Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Botnet Security Crime Networking The Internet

Dyn Executive Responds To Friday's DDOS Attack (dyn.com) 77

"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports: Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet locations...one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."

He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."

Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.
This discussion has been archived. No new comments can be posted.

Dyn Executive Responds To Friday's DDOS Attack

Comments Filter:
  • by Anonymous Coward

    And they made us look the foo!

    • 1. System is designed with a decentralised resource to prevent single point of failure / target for attack.
      2. Company wants to monopolise resource.
      3. Spreads fear of attacks for reason to buy hardened service.
      4. Gets rekt by a bunch of kids who have hacked cctvs.
      5. Tries to use it spread more fear / downpkay own incompetence.
      6. ...
      7. People realise that running their own DNS is more resilient?

      • Re:We Were Attacked! (Score:5, Informative)

        by sithlord2 ( 261932 ) on Sunday October 23, 2016 @05:11AM (#53133417)
        >> 7. People realise that running their own DNS is more resilient?

        LOL! You think so? Let's say your own DNS infrastructure is a victim of this attack with the same magnitude. Are you able to handle this?

        There is a easy solution: Don't make your DNS a single point of failure. Make sure your DNS records are mirrored on two different DNS providers, and make sure you list all IP addresses of both providers' DNS servers in your registrar's settings.

        That's what we did. We have our DNS records on Dyn and another provider. We barely were impacted.
        • by Junta ( 36770 )

          The problem is this philosophy tends to create targets of great value by putting so much infrastructure into so few places.

          It's been a curious development in the internet. In the 90s, there was a trend from walled gardens and centralized resources to more federated approaches. In the last decade, the trend has reversed.

          We have increasingly powerful endpoint devices, even as their form factors have shrunk. This *should* have led to the reduction of the importance of 'datacenters', but now they are more imp

        • by Khyber ( 864651 )

          "LOL! You think so? Let's say your own DNS infrastructure is a victim of this attack with the same magnitude. Are you able to handle this?"

          Yep, all fucking day without even looking, and IPv6 will make it even easier. It's called a static IP address and not having more fucking domain names than you can handle.

          While everyone else was fucked, my sites ran without a problem, and they all use DynDNS.

        • Sure do.

          It spreads out the attack value over multiple targets. It is not about whether a set of smaller replacements for Dyn could withstand 1tb/s, it is about whether an attacker could muster n tb/s to attack a whole set of smaller providers at once in order to create the same amount of widespread damage. Do you think it makes sense to put all the eggs in one basket?

      • When you run TTLs less than 150 (like many of Dyn's customers), your DNS is no longer decentralized and fault tolerant....if you don't change your records often, use a longer TTL. Much of the effect of this attach could have been mitigated by using a 1800 or longer TTL...as long as a few isp and other common caches can get one response for each record every half hour things keep working
  • Lost business? (Score:5, Insightful)

    by Z00L00K ( 682162 ) on Sunday October 23, 2016 @03:42AM (#53133247) Homepage

    Is that really lost business or was it just a delay in the interaction for the customers?

    If shop's not available one day I'll wait a day or two to place my order. It's only if stuff is offline for a long period that it's really lost business because then I probably have gone elsewhere.

    • You are forgetting advertising. You may not like it, but its still a major source of revenue for some businesses.
      • by Anonymous Coward
        Advertising is not a loss of business if you accumulate income across all companies. Advertising only moves funds between companies. The only loss is the one of customers who would buy on the given day but not later. If that is the case then they probably did not really need the thing anyway. Therefore it is good they did not waste money on "crap" and saved environment.

        Though it may be a loss of business in a sense that a part of income is moved from companies affected by the attack to the companies which

      • by Z00L00K ( 682162 )

        What advertising? I'm running an adblocker - and so do most people with sense these days.

        • What advertising? I'm running an adblocker - and so do most people with sense these days.

          I don't, on purpose. I think still I have some sense.

          -I like to pay for the services I use. Many companies will provide me service by showing me ads. That is fair to me.
          -I don't want ads for NFL games and tampons. I have no use for either of those. However, if a new 2m radio is on sale, I actually want to know that.
          -I mind giving small a small amount of information to advertisers (through cookies and fingerprinting) a LOT less than I mind giving any Ad blocking app FULL web browsing history.

