Network Solutions Hit With DDoS

New submitter Landy DeField was the first of many of write in about Network Solutions' website and DNS outage: "If your website does not load this morning you need to ask yourself do we use Network Solutions? Because all of their servers are all currently down. You can confirm this by visiting this site." The only solid information from Network Solutions is a post on their Facebook page: "Network Solutions is experiencing a Distributed Denial of Service (DDOS) attack that is impacting our customers as well as the Network Solutions site. Our technology team is working to mitigate the situation. Please check back for updates." There have been several reports that the outage is causing hosted DNS to fail, leading to a number of unresolvable websites.

Re:

[xevioso]

tl;dr

Do Not Use

[Anonymous Coward]

I do not use Network Solutions DNS service. I use Google's, which is almost always up.

Re:Do Not Use

[hawguy]

I do not use Network Solutions DNS service. I use Google's, which is almost always up.

If you're ok with "almost" always up, Network solutions is almost always up too.

Re:

[Anonymous Coward]

I do not use Network Solutions DNS service.

I do not use any Network Solutions service. They've been pretty shitty in the past and I can't think they'll ever be trustworthy.

They should check to see if this DDoS is coming from some of their own customers.

Re:

[Stunt Pope]

Google's public DNS is a resolver service, Netsol's outage affects their authoritative servers.

Re:

[davester666]

That's because Google doesn't use a VIC-20 to host it.

Deserved

[PiSkyHi]

Probably all those cheeky sales strategies like auto-renewal at any price without confirmation. A free email box that turns into a paid one and can only be cancelled with a support ticket. Shit like that certainly annoys me.

Re:

[Ravaldy]

You forget the reserving of domains after you check for availability so that you can only purchase it from them.

Re:

[PRMan]

Register.com doesn't do this, to my knowledge.

Re:

[sound+vision]

Not all - in fact the sure the majority of them don't do this. Besides Network Solutions, eNom, and a few others, many domain registration sites out there aren't fully-fledged registrars. Even if the only name you see in a WHOIS lookup is the company you directly paid for the registration, there's a good good chance they use another registrar on the back end. Essentially these companies are just resellers. They pay $6 or whatever for the domain, then charge you $12 for it. This means that even if you choose

Re:

[sjames]

Network solutions has been a festering carbuncle on the ass of the interbnet since before ICANN (ICAN'T) existed.

Re:

[Anonymous Coward]

Probably all those cheeky sales strategies like auto-renewal at any price without confirmation.

Worse, each domain you register has a separate credit card record. So when you update your expiration date, you have to remember to update it on ALL of your domains. Or else your domains will expire and cost you an $80 ransom each.

Bastards.

So I switched all my domains to Namecheap and am now much happier. Especially now.

I can confirm

[AvitarX]

that the hosted DNS is down.

This article popped up as I was recreating a zone because of it, best to be off of their hosted DNS anyway.

Re:

[NewWorldDan]

Yep. Having issues here as well. Not good, but surprisingly I haven't had any calls from angry customers yet.

Re:

[afidel]

It doesn't matter who you transfer your zones to, you need two providers if you want to have reliable DNS these days because basically all the big DNS players have had DNS amplification attacks against them at least once in the last year. We switched off AT&T to DNS Made Easy when AT&T suffered a similar attack about 9 months ago but given the frequency of these attacks it's probably just a matter of time until they get hit as well so I'm going to setup secondary zone transfers to a second provider.

Re: I can confirm

[AvitarX]

Ours is on the same server as the website.

Everyone is in Luck

[cyberpocalypse]

Everyone is in luck: June 21st, 2013, 07:09 GMT By Eduard Kovacs http://news.softpedia.com/news/LinkedIn-Outage-Caused-by-DDOS-Attack-on-Network-Solutions-362473.shtml [softpedia.com] --- This means, that on Sunday, you will all find out it was a DoS attack. This also means, on Sunday, if you visit that site you can also get the Powerball results which haven't been posted yet and all retire.

