Several Sites Including Twitter, GitHub, Spotify, PayPal, NYTimes Suffering Outage -- Dyn DNS Under DDoS Attack [Update] (techcrunch.com) 264
Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M : Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details. Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.
Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.
Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.
Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.
Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.
Twitter Down (Score:5, Funny)
Re:Twitter Down (Score:5, Funny)
Re: (Score:3)
Re:Twitter Down (Score:4, Interesting)
"But if Google+ went down would anybody notice :D"
Some, who value more enlightened discussions, or resent the FB data grabs, and the FB way of ignoring your preference to see what has happened in your sphere most recently and instead try to force feed you what THEY think is most relevant.
Relevance being defined by THEM, to THEIR purposes.
G+ isn't big. That's not even the best thing about it. You, however, I doubt have even actually used it beyond a single visit and thinking 'wow, there's no one here'. You were not missed.
Re: (Score:2)
Well at least Slashdot is sti
XKCD is down... (Score:2)
The main page loads but the comic image itself doesn't work.
Re: (Score:2)
Re: (Score:2)
Dns (Score:2)
Re:Dns (Score:4, Informative)
The thing about DNS is that to get the best speed, you want the nodes distributed as far and wide as possible. And you don't want it on the same servers as your main service. So it's either a different department or a different company - guess which one is cheaper.
Re: Dns (Score:2)
Re: (Score:2)
Try an ISP DNS server sometime. Before I remembered to change DNS after upgrading my router, I would get 2+ seconds of latency on every single page load before anything would happen at all. Even running my own DNS server and every query going straight to the root servers takes less time than that.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If it were truly distributed this wouldn't happen as DNS has inherent failovers. This is just an example of using "the cloud" box.net and other enterprise cloud software is also down. They're all using the same providers which is not as distributed as it promises.
Re: (Score:2)
DDoS attacks are distributed too - it's in the name. And each bot will hit the closest server if the DNS system is using Anycast or similar.
Re:Dns (Score:5, Insightful)
Yes, but the problem here is all these services are using a singular DNS service which is under attack.
A good decade and a half ago, when I was part of a hosting company, we had the DNS for our customers across 3 or 4 different providers. That way, if for whatever reason one provider went out of business, the domains would continue to operate.
The problem is this:
Github.com:
Name Server: NS1.P16.DYNECT.NET
Name Server: NS2.P16.DYNECT.NET
Name Server: NS3.P16.DYNECT.NET
Name Server: NS4.P16.DYNECT.NET
Twitter.com
Name Server: NS1.P34.DYNECT.NET
Name Server: NS2.P34.DYNECT.NET
Name Server: NS3.P34.DYNECT.NET
Name Server: NS4.P34.DYNECT.NET
Box.net
Name Server: ns3.p05.dynect.net
Name Server: ns1.p05.dynect.net
Name Server: ns2.p05.dynect.net
Name Server: ns4.p05.dynect.net
If for whatever reason DynDNS pulls the plug (which they have a history of for reasons of profit and incompetence), all these sites are down. It doesn't matter whether or not you're using Unicast or Anycast, if your provider 'dies' (or it's host providers like Amazon which also has a history of major outages) then your domain dies. And before you get all your glue records fixed, you're out at least 48-72 hours.
Re: (Score:2)
https://medium.com/@brianarmst... [medium.com]
Re: (Score:2)
I don't disagree with any of that. A company that large should be using multiple.
Addresses matter, not hostnames (Score:2)
The problem is this:
...
Github.com:
Name Server: NS1.P16.DYNECT.NET
Name Server: NS2.P16.DYNECT.NET
Name Server: NS3.P16.DYNECT.NET
Name Server: NS4.P16.DYNECT.NET
There's nothing wrong with having all your DNS servers under the same subdomain. What matters is what IP addresses those names resolve to. I've seen primary and secondary DNS servers that aren't even on different IPV4 subnets, never mind geographically distant ones.
Re: (Score:2)
There is when say... the DNS server which handles authoritative lookups of DYNECT.NET and related sub domains is overwhelmed or down.
Re: (Score:2)
Yes, but the problem here is all these services are using a singular DNS service which is under attack.
Well it doesn't take a genius to see that won't be the case much longer.
Re: (Score:3)
Re: (Score:2)
Why aren't they:
1) Running an internal DNS server for their internal shit.
2) Pointing that DNS server to a public DNS server.