          How are you payi

    • Is that really lost business or ... If shop's not available one day I'll wait ...

      You're ignoring the "instant gratification" bit. Wait a day -- a DAY? You must be joking, I don't want to wait 2 seconds while the page loads. The only reason i can even stand to wait for it to be delivered is because I can track it in motion. [xkcd.com]

    • Is that really lost business or was it just a delay in the interaction for the customers?

      If an item is perishable then it's actually lost business even if you intended to buy it the day after.

      If shop's not available one day I'll wait a day or two to place my order.

      Market research shows that a significant source of income is the result of impulse buys as the result of either short term discounts or advertising. Giving people time to think about it by preventing checkout causes them to (correctly) second guess their decision, whereas if there's no barrier to purchase you simply end up with post shopping cognitive dissonance (why the **** did I just buy that!)

      This is l

      • by Anonymous Coward

        But it is better for the planet... And individual. And thereby, society.
        If it is a loss for someone, perhaps they are then better employed in something more productive.

        Like picking up trash.

    • It depends... sometimes customers would probably come back and order later. Sometimes they might order somewhere else that is available. Or sometimes they might use the extra time to ponder whether they really need the item and ultimately might decide not to buy it.

    • Of course it is: We see this pretty easily in the physical space when there's really bad weather, like a blizzard that makes travel difficult for 3 days. Businesses see a bit of a pickup afterwards, as some purchases just get delayed, but there's A LOT of economic activity that disappears.

      Imagine, for instance, that whoever processes credit cards for the Hillary campaign happened to have a catastrophic 4 hour outage around the last debate. Do you really think that the people that would have donated during t

  • Does anybody find it ironic to see the slashdot sales as for IoT cameras immediately above this sorry? Until we can somehow force vendors to responsibly patch, these devices have NO BUSINESS being on the web and we should boycott them. (Looking at you, AVTECH)
  • Would be nice to check my addresses in case my network was an offender so I can fix something I may have missed.

    • Would be nice to check my addresses in case my network was an offender so I can fix something I may have missed.

      Your router needs a better firewall to prohibit or at least rate limit outgoing traffic to unusual places. Monitor firewall hits. It's "easy", but typical routers don't offer much help.

  • did the attackers ask for to stop the attack?

    Here's an actual letter sent to my company when we we're attacked earlier this year. By the way, they didn't breach us in any way, shape or form. They just hit us with traffic. The letter makes it sound like they had more, but nope, they didn't have shit.

    Hello Support,

    We are a team of highly skilled independent security consultants. One of your competitors hired us to take your site offline for an entire month (which we have the resources to do but don't like t

  • The issue with DNS is that it's a centralizing service. As the world moves more towards a decentralized, distributed Internet, the first piece that moves in that direction should be DNS services.

    It could be done right now using a similar blockchain to the one bitcoin uses. In fact, you could also tie in SSL into the platform, to prevent centralizing services like Verasign from being a weak point. The design is already in my head - just need to build it. Anyone have some free time?

  • The fact that so many publicly facing, completely insecure devices ripe for hacking were able to be assembled in the first place is one of the biggest things we should be looking at moving forward.

    I think there should be a common, open-source framework for building secure IoT device firmware. Obviously people are going to be buying these things more and more as time progresses. Why not make it simple for them to implement something secure instead of leaving them to reinvent the wheel? Obviously they're conc

    • by AHuxley ( 892839 )
      One way to do that is at the app level. Get the two big US brands to stop the smartphone integration of device apps that have a free flow onto the internet.
      The app gets delisted until the device is fixed or upgrades.
      It can be fixed by the IoT builders as they want cheap or use long supply chains.
      The consumer want easy, powered on, integrated, working devices. No entering long unique passwords deep in the packaging.
      Get AV firms to scan local networks and tell users their entire network and all the
  • I remember when they were dyndns.org. I remember when they provided great dynamic DNS services for free or super cheap. Over time they became more and more commercialized, then more and more enterprised focused. They lost my business a long time ago. Nowadays you can have low TTLs with most service providers, and even if you can't, many ISPs have semi-static IPs for their residential and commercial accounts. There are also more rapid ttl based dyndns offerings including Google Domains. From a company

Someone is unenthusiastic about your work.