DDoS on Domain Registrar 69
miller60 writes "Netcraft is reporting that 'domain registrar Joker.com says its nameservers have been hit with a massive DDoS attack, causing outages for customers. More than 550,000 domains are registered with Joker, meaning the outages could be widely felt. It's not clear why the DDoS is succeeding, as most registrars have implemented sturdy DDoS protection since the attack on the root nameserver system back in 2002.' Some security experts have warned in recent weeks about DNS recursion attacks as previously discussed here on Slashdot, which can amplify the power of attacks launched from botnets."
This is shame... (Score:1)
Re:This is shame... (Score:2)
Re:This is shame... (Score:2)
Of course I'm having no problems since I know how to run my own DNS server and am too cheap to have them do it for me.
Re:This is shame... (Score:2)
Re:This is shame... (Score:2)
I hope they are better than they used to be but when someone came into my old job and said "can you move this domain, it's on Joker" we would say "this might be painful, brace yourself".
Re:This is shame... (Score:2)
I dunno, I don't think that whole chair-throwing incident put Microsoft in a good light...
Re:This is shame... (Score:2)
Re:Netcraft confirms (Score:1)
who could have perpetrated this criminal caper on such a classic clown? Could this mean the end of our caped crusader? tune in tomorrow.. same bat-time. same bat-website.
I wonder if batman.com is working on an alibi
But why? (Score:5, Interesting)
If anything, I'm surprised that more regitstrars aren't being hit by this. Maybe they agreed to pay up instead.
Re:But why? (Score:1, Interesting)
I was affected - but perhaps the ddosers wanted some cash from the spammers?. However our spam load was much reduced as to who wanted what and from whom i dont know - less spam was the result here.
Perhaps this will do joker some good either by stopping the sales of junk domain names like ikty677899dddff.com (made up example) and clean up the domain name 'trade', which is by no means perfect but makes many of us think there as complict as the spammers.
Not that surprising! (Score:5, Informative)
Re:Not that surprising! (Score:1)
Can still switch DNS servers (Score:5, Informative)
one to change the DNS servers away from [abc].ns.joker.com
I did this last for my domain.
Re:Can still switch DNS servers (Score:2)
Re:Can still switch DNS servers (Score:1)
</shameless plug>
Re:Can still switch DNS servers (Score:1)
http://www.everydns.net/news.php [everydns.net]
Re:Can still switch DNS servers (Score:2)
For me it was definitely getting hosed at 09:30 (GMT) last friday (24th Mar).
My domain wouldn't resolve, and their web admin interface was seriously slow,
and they had a news item about it on their homepage.
I was just about able to change the DNS servers for my domain away from joker to my hosted server.
Their web servers currently show about the same amount of lag,
so I presume one can still change the DNS servers for their domains.
Re:Can still switch DNS servers (Score:2)
Not an experience I'd want to repeat any time soon.
I'll be working o
Re:Considering... (Score:1)
Their business practices? I have used them for many years and never had a problem. It may well be that some "disreputable" websites have registered their domain names with them - but I guess most registrars have their fair share of such registrants. I am not sure how far I want registrars policing the content of websites...
Can you be a little more precise as to the nature of your objection to them?
Re:Considering... (Score:2)
Re:Considering... (Score:5, Informative)
On top of that they do not look like they have their own connectivity to peering points in EU.
So frankly, they look like they are ripe for the picking. It is utterly trivial to run a domain registrar out of several diverse locations using RFC 3258. A registrar that is not doing it is in clear need of a cluebat on the head several times. I hope that this DDOS finally delivers it.
Re:Considering... (Score:1)
Re:Considering... (Score:2)
What really annoys me is that Joker didn't post anything until two days later. When I COULD get to joker.com, I found nothing at all about the attack. It wasn't until Saturday that I finally got some information. The attack had been going on since Thursday that I know of.
I
Re:Considering... (Score:2)
The following was posted to their website as early as Thursday:
Re:Considering... (Score:1)
Yeah that is what i thought.
A lot of sites experienced outages due to this and caused a problems, considering I run a website for a local real estate company (who does not and never will spam) and a web design firm.
Re:Considering... (Score:2)
And most of the domains that I've seen Joker as a registrar for, including my own, are legitimate sites. They're inexpensive, have good customer service, and don't try to treat their customers like complete morons (Network Solutions used to refer to TLDs as "web extensions" and other such nonsense that actually made it difficult t
Re:Considering... (Score:1)
http://cr.yp.to/djbdns/dot-com.html [cr.yp.to]
Getting sick of this (Score:4, Interesting)
Re:Getting sick of this (Score:2)
Was anyone ever fingered for the root nameserver attack of 2002? I'd imagine not.
Re:Getting sick of this (Score:1, Interesting)
Re:Getting sick of this (Score:3, Interesting)
With distributed DNS, it's actually not a bad idea, those with higher bandwidths could end up taking the bulk of the load, but it might actually be workable. Having said that, we do have a facility for secondary DNS servers; we could just use them properly instead of having ns1.foobar.com and ns2.foobar.com pointing to the same box half the time, and the same subnet half of the rest of the time. Not exactly a dDOS resiliant sol
Re:Getting sick of this (Score:1)
Re:Getting sick of this (Score:1)
i.e. ISPs A, B, C...N all host N DNS services -- one for themselves, one each for the other N ISPs. Ok, maybe not N but say 5 ISP groupings.
This was done with the electric power system some time back where they put ground rods all over the place providing ubiquitous grounding to make the power system more uniform.
Re:Getting sick of this (Score:1)
Its going to get worse! (Score:3, Funny)
CoComment down (Score:1, Offtopic)
New TLD! (Score:1)
Hmm, maybe I'm coming too quickly from that other stupidifying discussion.