3) Pointing the public DNS server point to the root DNS servers.
1 shouldn't be hit by a DDoS as it should be entirely limited to access within your network (or VPN).
2 can be as distributed as you need it to be.
If 3 goes down, no one will blame you.
If this is what they're doing then dyn is failing hard at step 2.
Re: (Score:2)
That's why the big websites are using dyn.com as opposed to dyndns.org.
They're the same thing. The dyndns.org domain has been obsolete for a while now, and redirects to dyn.com.
Gotta love the cached DNS (Score:2)
....I'm bumping along nicely on Spotify right now... Must have cached the DNS entries since I go there a lot.
"Sweeping Outage"??? (Score:2, Informative)
According to Dyn: "This attack is mainly impacting US East and is impacting Managed DNS customers in this region."
The PC in my flat (in the UK - on a free dyndns.org address) is alive and well and talking to the outside world.
As usual - someone has assuming that the US = the whole world - learn some fucking geography!
Re: (Score:2, Insightful)
Re: (Score:3)
Dyndns.org is unrelated to dyn.com
If they're unrelated, why does http://dyndns.org/ [dyndns.org] redirect to http://dyn.com/ [dyn.com]? DynDNS is just an obsolete brand name for the same service from the same company, which now refers to itself simply as Dyn.
Re: (Score:2)
I have a few buddies in France and Italy that are affected by this DDOS. So far in my part of Canada I don't seem to be affected *knock on wood*
Re: (Score:2)
I've never been there but I hear it's less than half the size of Texas and more than twice the number of people... it must be fairly crowded.
Re: (Score:2)
Re: (Score:2)
DynECT is a dinosaur (Score:5, Interesting)
Working at a medium traffic startup, DynECT always insisted that their service was worth a lot[1] more money than AWS's Route 53 or Google's Cloud DNS because unlike AWS or Google they had never had a service outage and boasted 100% uptime since their company was founded.
Looks like we made the right choice going with Route 53 instead of these guys.
1. Seriously, they wanted 5,000 USD/mo when AWS charges 8 USD/mo for the same service.
Starbucks is down too (Score:5, Funny)
Tried to reload my card via the app and couldn't. had to pay for my drink with a credit card. The shame
Re:Starbucks is down too (Score:5, Funny)
Tried to reload my card via the app and couldn't. had to pay for my drink with a credit card. The shame
Did you drop your monocle into chardonnay^H^H^H^H Google Glass into your frappe because of that?
Re: (Score:3)
I had a similar experience [imgur.com]. (it's safe for work, promise)
Re: (Score:3)
Disqus also down for about 15 minutes (Score:2)
The eternal balance question... (Score:2)
I've been doing end user computing for quite a while, and we've gone through so many cycles of "where the client intelligence lives" or "where the virtual desktop is hosted" and everyone oscillates between two extremes. PCs to zero clients usually ends up being a mix of laptops and thin clients in the end. All VDI ends up being some VDI after some very expensive POCs in most cases. I guess the same debate of "host it yourself vs. rely on a cloud provider" is alive and well here. I see it every day where I w
Re:The eternal balance question... (Score:5, Insightful)
The dynamics of this issue have changed considerably.
Five years or so ago, going offline was a Big Deal. Nowadays, people (both users and CxO's) don't seem to care as much; outages are transient, and accepted as a part of the cost of doing business. It's kinda sad for those of us who build high availability systems, but at the same time it's probably a lot more realistic for the budgets of most businesses.
Part of it, IMO, is that the Internet has been around long enough now (in a commercial sense) that the users are finally more prone to saying "my Internet is down" than "my Twitter is down".
Perception is everything.
Twitter is working good here (Score:2)
Re: (Score:2)
Twitter still does not resolve here.
That explains this morning (Score:3)
Forget the sites the articles mention. I was having very serious troubles getting to the Guardian's site, pictures not loading, and worse, I couldn't even log onto my hosting provider.
Now, I'm on Verizon FIOS, and my system (Linux, a real o/s) couldn't even ping hostmonster.com, it couldn't find the name, until I manual added nameserver 8.8.8.8 (one of google's) to my resolv.conf. Then it started working.
