Distributed denial-of-service (DDoS) attacks that could be related have in the past few days slammed the DNS servers of at least three providers of domain name management and DNS hosting services.
DNSimple, easyDNS and TPP Wholesale all reported temporary DNS service outages and degradation on Monday, citing DDoS attacks as the reason. In some cases the attacks started a few days ago and are ongoing.
TPP Wholesale, a subsidiary of Sydney-based Netregistry, one of Australia’s largest providers of Web hosting, domain management and other online services, alerted its customers through its website on Monday that eight of its DNS servers experienced “unscheduled service interruption.”
TPP Wholesale experienced a series of DDoS attacks against its DNS name servers over the past several days, the Netregistry Group Security Team said in a blog post. The company managed to mitigate the DDoS attacks that caused service interruptions throughout Monday by taking “the drastic step” of rate-limiting DNS queries, the team said.
Such aggressive filtering is prone to false positives and might result in some customers being denied DNS service. “In the next few days we will continue to whitelist such false positives as we discover them,” the team said.
Second wave
EasyDNS, a DNS hosting provider based in Toronto, also reported DNS service disruptions caused by a DDoS attack on Monday.
“This looks like a larger version of a smaller DDoS yesterday which was possibly a test run,” the company’s CEO Mark Jeftovic said Monday in a blog post. “This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients.”
Jeftovic said that it was difficult to differentiate the real traffic from the DDoS traffic, but the company managed to partially mitigate the attack and also published workarounds for affected customers. “This is the ‘nightmare scenario’ for DNS providers, because it is not against a specific domain which we can isolate and mitigate, but it’s against easyDNS itself and it is fairly well constructed,” he said.
Full Story: Possibly related DDoS attacks cause DNS hosting outages | PCWorld.