thanks, ShashiB

Re:Someone should be fired!

[ColdWetDog]

is there a way to completely "immunize" oneself against such attacks? If so, where is the howto?

I've heard that unplugging the network cable works OK.

Re:Someone should be fired!

Do you even know what a DDoS attack is?

If you did, you'd realize you can't both operate a service online, and be immune. The two things are mutually exclusive.

The best you can do is slap the attack down when you see one happening. Even that isn't exactly easy. Banning a few million IP addresses tends to be a problem all by itself.

Re:Downright Gibsonian

[zappepcs]

You might be getting old, but reporting malicious attacks like the weather is a good thing. Some will get tired of it, but the good thing is that perhaps the average joe public user will become aware of how vulnerable their on-line experience and computer are. Fighting DDoS attacks has been done successfully, but it takes a lot of work, and a lot of hardware. There are a couple of stories on the Internet about such.

The most recent botnet reports show that 100s of millions of PCs are infected with via a MS vulnerability that was fixed with a patch last year.

We need to see the awareness level increased, and some serious attention to detail on the patch/upgrade cycles.

Re:That would explain the surge in DDoS spray pack

[epiphani]

The problem seems to kick in for DNS servers that arent rejecting the queries. Someone is channeling ye 'ole smurfing methods.

They're requesting a list of all DNS root servers. If the server don't reject the query, a 17 byte query becomes a 50k response (or something like that) to the spoofed address.

Re:Someone should be fired!

[totally+bogus+dude]

...and so ends the era of "useless use of cat"; now begins the era of "completely nonsensical attempt to use cat".

Re:The Beginning?

[Rayban]

Damn whoever first started spelling that as "Cornfucker". I keep seeing that now - just waiting to say it accidentally.