Re:

[Phics]

Sunday? June 21st was a Friday!

Re:

[NatasRevol]

Was?!?!

Re:

[sjames]

You must have bought the discounted 'irregular calendar'.

Re:

[NatasRevol]

To be fair, it is a Dilbert calendar. That I haven't changed in a while.

Re:

[The MAZZTer]

Yes, we're in July already, try to keep up.

Re:

[NatasRevol]

Wait, this isn't May?

Re:

[Phics]

Heh.... looks like not everyone made it out of June... I've had months like that.

Slashdotted

[Russ1642]

Don't post it here. Now they'll be Slashdotted as well.

Re:

[Z00L00K]

Seems to me from the comments over at "isdownrightnow" that this isn't the only outage they have had this year.

One outage is bad for a service like that, repeated outages is killing that kind of business that has to be based on being reliable in all weathers.

What about yesterday's incident?

[X0fl1b]

Our club's website is hosted by NetSol and our homepage was defaced yesterday. After 30+ minutes in the hold queue, I figured it was an issue on their side. Sure enough, the customer rep told me a bunch of their hosting servers suffered an intrusion and thousands of customers were similarly affected.

The Attack Appears To Be Ongoing, But...

[NotSanguine]

DNS name resolution from Network Solutions' DNS servers seems to be functional for 50-60% of requests based on a small sample (resolution of hosts in domains I manage). The Website is back up.

Re:

[xevioso]

This is actually a real problem for me. Yesterday I changed DNS records for an older client of mine on Network Solutions to point to a nameserver on another hosting environment. It seemed to work pretty quickly on some machines, on others it still showed the old site. Now it has reverted back to the older site on some and on others it is propagating correctly.

I am not sure what the hell is going on. I can't tell if there is just some propagation issue, or if it is a cache issue, or if the DNS service on

Re:

[WuphonsReach]

Public DNS records are something that it's not worth doing in-house any longer. Go with one of the DNS firms that give you multiple SOA servers, located in multiple data centers across the globe. A lot of registrar-based DNS options only offer the basics (no TXT or SRV records), or all of your SOA servers are in the same data center, leaving you vulnerable to a DDoS like this.

(Personally, we use DNSMadeEasy, but they're not the only game in town. Spending $60/yr to not have to personally maintain DNS s

It's back up

[gravis777]

From isitdownrightnow.com

Last Down: 3 minutes ago

Networksolutions.com is UP and reachable.
  The website is probably down just for you...

Re:

[gravis777]

Also I can pull up networksolutions.com

It isitdownrightnow.com also says:
Possible Service Disruption : Our test passed without any errors however 78 users have reported problems in the last few hours. Please check comments section for more details.

Old News

[opusbuddy]

They've gotten hit by 3 Spamhaus blacklists since last fall and this is the second DDOS in around a month. After the last Spamhaus debacle a few weeks ago, there were so many angry posts on their blogs about it that they took the link to their blogs off their account manager page. Calling their customer service sh!++y is an affront to sh!++y customer service. When I called to find out what was going on in the last DDOS, I got an IVR message, "Sorry, we're too busy to take your call" to which I responded by

Re:

[Ravaldy]

What do you expect? Maybe the message used isn't great but every single one of their customers is calling. No company can prepare for that. If you want a company that can answers 100% of calls in a situation like this you'll have to pay a lot more for your hosting solution.

This could just as well be happening to GoDaddy.com and you would get the same message when calling their number.

Re:

[Scutter]

They need a better message than "You're down. You're f***ed. Call back later." Yeah, I know we're down. That's why I called. They need to provide BETTER information. Put something useful on their blog, FB, Twitter, etc. Instead, every time there's a problem, they close the blinds and lock all the doors while the angry mob gathers outside. That's a hell of a way to run a railroad.

