Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dyn Executive Responds To Friday's DDOS Attack (dyn.com)

Posted by EditorDavid on from the still-standing dept.

"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports: Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet locations...one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."

He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."
Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.

10 of 77 comments (clear)

  1. Lost business? by Z00L00K · · Score: 4, Insightful

    Is that really lost business or was it just a delay in the interaction for the customers?

    If shop's not available one day I'll wait a day or two to place my order. It's only if stuff is offline for a long period that it's really lost business because then I probably have gone elsewhere.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Lost business? by bookworm13 · · Score: 2

      You are forgetting advertising. You may not like it, but its still a major source of revenue for some businesses.

    2. Re:Lost business? by grep+-v+'.*'+* · · Score: 2

      Is that really lost business or ... If shop's not available one day I'll wait ...

      You're ignoring the "instant gratification" bit. Wait a day -- a DAY? You must be joking, I don't want to wait 2 seconds while the page loads. The only reason i can even stand to wait for it to be delivered is because I can track it in motion.

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    3. Re:Lost business? by hibiki_r · · Score: 2

      Of course it is: We see this pretty easily in the physical space when there's really bad weather, like a blizzard that makes travel difficult for 3 days. Businesses see a bit of a pickup afterwards, as some purchases just get delayed, but there's A LOT of economic activity that disappears.

      Imagine, for instance, that whoever processes credit cards for the Hillary campaign happened to have a catastrophic 4 hour outage around the last debate. Do you really think that the people that would have donated during the debate, or right after, are going to remember and donate just afterwards? I'd be very surprised of many didn't just give up at the time, and not remember to do the same, the day after.

  2. slashdot IoT sales banner by vocatan · · Score: 2

    Does anybody find it ironic to see the slashdot sales as for IoT cameras immediately above this sorry? Until we can somehow force vendors to responsibly patch, these devices have NO BUSINESS being on the web and we should boycott them. (Looking at you, AVTECH)

  3. Re:We Were Attacked! by sithlord2 · · Score: 5, Informative

    >> 7. People realise that running their own DNS is more resilient?

    LOL! You think so? Let's say your own DNS infrastructure is a victim of this attack with the same magnitude. Are you able to handle this?

    There is a easy solution: Don't make your DNS a single point of failure. Make sure your DNS records are mirrored on two different DNS providers, and make sure you list all IP addresses of both providers' DNS servers in your registrar's settings.

    That's what we did. We have our DNS records on Dyn and another provider. We barely were impacted.

    --
    ...You are over-qualified and under-paid. If we give you a raise, we will break the cosmic balance of the universe.
  4. Re: We Were Attacked! by chipperdog · · Score: 2

    When you run TTLs less than 150 (like many of Dyn's customers), your DNS is no longer decentralized and fault tolerant....if you don't change your records often, use a longer TTL. Much of the effect of this attach could have been mitigated by using a 1800 or longer TTL...as long as a few isp and other common caches can get one response for each record every half hour things keep working

  5. Re:We Were Attacked! by Junta · · Score: 2

    The problem is this philosophy tends to create targets of great value by putting so much infrastructure into so few places.

    It's been a curious development in the internet. In the 90s, there was a trend from walled gardens and centralized resources to more federated approaches. In the last decade, the trend has reversed.

    We have increasingly powerful endpoint devices, even as their form factors have shrunk. This *should* have led to the reduction of the importance of 'datacenters', but now they are more important than ever *and* so much function has been consolidated into 3 or so companies, and a handful of physical locations.

    Now it's not as bad if everyone at least had their infrastructure to bank on a couple of providers as you do (so long as they all don't bank on the *same* two, but generally there's only a couple of companies people go to.for services)..

    In a decentralized case, a random entity is doubtlessly unlikely to withstand such an attack, but also they are far less likely to be the target of such an attack (being a bonus effect of taking down a target versus *being* the target).

    --
    XML is like violence. If it doesn't solve the problem, use more.
  6. Re:how big was it? by guruevi · · Score: 2

    Dyn seems very quiet about a lot. They and their customers got their ass handed to them. This was pure incompetence on the hands of Dyn and many sites and services.

    DNS TTL 3600s or even 86400 (the gold standard back in the day) - because the cloud prides itself on individual machine uptime of 80% or less
    Single DNS provider - because the cloud prides itself on a single vendor being world-scale just by spreading out

    Twitter and co (still) has a TTL of 130s, way lower than RFC 6781 suggests and still has all their name servers at Dyn meaning they haven't learned anything yet.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  7. Re:We Were Attacked! by smallfries · · Score: 2

    Sure do.

    It spreads out the attack value over multiple targets. It is not about whether a set of smaller replacements for Dyn could withstand 1tb/s, it is about whether an attacker could muster n tb/s to attack a whole set of smaller providers at once in order to create the same amount of widespread damage. Do you think it makes sense to put all the eggs in one basket?

    --
    Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php