That tells me that it was overloading nameservers in a *LOT* of places.
mark
Re: (Score:2)
Also, I'm wondering how much of this is political - I cannot reach Paul Krugman's blog in the NYT.
mark
Maybe it's because US "promised" a message to Russ (Score:2)
Joe Biden told NBC a “message” would be sent to Russian President Vladimir Putin over the alleged hacking, with the channel saying the CIA was preparing a retaliatory cyber attack “designed to harass and ’embarrass’ the Kremlin leadership.”
Kremlin spokesman Dmitry Peskov immediately denounced Biden’s remarks, saying Moscow would take precautions to safeguard its interests in the face of the increasing “unpredictability and aggressiveness of the United States”.
Re: (Score:3)
IoT is great though guys (Score:2)
Twitter is down? Trump must be furious. (Score:2)
RIGGED!
FWIW, twitter is working for me (Score:3)
Not that I care much. I have 2 twitter accounts, one for my cat and one so I can keep up with the latest inane things that Jeremy Clarkson, Neil DeGrasse Tyson and John McAffee say and McAffee is kind of annoying so I'm thinking of unfollowing him
I'm sure the NYTimes will be up by the time I want to click on a link to them if they're not up already.
Reddit seems to be working as does Fark, YouTube and Netflix. I know those last three weren't mentioned but I frequent those sites.
Disqus is down if anyone but trolls care.
LOL, I just put in nytimes.com and got an attempted browser hijack. I got about 5 pop-ups trying to scare me. I managed to close them too fast to read exactly what they said.
Re: (Score:2)
I meant to add something to the effect that the internet is far from dead.
Beanstalkapp.com (Score:2)
Beanstalkapp is down for us here (prairie region of Canada). Beanstalkapp is a git repository similar to GitHub and Bitbucket, kinda important when you are a development shop. Twitter is down too. Current time is 1:30pm MDT.
Investigating IF this is a criminal act?? (Score:2)
The next thing to look at is whether or not this is just a dress rehearsal for a real attack. My guess is that this is just a test... They want to know what it takes to shut down a chunk of the internet. Next time will be the
Re:Great! (Score:5, Informative)
Hopefully they never come back up! It would be great to live in a world with the above gone.
Right! Because we sure wouldn't want small businesses to be able to do business using a payment mechanism they choose to use, or people to conveniently communicate from their phones using a service they choose to use, or listen to music from a source they choose to use. Definitely, all such things should be destroyed. What the hell is wrong with you?
Re: (Score:3)
Time to QoS our links to .RU, .CN origin routes.
Re: Great! (Score:5, Insightful)
You really need to be less of an absolutist
See, my perspective is that you absolutely should have the choice to use PayPal or Square or what have you, if you choose to. You ... absolutely think they should be shut down? In what way am I over-reacting to someone who thinks that Twitter should go away? Why not simply offer a better choice, or at least ignore the thing they don't like? The world view that calls for the destruction of businesses that whiners resent or wish were different is a fundamental problem with our current culture. So yes, it's worth reacting, and pointing out the baseline trollishness of such perspectives. Because the little baby tyrants that live inside people who think like that are poisonous to everyone. "I don't like that thing! I hope it dies!"
No, I'm not confused. But I see that you're trying very hard to avoid the big picture.
Re: (Score:2)
See, my perspective is that you absolutely should have the choice to use PayPal or Square or what have you, if you choose to. You ... absolutely think they should be shut down?
I have a different perspective. I think Twitter should go away -- that's a moral "should", as I think it encourages people to behave badly -- but I think the fundamental rights of people to make mistake takes is a higher imperative. As much as I will cheer at Twitter's natural death, I can't support some outside force taking away people choice to use it.
Thus, while Twitter should die, people should have freedom, including the freedom to cause de minimus harm to others, and that's a bigger "should".
Re: (Score:2)
...but only the freedom to do what you like
Yes, you have precisely captured the exact opposite of what I just said. Well put.
Re: (Score:2)
Re: (Score:2)
"Because the little baby tyrants" *snip*
Brave words in defense of a social media platform that sees fit to disappear ideas and expression that it arbitrarily doesn't like.
You might give a little thought to the way Valley media platforms now shape public discourse along narrow lines and for what reasons; that is, if the Kool Aid is not too strong in you, young Jedi.
Re: (Score:2)
In other words, Twitter should die because we, as a society, exercised our freedom of choice to stop using it, not because a few assholes exert
Re: (Score:2)
Brave words in defense of a social media platform ...
