Rackspace Restored After DDOS Takes Out DNS 49
An anonymous reader sends word that Rackspace has recovered from a severe distributed denial of service attack. "Over on the company's Google+ page Rackspace warned of 'intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com.' The company's status report later confirmed it had '... identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers [North Virigina, Chicago and London]. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services. This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.'"
Re: (Score:3)
BYOB.
Bring your own body-guard.
Re: (Score:2)
Typically you have peices of infrastructure which is required by many service instances belonging to many customers.
It's nearly always better to have one service instance drop offline than to have the whole peice of shared infrastructure become unusable.
Re:What, no blaming haxxorz? (Score:4, Funny)
Who else could possibly have done this? Only cyberbogeymen could have been quite this evil, obviously.
It was those pesky North Koreans, of course...
The story is 3 days old (Score:1, Informative)
Seriously.. if you actually read the horse's mouth, you would know that this all transpired back 3 days ago.
Re: How to mitigate similar UDP port DDOS attack (Score:2, Informative)
There are numerous affordable ddos mitigation providers (e.g x4b, staminus, etc).
Re: (Score:2)
What can you do about it to protect yourself? Stuff all, I am afraid. At the end of the day, if you cop a 100gbps attack on a 100mbps pipe, it's game over, no matter what you try to pull. All you
Re: (Score:2)
UDP reflection attacks are one case when "economies of scale" work in reverse.
I can throttle such attacks on my DNS servers, since I'm only serving for a few domains and there's not much urgency.
For large ISPs, however, there's going to be a lot more legitimate traffic for a lot more domains and if you bounce a request, you may be turning away the one legitimate customer in the flood.
I hate UDP reflection with a passion. Ordinary attacks are annoying enough, but if I ever got my hands on the people behind t
Re: (Score:2)
What's far more likely is that they'd be using
Re: (Score:2)
That's why I hate it. The "mirror" can throttle, but that's just a drop in the bucket. Only if all the reflection mirrors are throttling can it help, and the larger the mirror, the larger the number of apparently legitimate requests would be, so it's harder to make them good throttles.
Plus, not only the target system is getting blasted. The mirroring systems are getting a pretty heavy load. They can throttle this, but then they risk choking off the legitimate requests, since a legitimate request and a refle
I thought we solved this already. (Score:2)
The key to this is the ability to send NAK packets back upstream so that the DDoSers' ping requests get returned to sender instead of making it to their intended target. Seems like we need a better roll-out of this idea if RackSpace is still falling victim to this.
Remember...
ACK means acknowledged, I've got that and it sticks.
RST means reset, I didn't get that right, we've got something that doesn't add up to the checksum, let's go back to a previous numbered packet.
NAK means, I got that and I don't like th