Re:

[Em Adespoton]

You're moving from NetSol to GoDaddy?

That might have made sense, say, in 2003, when NetSol started going to the birds.

http://www.forbes.com/sites/kellyclay/2012/09/10/5-reasons-you-should-leave-godaddy-and-how/ [forbes.com]

GoDaddy has been on my blacklist along with NetSol since SOPA.

Best two services I've seen that are ethical, long-lasting and reasonably priced are NameCheap and Gandi. Gandi also has the benefit that it's not in the US, and so unless you're using it for something that's illegal in France, you're unli

Re:

[pnutjam]

If you are still using Network Solutions, you have only yourself to blame...

I noticed a site I was using showed up with an invalid certificate. It seemed to match the domain and had not expired. It was issues by Network Solutions. I'm sure this is related.

Data point

[Empiric]

There have been several reports that the outage is causing hosted DNS to fail, leading to a number of unresolvable websites.

Confirmed here. DNS resolution was down for about an hour this morning for our domains registered with Network Solutions, no problems with domains registered elsewhere.

Re:

[NotSanguine]

There have been several reports that the outage is causing hosted DNS to fail, leading to a number of unresolvable websites. Confirmed here. DNS resolution was down for about an hour this morning for our domains registered with Network Solutions, no problems with domains registered elsewhere.

As I mentioned above, DNS resolution is *still* spotty for my domains.

Re:

[RatBastard]

My domain is completely fubar and has been for two days. Luckily it's just an old-fashioned vanity web page, so it's not a big deal.

Re:

[RatBastard]

Cancel that. It just started working again sometime in the last twenty minutes.

Is it a.... DNS amplification attack?

[Anonymous Coward]

The irony all these fools running around warning us of dire consequences of having an open DNS servers while concurrently pushing DNSSEC.

In the last two decades the only progress of any kind made to fix these problems is sale of brute force mitigation services to those who can afford it.

Nobody is interested in fixing broken UDP protocols:
http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03 [ietf.org]

Nor are they interested in applying necessary anti-spoofing filters:
http://en.wikipedia.org/wiki/Ingress_filterin [wikipedia.org]

slashdot ddos

[Anonymous Coward]

Actually, it was probably just the slashdot post reporting the problem that caused it.

wires to buzz

[Anonymous Coward]

This is a dns reflection/amplification attack. Its affecting most if not all hosting companies, and is limited to boxes with a known vulnerability in Bind. Why do so many people think this is only hitting netsol? Also, its been occurring for more than a week now and thoroughly documented. #GoodAdminsReadAdvisories

Comment removed

[account_deleted]

Comment removed based on user account deletion

We who?

[wonkey_monkey]

If your website does not load this morning you need to ask yourself do we use Network Solutions?

Wait, is that we meaning you, or we meaning me? I know you means me, because it's me you're talking to. I'm just not sure who we is. Are.

I think that was the corporate We

[Marrow]

As opposed to the royal We. You understand now, Oui?

Angry Users On Facebook

[JeanInMontana]

ooooh the comments on Facebook are giving them hell. I have to agree, the latest news comes from Facebook? tsk tsk not how to treat your customers.

Prefer to host my own servers

[SCHecklerX]

Netsol makes it difficult to add your own DNS records for your domain. So, I never pursued it. Regretting that now.

So mean!

[sootman]

"... all of their servers are all currently down. You can confirm this by visiting [link]."

Very funny, guys. Kick'em while they're down.

Don't use your registrar's DNS

[jtara]

I never use my registrar's DNS, even though I like my registrar (Moniker) a lot.

Nor would I ever use a web hosting company's DNS.

It's safest to use third-party DNS.

Risks of single-sourcing registrar, DNS, and hosting:

- host/registrar goes out of business, or suffers a disaster. You now have no ability to switch to a different host until the situation is resolved through IANA and somebody else gets control of the registry records. If you use third-party DNS, while you now can't change to a different DNS prov