EveryDNS Under Botnet DDoS Attack 154
mellow marsh writes "EveryDNS, sister company to OpenDNS (which runs the PhishTank anti-phishing initiative), has been hit by a massive distributed denial-of-service attack. The attack started sometime Friday afternoon and, from all indications, was targeting Web sites that used free DNS management services provided by EveryDNS. At the height of the DDoS bombardment, EveryDNS was being hit with more than 400mbps of traffic at each of its four locations around the world. From the article: '"We were collateral damage," Ulevitch explained... Because law enforcement is involved, Ulevitch was hesitant to release details of the actual target but there are signs that some of the targets were "nefarious domains" that have since been terminated.'" OpenDNS, which makes use of EveryDNS services, was affected for a time, until they spread their authoritative DNS more broadly. The EveryDNS site is now reporting that the attack is continuing but has been mitigated and is not affecting operations.
Re:correct URL (Score:2, Insightful)
Re:Questions? (Score:4, Insightful)
Was this a 'righteous' attack on malicious websites?
Or just some intramural warfare by one nefarious group upon another?
Real ripple effects, even from this small event. (Score:5, Insightful)
Worse, the state government box's spam filtering appliance blacklisted the retailer's server, and a third party admin had to get involved to free things up. Quite a mess.
But the real lesson? People who say that a "cyber attack" couldn't really hurt the economy are wrong, wrong, wrong. This stuff can be really disruptive, and this was a pissant little scaled-down example. No major damage, but a lot of thrashing around, untold manhours of lost productivity, and (in the case of the anecdote in question, involving just one retail company), probably some tax fines which will require much tail chasing to get waived once the the story is clearly told, assuming the state government in question is feeling sporting about it.
"nefarious domain" is a loaded and subjective term (Score:5, Insightful)
to some.. the pirate bay and allofmp3 are "nefarious domains"..
to others "www.f**Ktimewarner.com" and "walmartsucks.com" are "nefarious domains"
and to others "www.wikipedia.org" and "www.aclu.org" are "nefarious domains".
I have a lot of trouble with the idea that DDOS attacks were being carried out in (apparently successful) attempts to wipe domains off the face of the earth..
this implies the attackers had no legal standing to take those domains offline.. then they call them "nefarious" after the fact.
Botnet? Cal it what it is! (Score:4, Insightful)
Where are the class action suits against Microsoft for continually producing such flawed software that makes it easy to 0wn a box?
If it wasn't for 20 some years of MS indifference towards security, there wouldn't be botnets like this, being used for DDOS attacks and forwarding billions of spams a day.
Re:They never anticipated Windows. (Score:1, Insightful)
The difference is that very few people knew the exploits and fewer still were in a position to actually use them.
incompetence effects, not ripple effects (Score:4, Insightful)
In once case, a vital piece of mail sent to a state taxing authority couldn't get through on a month-end calendar deadline, causing much grief.
Maybe a)it shouldn't be left until the deadline and b)sent via email, if it's so damn important.
And maybe you not tell clients to use a free DNS hosting service as their sole DNS provider...
Re:What's the motive? (Score:3, Insightful)
It's an indirect attack against people who use EveryDNS to get traffic to their own sites (or mail servers, etc). If you ran, say, an online casino, and your main competition for a particular type of customer happened to have EveryDNS doing their forward lookups... and you could shut down your competition for at least a full business day by torpedoing the DNS they need to be seen - presto, done. EveryDNS wasn't the target, their customers were the target.
They deserve the grief (Score:4, Insightful)
Myself, a month ago I missed an opportunity to collaborate on a TV miniseries. Why? Because the moron who asked me for my collaboration absolutely trusted e-mail, and it was **THE** message that bounced thanks to a network glitch, and that moron didn't think of calling me on the **PHONE**. Well, if they were stupid enough to trust e-mail like that, they probably would have made a crappy miniseries anyways.
For casual communications, there is e-mail.
For vital ones, there is registered mail, fax or phone.
Re:sue (Score:2, Insightful)
Re:Botnet? Cal it what it is! (Score:1, Insightful)
Me, I'm a geek who uses Windows. I do computer fixes for a living, and I need to be intimately familiar with the systems my clients use, which are almost 100% Microsoft. Yet, despite running such 'inherently flawed software,' I haven't had a virus/trojan on one of my boxes. Ever. Turns out geeks are secure, regardless of what OS they use. We know how to put up firewalls, install AV software, recognize scams and evil email attachments.
News flash: Ignorant people are easy to take advantage of. The fact that MS is user friendly enough to let stupid users on isn't a reason to bash them. There are many reasons, but not that.
*Waits to get modded -1 [Microsoft]*
Re:Botnet? Cal it what it is! (Score:3, Insightful)
Re:Botnet? Cal it what it is! (Score:3, Insightful)
Re:They deserve the grief (Score:3, Insightful)
A lot of mail is misdelivered or just lost. Yet the tax people do not demand that we send in our tax returns by registered mail. And would you be as pissed at the miniseries people if they'd sent you a letter by regular mail and the letter subsequently got lost?
Re:Real ripple effects, even from this small event (Score:3, Insightful)
Learn to spell, get a clue.
There is nothing you can practically do to prevent someone on the internet from sending a packet addressed to you, nor two packets, nor 1000000. There is nothing you can practically do to prevent the source address on each of those packets to be different. If a DOSer has much bigger pipes than you, you are sunk, unless you can do something very smart. For a start, getting remote access to your server during a DOS attack is tricky unless you have redundancy. Then you need to profile the traffic, find patterns which you can filter.
The non-triviality of a (D)DOS is the reason why everyone is interested to learn how to defend against such attacks. This is why we want to hear how EveryDNS handled the problem so well. A second-rate admin would not be able to. While I appreciate your sentiment regarding "survival of the fittest". I feel it can be better expressed as "survival of the fittest admin for the job".
As there are lots of admins on