Early Friday morning, a number of well known sites like Twitter, NetFlix, Amazon, Github and Reddit went down due to a large distributed denial of service (DDoS) attack. This attack continued throughout the day, causing intermittent outages to these popular web destinations. Unlike most DDoS attacks, this one did not directly target the sites in question. Rather, the attackers targeted Dyn, a less known but well used DNS management middleman. By going after DNS, a core component of Internet infrastructure, this DDoS attack affected many more sites than the average attack. Watch the video below to learn more about this attack, and what it may mean for the future of DDoS.
Episode Runtime: 5:34
Direct YouTube Link: https://www.youtube.com/watch?v=f1WKCogmBFI
EPISODE REFERENCES:
- Why half the Internet shutdown today – Gizmodo
- Dyn’s status update for the DDoS attack – DynStatus
- How to use OpenDNS’s open DNS servers (helps during this sort of attack) – OpenDNS
- Bruce Schneier’s blog post warning someone is learning to take down the Internet – Schneier.com
— Corey Nachreiner, CISSP (@SecAdept)
So not that the Botnets are attacking DNS providers instead of just so websites
Do you think they will get involved and they to stop some of these attacks?
Do you mean DNS providers. If so, I hope so… Really, I think ISPs and big network carriers are ones that need to help too. While it wasn’t the case for this Mirai DDoS attack, many other DDoS attacks still rely on spoofed packets. Spoofed packets are EASY to detect from an ISP, since they know all the ip space they manage. If they see packet leaving their network, spoofing some other IP space, they could block it (there are even some RFC and IETF docs talking about ISP doing this). So I certainly think upstream providers need to get more involved in blocking DDoS attacks.