Home – New Forums Tech talk Want to see something scary?

  • This topic is empty.
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #990139
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::

    The DNS service I use has been subject to a massive DDoS attack and has been down for quite a while.

    This link appeared in my Twitter feed while i was trying to work out what was happening (a live feed of current attacks world wide)

    http://map.ipviking.com

    Maintaining a server is easy :)

    #1175650
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::

    Bit of an update, my dinky little site is back up :)

    But the provider (DNSimple) has been subject to massive distributed denial of service attacks for the last 8 hours.

    These guy’s aren’t dills either, they’re specialists with data centres across a couple of continents.

    How would your DNS provider go in similar attack? How well would your business online handle 8 hours downtime?

    I originally moved to these guy’s after repeated DNS failures at Godaddy …

    A look at the original link is quite scary when you see a visualisation of 1000’s of attacks in few minutes hitting one or two locations.

    #1175651
    Hatching_It
    Member
    • Total posts: 414
    Up
    0
    ::

    I use DNSMadeEasy, can’t find any direct comparison of features/strengths/weaknesses etc, but according to Datanyze – bigger companies use DNSMadeEasy so it sounds like they may be offering a better service!

    http://www.datanyze.com/market-share/dns/dnsimple-vs-dns-made-easy/

    #1175652
    arrowwise
    Member
    • Total posts: 641
    Up
    0
    ::

    No company is totally immune to such attacks. With that said there are some web hosting companies that have much better technical and procedural defenses in place to greatly minimise the impact of such an attacks. 8 hours of down time isn’t good in any ones books. If it happens again to the same level I’d be moving your DNS to a new provider :D

    p.s that attack page showing the countries is neat, however it does a good job to almost crash my browser and computer!

    #1175653
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::
    Hatching_It, post: 204498 wrote:
    I use DNSMadeEasy, can’t find any direct comparison of features/strengths/weaknesses etc, but according to Datanyze – bigger companies use DNSMadeEasy so it sounds like they may be offering a better service!

    http://www.datanyze.com/market-share/dns/dnsimple-vs-dns-made-easy/

    I have used DNSMadeEasy for a client site, I think in lots of ways they’re similar, mainly in their ability to create a dodgy A record so you can set the root domain to a Cloud service like Heroku (why I’m using DNSimple). I think they’re cheaper too.

    Having used both, the DNSimple interface is a lot easier and intuitive to use (IMO).

    Don’t know about other features, or their ability to withstand a massive sustained DDoS attack. From the little I’ve read it seems Amazon is one of the few that can take this kind of attack in their stride.

    I’ve decided to stick with DNSimple for now. They are a small dedicated, and very personable team that run it, and are probably going to take a big financial hit from some customers because of it.

    They run the DNS for some pretty traffic heavy sites, Github is one I’m pretty sure, and Rubygems is another …

    #1175654
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::
    arrowwise, post: 204524 wrote:
    No company is totally immune to such attacks. With that said there are some web hosting companies that have much better technical and procedural defenses in place to greatly minimise the impact of such an attacks. 8 hours of down time isn’t good in any ones books. If it happens again to the same level I’d be moving your DNS to a new provider :D

    p.s that attack page showing the countries is neat, however it does a good job to almost crash my browser and computer!

    I did notice the site actually got the fan running in my MacAir (a fairly rare occurrence).

    Nothing I run these days is that critical, and I think they’ve had a pretty painful lesson.

    I had a personal email thanking me for not cracking it, and I believe there’ll be a full post mortem published on their blog in the next 24 hours. On that basis I’ll keep giving them the benefit of the doubt.

    #1175655
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::

    I guess this post is only of interest to a few, but hacking and malicious attacks are are real issue to consider when selecting providers for DNS and hosting.

    This quote from the post mortem blog article indicates what these guy’s were up against … and interestingly, the support they received from both DNSMadeEasy and easyDNS (direct competitors).

    “A new customer signed up for our service and brought in multiple domains that were already facing a DDoS attack. The customer had already tried at least 2 other providers before DNSimple. Once the domains were delegated to us, we began receiving the traffic from the DDoS.

    DNSimple was not the target of the attack, nor were any of our other customers.

    The volume of the attack was approximately 25gb/s sustained traffic across our networks, with around 50 million packets per second. In this case, the traffic was sufficient enough to overwhelm the 4 DDoS devices we had placed in our data centers after a previous attack (there is also a 5th device, but it was not yet online in our network).”

    Full post here

    #1175656
    EthiSEC
    Member
    • Total posts: 21
    Up
    0
    ::

    If your hosting provider is hit with a DDoS that is killing their transit links it is pretty difficult to mitigate these attacks. Perhaps using a service like Cloudflare to front-end your sites may be helpful as they can present cached content to users.

    #1175657
    Greg_M
    Member
    • Total posts: 1,691
    Up
    0
    ::
    EthiSEC, post: 204565 wrote:
    If your hosting provider is hit with a DDoS that is killing their transit links it is pretty difficult to mitigate these attacks. Perhaps using a service like Cloudflare to front-end your sites may be helpful as they can present cached content to users.

    This seemed to be a common solution being used or suggested during the “chatter” online via Twitter.

    I think it sounds like a good idea if you are running critical stuff.

    #1175658
    Hatching_It
    Member
    • Total posts: 414
    Up
    0
    ::
    estim8, post: 204577 wrote:
    This seemed to be a common solution being used or suggested during the “chatter” online via Twitter.

    I think it sounds like a good idea if you are running critical stuff.

    It at least lets you serve some kind of branded page rather than a browsers 404 so even if it’s just a message to say “the site is currently unavailable but we are, call or email on” this can be the difference between someone thinking your business is gone or giving you some money.

Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.