Wednesday, 17 July 2013

Network Solutions suffer huge DDoS

This afternoon has been um...  challenging..  for many thousands of IT professionals.
A DNS server under attack.
No, that's really what it looks like. Honest. 


Network Solutions, who are a major hosting provider, appear to have suffered complete downtime from a DDoS (distributed denial of service) attack.



It looks like they were completely knocked off the internet with DNS hosting, email, web hosting and even their own site all taken offline.

Whether it's "terrorists" or some uber-nerd 14 year old sat in his bedroom, it doesn't really matter, the affect is generally the same - total loss of connection.

Now, sometimes, DDoS attacks happen. It's a sad fact of the Internet.
However, in this day and age of social media, they should probably have found some way to tweet that they were having a problem shortly after it started - there are a lot of very angry people out there.

Twitter went a bit mad with lots of people trying to get answers as to why their site was totally down.
Eventually Network Solutions posted a short update to their Facebook, letting people know what happened.

https://www.facebook.com/networksolutions

They were suffering a DDoS and were "working on it"

So, what is a DDoS? 

Well, basically, imagine your website was a call-centre with 30 people in it.
Your web servers are the people answering the phones.
If a group of people wanted to disrupt that call-centre they could dial in to all 30 lines and try to keep them talking. As soon as they hang up, someone else in the disruptive group would call back - you affectively render the call centre useless.

But web-sites can handle thousands and thousands of connections, so surely a hosting company must be able to handle that? Right?

Well.. yes and no..  To an extent it's possible to stop individual attacks, but that's where the "distributed" bit comes in - the attack usually happens by a dramatically named, so-called "Zombie Bot-Net" - which is actually a bunch of virus-infected computers all listening for a trigger to make them attack.  Once they hear that trigger, they all connect to the victim at once, and keep on reconnecting if they get kicked off.

That's bad enough if they're pointed at a website, but more-and-more commonly these days they get pointed at a DNS system.

DNS is the "phone book" for the internet - it's what turns the www.whatever into the IP address numbers that the computers actually understand.

So to re-use our previous metaphor - instead of attacking the call centre, it's kind of like attacking the telephone exchange.

That's very bad news, because once a DNS is down it's lack of existence gets propagated throughout the rest of the Internet's DNS servers and gradually, over the course of a few hours, entire internet domains just vanish without a trace.

No web, no email - nothing. The domain ceases to exist.

In our phone example, you'd get "The number you have called has not been recognised"

So then what?

Well, for the individual sites affected - there's nothing much they can do other than try to inform their customers via social networking or whatever.
They have to wait for the DNS provider to fix the problem, by either shifting their DNS servers or by otherwise getting rid of all of the attacking connections.

And then there's the thing that will really bake your noodle - there's nothing to stop the attackers doing the exact same thing again tomorrow.  DNS as a protocol is pretty old, and a bit insecure.  There have been improvements to the standard, and some have even been implemented - but at the end of the day there's nothing that can protect against such a massive attack.

It's like a million very determined people trying to get into a single caravan.
You can't stop them trying, and if you're in the caravan, you're sure as hell not going to be able to get out.
Post a Comment