Network Solutions Under Large-Scale DDoS Attack 139
netizen writes "CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers for the past 48 hours, potentially affecting millions of websites and emails around the world hosting their domain names on the company's servers. The NANOG mailing list indicates that it is due to a very large-scale UDP/53 DDoS which Network Solutions has also confirmed: 'There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.""
Re:hummm (Score:4, Informative)
Rebooting is what you do to Windows boxes. Unix is what you use for important things like DNS.
Re:Red headlines? (Score:3, Informative)
Shashi B at Network Solutions (Score:5, Informative)
mistatement (Score:3, Informative)
Actually I did change the forwarders and restarted the service, no reboot, just a bad description.
perfect (Score:2, Informative)
A perfect opportunity to use that normally B.S. excuse: "Why, no, I didn't get your email. Must've been because of that DDoS attack on the name servers."
Re:Someone should be fired! (Score:3, Informative)
Re:Slashdotting will help how? (Score:5, Informative)
Hi! You're wrong. That would be Verisign.
This is DNS hosting provided by Network Solutions for people who buy domains from them and choose to have them host the DNS rather than host it themselves.
Thanks for playing.
Re:Downright Gibsonian (Score:2, Informative)
Re:That would explain the surge in DDoS spray pack (Score:2, Informative)
Don't block the requests, the requester IP is spoofed so that DNS servers which respond with root hints forward them to the innocent party, causing DoS. Vlocking the IP just blocks the innocent party's DNS servers. Just make sure that you don't respond external recusive queries.
Re:Someone should be fired! (Score:3, Informative)
Not quite - you're thinking of older versions. Modern versions of Peakflow are teamed with TMS (Threat Management System), which allow you to mitigate DDoS attacks.
From their website, "Surgical Mitigation Arbor Peakflow SP TMS enables you to automatically detect and surgically remove only the attack traffic while maintaining legitimate business traffic â" thereby ensuring the highest level of customer satisfaction."
http://www.arbornetworks.com/en/threat-management-system.html [arbornetworks.com]
Re:Slashdotting will help how? (Score:3, Informative)
*pssst* Verisign owns Network Solutions owns .com
That hasn't been true in years.
NSI originally operated the .com/net/org/edu registry and was the sole registrar; after they started allowing competing registrars, Verisign bought NSI, then Verisign spun off NSI as a registrar but kept the registry. NSI now competes on even footing with other registrars (except NSI's customer base dates back to before competition existed).
I'm tired, I'll let somebody else correct my oversimplifications and misstatements. :-)
Re:That would explain the surge in DDoS spray pack (Score:3, Informative)
Exactly. The attacker spoofs UDP DNS queries and sends them to third-party DNS servers. They respond to the spoofed, victim's nameservers. The idea is that the attacker sends a small packet which induces a large response ('amplification') from the third party to the victim.
Incidentally when did Network Solutions change their name to "IsPrime"?