Resist the urge & take action? (Score:2, Insightful)
Next up: can everbody who gets hurt by this attack band together and start a class action suit against this ddos'er? Yeah, IF he gets caught...
We're the internet here, and if this hacker gets found, make an example of him.. he should be in deep debt for the rest of his life. THAT'll scare these script idiots...
Re:Resist the urge & take action? (Score:1)
Re:Resist the urge & take action? (Score:2)
Leave your domain name registration at joker and move your DNS server to dnsmadeeasy.com.
Joker doesn't make any money on their DNS service and it will only help them at this point. I moved mine Saturday and it was a)relatively painless and b)seems to work faster than joker did on a good day.
There's a common misconception throughout the slashdot comments that domain registration and DNS service are the same. They aren't. You can keep joker.com as your domain registar an
Re:Resist the urge & take action? (Score:1)
You're assuming that the DDoS is being run by a script kiddy. But if the script kiddy is in the employ of a Romanian mafiosa gang who're trying to extort a couple of million of protection money from Joker (or a Joker client)
Crime and Punishment (Score:1)
Why? That's easy ... (Score:2, Interesting)
Re:Why? That's easy ... (Score:2)
So, when you find that the spammy domains are registered through Joker... do you report them to Joker as AUP violations? If so, what kind of response do you get? If not, how can they be expected to take action?
Re:Why? That's easy ... (Score:1)
Well, I did report them at first. If I haven't tossed or misplaced the old messages, I've probably still got a couple hundred floating around somewhere that I sent to abuse@joker.com along with every other relevant address I could find, regarding phishing scams and pornographic spam. I was very dilige
/. effect (Score:2, Funny)
Old news (Score:3, Informative)
I've used joker.com for years. It's significantly cheaper than Network Solutions and other US registrars and I've never had a problem.
allow-recursion { none; }; doesn't always help. (Score:3, Insightful)
Fortinets, ciscos, Junipers all handle a set number of sessions. Some as low as 1500 - 2000, throw those away when you're talking about a large botnet. Depending on how big the botnet is, and how diverse the attacking blocks are sometimes there is very little to do other than wait it out. Even with higher end Fortinets that support up to 35k sessions, if you have 100k uniques over 30k blocks
DNS records must remain public in order to resolve anything. Sorry folks, but if the network you pissed off is large enough
Some pretty scary chit, especially if you are the one who gets called to deal with it. If you want to yell at someone about it, take your pick from one of the thousands of shared web hosting providers who provide a nice comfy woumb for these networks to grow.
So the next time your host tells you that they've disabled exec(), passthru() and shell_exec() in php for security and restricted access to wget and lynx, go a little easier on them. This is why. They have no control over what their users upload and make available to the world.
Even well hardened servers are easy targets if some jackass uploads phpbb version 1. If any script interpreter can make shell calls, you ought to be checking sockets and connections often.
lsof is your friend, learn how to use it
Tim Berners-Lee said it... (Score:4, Interesting)
What we need is an entirely peer to peer adaptation of the Web using DHT [wikipedia.org] as an addressing system, where the hash of the file itself serves as its' address. That would solve (at least) two major problems:-
a) It'd get rid of the abovementioned "Internet governance" BS as mentioned above. I believe we could still have an entirely hyperlinked/relational/semantic Web using a DHT system...it just initially might require some more work. The reason why this would eliminate the TLD issue though is because the naming system itself would become irrelevant. It's worth remembering that DNS was originally developed by scientists/academics. If they'd remained the only people using it, it would have worked acceptably. Unfortunately however, the commercialists came along later and fucked it up, which they tend to do to everything they get their hands on. If the commercialists still want the old DNS/TLD system, let them keep it. The DHT system could be implemented for those of us interested in more productive uses of the network.
b) It would at least go a long way towards putting a final nail in the coffin of the {RI,MP}AA's ability to track/identify (and therefore sue) anybody using p2p filesharing. No DNS means no named websites, and no named websites means no centre of gravity/vulnerability to make the {RI,MP}AA's lives easier.
For those of you who think I'm insane, realise that to a degree it's already been done with the Kad p2p network. Anyone connecting to Kad is only able to view (to the untrained or non-mechanical eye, at least) a totally incomprehensible array of numerical strings and file hashes. It might be traceable to individual users, but not easily. What we need to do is figure out how to create an adapted version of HTTP that is able to rely on a machanism similar to Kad as its' trasit/addressing system.
In terms of coding this, I'd have no idea even where to begin myself...so I guess all I can hopefor is that someone else out there who could is sufficiently interested in the idea to try it.
Re:Tim Berners-Lee said it... (Score:1)
Re:Tim Berners-Lee said it... (Score:2)
This is only difficult because it is not known in advance which files are fake and which aren't. As far as eMule/Kad are concerned, services like DonkeyFakes have existed, but they've generally ceased operations because of fears of a lawsuit.
That in essence however is what we would need...some type of verification mechanism which can tell people in advance which hashes represent genuine files, and which don'
Little biatches, easily squashed (Score:1)
I think we can agree that a self-respectin
EasyDNS and Prolexic (Score:2)
Prolexic is the brainchild of Barrett Lyon [google.com], who seems to have some experience fighting DDoS attacks. I'd be interested to see how well Prolexic's service actually works, but it seems technically sound to me.
Joker's response (Score:1)
Dear Sir/Madam,
thank you for your email.
Unfortunately there is a DDOS Attack on Joker.com Nameservers.
Joker.com currently experiences extremely massive distributed denial of service attacks against
nameservers.
This affects the DNS resolution of Joker.com itself, and also domains which use the Joker.com
nameserve