I'm not defending Twitter, I'm defending YOUR right, and mine, to be free of script kiddies trashing things just because they can. And I was replying to a user here who was cheering on a DDoS attack and hoping it permanently destroyed something he doesn't like. I didn't see that user, or you, proposing or providing an alternative that unicorns its way past your standards.
So, you don't like SV's social media systems. What have you got designed that will work better? Be specific.
Re: (Score:3)
You can't conceive of an individual or gradiated reaction
So what is your "gradiated" take on whether or not malicious script kiddies should burn down Twitter's DNS provider? Personally, I think that's a black and white issue. I responded to someone who was cheering on the script kiddies doing the damage. You, with your advanced and clearly superior intellect and sense of nuance, obviously think it's kind of OK that the script kiddies wreck things like that. Can you elaborate please? Be sure to use simple words to describe the part where launching a DDoS like tha
Re: (Score:2, Insightful)
You're wasting your breath, ScentCone. Guys like him have declared war on the Internet because Twitter took away Milo Yiannopoulos' blue checkmark, and some female video game critic gave Bayonetta a 7.5/10.
This is the nihilism that online anonymity and toxic 4chan culture has engendered. They're terrorists who are simply too lazy to leave their moms' basements. That they see themselves as some sort of shit-posting freedom fighters would be very funny if it wasn't so tragic and pitiable.
Re: (Score:3)
This is the nihilism that online anonymity and toxic 4chan culture has engendered. They're terrorists who are simply too lazy to leave their moms' basements.
Calling them "Terrorists" is giving them way too much credit. Terrorists typically believe strongly in something. These people are just losers who have too much time and a far to comfortable life*. They're just losers and idiots with an internet connection. They're not even proper nihilists, they're not contemplating the futility of their own existence... in fact they think the end of the world is running out of pop tarts.
* Please note, I don't think our society needs to be harder/more authoritarian... i
Re: (Score:2)
Re: (Score:2)
If your DNS provider can be burned down by script kiddies, you need a provider who knows something about security.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
...the problem is with those companies, whose offenses are well-known. They have engaged [in] evil, of their own volition, not because of their function, but choice.
Please explain what each of these companies have done wrong.
Re:Great! (Score:5, Insightful)
Paying money every month for a couple of sine waves coming out of a cheap tinny Chinese speaker.
Paying money to paypal for the privilege of paying. Paypal fees are f**ing ridiculous
Here's an idea: don't use those services.
Obviously you are personally running a much better music streaming service that you'd like to offer to Spotify's millions of customers. Can you provide a link to something that they will find persuasive? I'm sure your system is easier to use, less expensive, widely available, performs well, pays the artists who create the material they license to you, and in all other ways is superior to Spotify. Looking forward to your offering! Right? Yes?
And, obviously you have never been involved in any sort of commerce there in your mom's basement. Or, are you offering the infrastructure, security, staff, and other resources that will allow individuals and businesses the means by which to handle financial transactions on the fly, a million times a day, but at no cost to any party involved? Fantastic! Please provide a link to that other service of yours, too. That would be awesome. Right? Yes? No? I see.
Re:Great! (Score:5, Insightful)
Torrent, cryptocurrency. Spotify uses DRM. DRM is evil. I am surprised to see someone on Slashdot supporting these muppets.
I'm supporting your CHOICE to use whatever services you like, and to move to something else if you prefer. Wishing for the destruction of such services by a malicious third party is BS. If you want them to go away because you philosophically disagree with, say, musicians choosing to whom they license their works ... then offer a service that musicians like better. Some don't license their works to Spotify. That's different than cheering when some script kiddies act to destroy access to it.
Re: (Score:2)
Re: (Score:2)
Your just fighting the GPL vs BSD argument all over again. Might as well argue that Kirk using EMACS can beat up Picard using VI.
Re: Great! (Score:2)
Re: (Score:2)
Re: (Score:2)
TANSTAAFL [blockchain.info]
Re: (Score:2)
Blockchain currencies offer similar security. It's in there.
Re:Great! (Score:5, Insightful)
Paying money to paypal for the privilege of paying. Paypal fees are f**ing ridiculous
Ha, you should check out the bank fees.
Re: (Score:2)
PayPal *is* a bank in every way that is meaningful for payments tech.
Re: (Score:2)
Paying money to paypal for the privilege of paying. Paypal fees are f**ing ridiculous
Ha, you should check out the bank fees.
Bank fees are quite reasonable and easily avoided.
