Network Solutions under DDOS attack
Circle ID reports that major domain registrat Network Solutions has been expriencing a massive DDOS UDP/53 attack on their domain servers for the past 48 hours. The Network Solutions blog confirms this: “There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries.”
A post on NANOG provides some additional detail:
A DOS where lots of people's dns servers around the world are being queried with bogus sourced dns requests not from port 53 for 'NS? .'. This then bounces back to their authoritative nameservers which are getting traffic overload. ... These are the result of a spoofed dns recursion attack against our servers. The actual packets in question (the ones reaching your servers) do NOT originate from our network as such there is no way for us to filter things from our end. If you are receiving queries from 76.9.31.42/76.9.16.171 neither of these machines make legitimate outbound dns requests so an inbound filter of packets to udp/53 from either of these two sources is perfect. If you are receiving queries from 66.230.128.15/66.230.160.1 these servers are authoritative nameservers. Please do not blackhole either of these IPs as they host many domains. However, these IPs do not make outbound DNS requests so filtering requests to your IPs from these ips with a destination port of 53 should block any illegitimate requests. An ACL similar to: access-list 110 deny udp host 66.230.160.1 neq 53 any eq 53 access-list 110 deny udp host 66.230.128.15 neq 53 any eq 53 Is what you want.
This attack could potentially affect more than 7.6 million domain names. Given the recent rapid spread of threats like the Downadup worm, I’m sure we’re going to be seeing more attacks like this in the not-too-distant future.
UPDATE: Network Solutions says DNS queries for web sites should be responding normally now.
Tags: DDOS, DNS, Network Solutions
January 24th, 2009 at 5:51 pm
Hi,
I work for Network Solutions. Thanks for your post. I wanted to pass on an update posted on our blog and Circleid last night
“Update : DNS queries for web sites should be responding normally. Thank you all for your understanding. As always, we will continue to work to take measures to prevent these and other types of technical issues caused by third parties that may impact our customers.”
Thanks,
Shashi Bellamkonda
December 25th, 2011 at 1:09 pm
Thank you for another informative site. Where else may I am getting that kind of information written in such an ideal method? I’ve a challenge that I am simply now operating on, and I have been on the look out for such information.
February 2nd, 2012 at 2:58 pm
Sites we Like…
[...]below you’ll see the link to some sites that we have enjoyed reading[...]…
February 15th, 2012 at 4:39 am
I am really glad I found you…
[...]If only things were as simple as you said it has to be. Nevertheless, I enjoy it - the write-up and every one[...]……
March 29th, 2012 at 7:31 pm
Trackback…
[...]At the bottom of this page you will discover a few of unrelated blogs,however I belive are wonderfull websites worthy of a visit[...]…
April 29th, 2012 at 5:30 am
Awesome document! My spouse and i needed one thing totally diverse as soon as I ran across your site. My partner and i carefully loved the thought an individual put in this specific writting. i most certainly will book mark to go back later.
August 10th, 2012 at 3:15 pm
Hey there are using WordPress for your blog platform? I’m new to the blog world but I’m trying to get started and set up my own. Do you need any html coding expertise to make your own blog? Any help would be really appreciated!
September 16th, 2012 at 6:13 pm
DHCP Server…
[...]Inside the Firewall » Blog Archive » Network Solutions under DDOS attack[...]…