dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4952
share rss forum feed


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

4 edits

1 recommendation

GoDaddy DNS Outage takes out 1000s of sites+email

»techcrunch.com/2012/09/10/godadd···f-sites/

»mashable.com/2012/09/10/godaddy-down/
quote:
GoDaddy, the world's largest domain registrar and one of the biggest web hosts, is experiencing major downtime.

The main GoDaddy.com domain is unreachable and websites hosted by GoDaddy are also down. The more problematic part is that any domain registered with GoDaddy that uses its nameservers and DNS records are also down. That means that even if you host your site elsewhere, using GoDaddy for DNS means it is inaccessible.

On Twitter, Anonymous Own3r - the security leader of Anonymous - is taking personal responsibility for the attack.
Hey. Anonymous has a leader now. I wonder if they know that?

edit: Here's a cap of his twitter feed.
or his twitter feed if you prefer.

Edit2. Hmmm. Other thread must have been holding in anon queue - wasn't there when I first posted this.

Edit3: So is this an actual DNS outage? It sounds more like their NS servers took a dive.

Edit whatever: AnonymousOwn3r announces downage at 1:46p




2nd tweet follows soon after and gathers responses.

If AnonymousOwn3r is responsible, we don't yet know his motive or technique (he disappears about the time I wrote this).
Although - there are hints it's a wide ranging attack, maybe high volume DDNS or lower volume using crafted packets.

Theory:
quote:
He could be bombarding a big public DNS provider like Google with forged, malformed DNS requests pretending to come from GoDaddy's DNS servers.

Google's DNS farms would respond by aiming a massive amount of responses at GoDaddy.
Because GoDaddy thinks it's coming in to the middle of the conversation, it tries to start the DNS query over again; which just multiplies the traffic even more.

I wrote all that because I can't remember what the attack is called (it was a DNS Reflection attack).
It looks like AnonymousOwn3r isn't getting a lot of support from the rest of the Anon community.
They're calling out his alleged OP



His self-applied "Leader" badge isn't sitting well w/ other anons either.
I guess it makes him a community of one.

Forbes mag editorial gives NoDaddy an opportunistic kick.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

According to a BusinessWeek story from May 2012, GoDaddy hosts more than 5 million websites and has registered more than 53 million domain names.



Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

said by Name Game:

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

According to a BusinessWeek story from May 2012, GoDaddy hosts more than 5 million websites and has registered more than 53 million domain names.

I've seen a number of random tweets from people who've 1000+ sites hosted there.
An outage in the millions is sounding believable.
--
Campaign contributions influence laws through a process called bribery.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to Name Game

said by Name Game:

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

I have trouble understanding what you are trying to say.

With "authority record" are you referring to the SOA (start of authority) record in each DNS zone file or do you mean something else (perhaps DNSSEC related which also has the concept of authorities) ?

I have similar difficulty with "all the domains in their DNS zone".

If you what you trying to say is that all of GoDaddy's customers lost their DNS service then that is clearly not the case. Anybody that is only using GoDaddy as a domain registry and uses his/her own servers for web, email and dns will not be effected by this (other then the inability to make any changes to their accounts).

Nevertheless this is a big deal and a lot of GoDaddy's clients are likely using them not just as domain registry but also as DNS provider.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Noah Vail

Yup..

Wholesale Adult Toys @wholesaleadult
@film_girl @gracemediapro any site using their DNS is down. Millions is an understatement. We have over 1000 sites down ourselves.
Collapse
Reply Retweet Favorite
12:19 PM - 10 Sep 12 · Details
1h matthewlking @matthewlking
@wholesaleadult @film_girl @gracemediapro I hate to sound like a jerk, but if you have 1000 websites you should not be using GD.
Expand
Reply Retweet Favorite
1h Wholesale Adult Toys @wholesaleadult
@matthewlking @wholesaleadult we don't use them, however our customers register their names and point their DNS to us.


--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to leibold

»support.godaddy.com/help/article···-records

»www.ntchosting.com/dns/zone.html



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Noah Vail

Ok but their TV ads are good



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

GoDaddy's 77 name servers all have IP addresses in AS26496



Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

said by Name Game:

GoDaddy's 77 name servers all have IP addresses in AS26496

So maybe he's got some kind of BGP poisoning going on.
--
Campaign contributions influence laws through a process called bribery.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

said by Noah Vail:

said by Name Game:

GoDaddy's 77 name servers all have IP addresses in AS26496

So maybe he's got some kind of BGP poisoning going on.

That would do it!
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to leibold

Thanks for the explanation Thomas..I am no expert on that subject.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to leibold

The guy who took it down claims he knew they had load balancing..I guess the rest will come out later since many reporter are asking questions and he is letting them know in the past he took down facebook because they started blocking a google chrome app and the FBI site..so maybe he will brag about how he did it.



Lagz
Premium
join:2000-09-03
The Rock
reply to leibold

said by leibold:

said by Name Game:

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

Anybody that is only using GoDaddy as a domain registry and uses his/her own servers for web, email and dns will not be effected by this (other then the inability to make any changes to their accounts).

Nevertheless this is a big deal and a lot of GoDaddy's clients are likely using them not just as domain registry but also as DNS provider.

I have no problems with my own servers registered at godaddy. Like you said it will only effect my ability to change things like pointing a web address to its IP address... I hope no one uses godaddy as their DNS provider .
--
When somebody tells you nothing is impossible, ask him to dribble a football.