I can only assume that you meant to say credit card fees. They're the killer for a business. Seriously, go and look at how many parties take fees out of a credit card transaction.
Besides this, PayPal's fees stack with bank fees and credit card fees.
When you introduce more parties into the mix, each of them has their hand out for a piece of the pie and no-one is willing to give up the tiniest fraction of their slice for the new guy.
Re: (Score:2)
Paying money every month for a couple of sine waves coming out of a cheap tinny Chinese speaker.
Real music aficionados such as myself attach a wire directly to the inner ear and use a homemade needle on the other end to manually read the grooves in the vinyl record which I'm turning myself. I would tell you who I'm listening to but you probably haven't heard of them.
Re: (Score:2)
Re: (Score:2)
Paying money every month for a couple of sine waves coming out of a cheap tinny Chinese speaker.
Paying money to paypal for the privilege of paying. Paypal fees are f**ing ridiculous
Buyers do not pay PayPal anything for the privilege of paying. The sellers pay a transaction fee to PayPal as their payment processor. For a standard account, it is 2.9% of the total amount plus 30 cents. And for a Micro Payments account, it is 5% plus 5 cents. The wash point is $12 (that is where the cost is pretty much the same no matter what type of account).
And PP's rate for a standard account is pretty much in line with other payment processors. It is just a cost of doing business, and those fees
Re: (Score:2)
Hey, I'm on board with people being able to use what they choose! Just gotta make sure those choices are all ones that I also like.
Meaning ... if you don't like a choice, you don't think other people should have access to it?
Re: (Score:2)
Which service DNS?
Re: (Score:2)
Hopefully they never come back up!
It's weird that you would state a hope like that, because it's not going to happen, is it?
Re: (Score:2)
Hopefully they never come back up! It would be great to live in a world with the above gone. Hopefully the FANG companies are next to go.
You can hate on all those very popular sites all you want, but it's affecting my tiny websites too.
Re: (Score:3)
Unresponsive DNS queries would make pages slower if they relied on them. It's just that your neighbors aren't using their favorite web sites, leaving you with some extra bandwidth.
Re: (Score:2)
Re: (Score:2)
Sites have control of their own cache expiration/refresh times. Major sites also have a tendency to use DNS for geographic load balancing, which can screw with this (and is one of the main reasons sites continue to use Dyn).
Re: (Score:2)
(1) The owner of a device attached to the Internet must make a reasonable effort to maintain it. Specifically, they must install security updates in a timely fashion. In addition, they must disconnect the device if they are unable to maintain it. No device or piece of software lasts forever. You don't get to keep using a PC with Windows XP, or a 10 year old router with dozens of known security holes -- you need to throw them away. Failure to do so will make the owner liable for damages if their device is used in a DDOS attack.
Useless. New devices are at nearly as much risk as old devices; that it's new should not in any way make you feel secure. You'll also be fighting legitimate businesses with legitimate use cases for, say, Windows '95. Specifically, that their legacy software and drivers have never been upgraded by the people who wrote them, and don't work on newer versions of Windows.
(2) Network operators shall be required to ensure that packets originating on their network have a valid source address (e.g. use filters at all ingress points). Failure to do so will make them liable for damages related to the DDOS attack.
(3) Network operators shall be required to provide rapid technical assistance to trace DDOS traffic that is passing through their network, so that it can be traced back to it's source. Failure to do so will make them liable for damages related to the DDOS attack.
Also useless. The modern day DDoS isn't necessarily about flooding a site with spoofed packets from a small number of high-bandwidth machin
Re: (Score:2)
Re: (Score:2)
Re:Small dick russians (Score:4, Funny)
It's mainly affecting the east coast, sure, but also Ohio [staticworld.net] which Trump needs to win [fivethirtyeight.com].
Seems like a much more straightforward than using trolling to help him win. [businessinsider.com]
Re: (Score:2)
Re: (Score:2)
You need to look deeper - it's not that Trump works for Putin; It's that Putin's organization is in competition with Clinton's organization. Putin does not want the competition, even in the US criminal market.
It's just business, it's not personal.
Re: (Score:2)
Wait - Hillary AND Trump are working for Putin??!! Wow.
Re: (Score:2)
Proper practice is to have multiple DNS providers. All of the sites that are currently 'down' have failed best practice we had 20 years ago. The great "cloud" has finally come down to this: https://xkcd.com/908/ [xkcd.com]
Re: (Score:2)