14,000 Domains Dropped Dyn's DNS Service After Mirai Attack (securityledger.com) 27
chicksdaddy
New data suggests that some 14,500 web domains stopped using Dyn's Managed DNS service in the immediate aftermath of an October DDoS attack by the Mirai botnet. That's around 8% of the web domains using Dyn Managed DNS... "The data show that Dyn lost a pretty big chunk of their customer base because they were affected by (Mirai)," said Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts... BitSight, which provides security rating services for companies, analyzed a set of 178,000 domains that were hosted on Dyn's managed DNS infrastructure before and immediately after the October 21st attacks.
It's possible some of those domains later returned to Dyn -- and the number of actual customers may be smaller than the number of hosted domains. But in the end it may not have mattered much, since Dyn was acquired by Oracle the next month, and TechCrunch speculates that the deal had already been set in motion before the attack.
They also add that "Oracle, of course, is no stranger to breaches itself: in August it was found that hundreds of its own computer systems were breached."
It's possible some of those domains later returned to Dyn -- and the number of actual customers may be smaller than the number of hosted domains. But in the end it may not have mattered much, since Dyn was acquired by Oracle the next month, and TechCrunch speculates that the deal had already been set in motion before the attack.
They also add that "Oracle, of course, is no stranger to breaches itself: in August it was found that hundreds of its own computer systems were breached."
Re:Good! (Score:5, Informative)
Re: (Score:1)
Eloquently stated, but for those that haven't been paying attention perhaps you could have elaborated on your feelings a bit more. My personal dislike for DynDNS is based on their buying up as many of the other free domain services that they could, shutting them down, and then starting to charge for their own previously free service. Fortunately, there are still great free alternatives, such as freedns.afraid.org (which I actually like much better than Dyndns even though my routers don't support it directly).
Don't forget everyone's favorite registrar, Namecheap. If you want to buy a domain rather than use a "loaner," Namecheap supports dynamic DNS for free. I paid for FreeDNS/afraid.org for a few years, but, now, I just use my own domain and namecheap's dyanmic DNS service to log into my machine at home.
dubious business pretices (Score:2)
The problem that I have with Namecheap is that I tried to get a domain from them. Here's what happened:
I thought of a domain that I would really like to have. I first tried to go to it in my browser and got a 404 error.
I immediately went to Namecheap and tried to get it. They "checked" to see if it was available. There was a long delay, at least two to three minutes. Then they told me that the name was not available and offered me other names, names with garbage extra numbers in them and undesirable TDLs
Re:dubious business pretices (Score:4, Informative)
The problem that I have with Namecheap is that I tried to get a domain from them. Here's what happened:
I thought of a domain that I would really like to have. I first tried to go to it in my browser and got a 404 error.
I don't pretend to know everything, but I believe the moment you get a 404 error, that means a web server responded with HTTP response code 404, which requires a} a web server and b} the hostname you typed to have a DNS record resolving to that web server. All of which means: the domain you thought of was already registered before you tried to register it. That you got a 404 the first time and a parking page the second time only suggests the web server is crap.
Domain squatting sucks, but the sniping activity you're trying to accuse them of doesn't match the symptoms you describe.
Re: (Score:2)
I thought of a domain that I would really like to have. I first tried to go to it in my browser and got a 404 error.
404 is an actual error code from a web server at the other end. That means someone ALREADY HAD the domain you thought of. Someone who does have working name servers, but whose web server is kinda crap (not surprising for a domain squatter).
Further, in order for Namecheap to have pulled the trick you described, they'd have be your DNS server, which they aren't.
The way to buy a domain name is to NOT try to hit it, ping it, or lookup the whois data first, but rather just go to your favorite registrar and try t
Re: (Score:3)
Glad this is being discussed here, because I am not renewing with them.
And how many left.. (Score:3, Insightful)
.. after Oracle bought them?
ASUS Dyn (Score:1)
ASUS routers come with a free asuscomm dynamic ip registration built in as an option from the dropdown dyn selection menu. It's nice to use a dyn service provided by the same company that made the router for obvious reasons. They know how to best support the router, dyn service, firmware updates, and convenience. I'm pretty sure it's not the same as dyndns and resides on their own servers since it is a unique menu choice along with no-ip and other choices. I used to have a dyndns but when I got my new r
Run away! (Score:3)
Sounds like those who left before were just the early adopters, ahead of the curve.
Corporate Tactic (Score:4, Interesting)
One has to wonder whether these attacks have become a corporate tactic, not a new one mind you but one that is spreading. The have the ability, the have the hardware, they have the network access and the most certainly they have the greed and along with that are inherently totally amoral in nature, with attitude like fines nothing more than a cost of doing business, the investors pay the penalties not the corporate executives, more money now, more money now, more money now, fuck everyone else.
Re: (Score:2)
Doubtful. When found out, a sysadmin cannot avoid going to jail by saying "I was just following orders." Make no mistake, actions such as you pose are illegal in several different ways.
Happy with DynDNS until they sold to Oracle (Score:2)
I had a domain registered to DynDNS for 10 years (5 at a time) because I was really happy with them, particularly back when they did free domains based off of subdomains on dyndns.org: that was a really helpful and useful feature so I supported them by actually paying for a domain long-term.
However the moment they were bought by Oracle I *IMMEDIATELY* put in a Transfer Request. The reason: Oracle I consider to be one of the world's most unethical companies, up there with Broadcom and Qualcom for various se