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 recommendation

reply to Name Game

said by Name Game:

many reporter are asking questions and he is letting them know in the past he took down facebook because they started blocking a google chrome app and the FBI site..so maybe he will brag about how he did it.

There's a user on the front page who may have caught some collateral damage from the attack.
He's put out some info about the traffic and I'm waiting to see if he can provide some followup.
--
Campaign contributions influence laws through a process called bribery.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

he took out some of my hardworking friends back in Myrtle Beach

»www.wmbfnews.com/story/19505927/···sinesses

and GoDaddy is working hard on the problem.
»twitter.com/GoDaddy
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



breese
Premium
join:2000-05-10
Arlington Heights, IL
Reviews:
·AT&T U-Verse
·AT&T DSL Service
·AT&T Midwest
reply to Noah Vail

From my firewall logs, it looks like a ton of IP's all requesting large images and video's. While they do not exist on my servers, the amount of traffic requesting them is / was by the hundreds per second...
Took me 2hrs to filter out all the class C subnets.
Now the question becomes, if this was an attact on Go Daddy, why did it get filtered over to Off-Site web sites?

Dont care about the DNS side.. I use multiple DNS servers from other companies....



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to Noah Vail

Those with sites hosted by GoDaddy busy pulling hair out. GoDaddy has a Twitter feed and Facebook page.



Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 edit

1 recommendation

reply to Noah Vail

AnonymousOwn3r's last tweet was at ~5pm EDT.
He's received a LOT of hostility from Anonymous along with a bazillion GoDaddy users.

I've been reading through his twitter stream and I'd bet $13.37 he's bipolar.

I'm surprised we hadn't heard anything from Barret Brown today.
In fact a lot of the Anon-ish crowd have been less chatty than usual, the last 18 hours or so.
--
Campaign contributions influence laws through a process called bribery.


lorennerol
Premium
join:2003-10-29
Seattle, WA

2 recommendations

reply to Noah Vail

I'm sorry, I thought "The Cloud" was the solution to all IT problems??



Trel
Good Evening
Premium
join:2002-10-08
Hillsborough, NJ

2 recommendations

Only to people who don't understand IT.
--
/chown -R us:us /yourbase



Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 recommendation

reply to lorennerol

said by lorennerol:

I'm sorry, I thought "The Cloud" was the solution to all IT problems??

I think "The Cloud" will be CBS's new bad tech-drama.
--
Campaign contributions influence laws through a process called bribery.


vircotto

join:2002-06-04
searching...

2 recommendations

said by Noah Vail:

I think "The Cloud" will be CBS's new bad tech-drama.

No, isn't that an old Western/NYC cop show I've seen in reruns? You know, the Marshall from Taos, NM 'on semi-permanent "special assignment" with the New York City Police Department.'

lorennerol
Premium
join:2003-10-29
Seattle, WA
reply to Trel

said by Trel:

Only to people who don't understand IT.

Can't count how many times we've had clients ask, "Shouldn't we put that on The Cloud?"

I've taken to responding by asking them what they think the cloud actually is. To-date, not a one has even tried to answer the question.


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 edit

1 recommendation

reply to vircotto

said by vircotto:

said by Noah Vail:

I think "The Cloud" will be CBS's new bad tech-drama.

No, isn't that an old Western/NYC cop show I've seen in reruns? You know, the Marshall from Taos, NM 'on semi-permanent "special assignment" with the New York City Police Department.'

Wholly Cow - It's the NBC Mystery Movie zombie come back from 1972 to eat our brain.



--
Campaign contributions influence laws through a process called bribery.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Noah Vail

GoDaddy spokeswoman Elizabeth Driscoll said the outage began shortly after 1 p.m. EDT. By around 5:50 p.m. EDT, the GoDaddy.com website and sites hosted by the company were back up and running. Driscoll had said the company was investigating the cause.

She also said she could not say how many sites were affected, whether it was thousands or millions, or whether the outage had affected just sites hosted by Go Daddy or those who use its DNS services as well.


--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to Noah Vail

GoDaddy's DNS Service is Down

»news.ycombinator.com/item?id=4500993

Amid Outage, GoDaddy Moves DNS to Competitor VeriSign

DNS servers at the company’s U.S. data center were hit, but servers in Asia continued to operate normally.

»www.wired.com/wiredenterprise/20···erisign/



rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

Wow! If the servers were actually down because of an attack, then any other DNS provider could be next. That is an ominous possibility.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.


itguy05

join:2005-06-17
Carlisle, PA

1 recommendation

said by rcdailey:

Wow! If the servers were actually down because of an attack, then any other DNS provider could be next. That is an ominous possibility.

I wonder if they are running their DNS on Windows servers like the rest of their stuff. More reason not to use them, IMHO.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to Name Game

said by Name Game:

She also said she could not say how many sites were affected, whether it was thousands or millions, or whether the outage had affected just sites hosted by Go Daddy or those who use its DNS services as well.

While determining the root cause may require forensic analysis and take a long time you would expect that the extend of the damage (unavailable or impaired services) would be known almost immediately (due to network monitoring).
It is not exactly confidence inspiring if a day after a major incident a service provider still doesn't know which of its services are (or have been) unavailable.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

said by leibold:

It is not exactly confidence inspiring if a day after a major incident a service provider still doesn't know which of its services are (or have been) unavailable.

Telling people that they don't have all the information is not the same as them not having any idea what happened; when there is a lot of smoke and fire, there's essentially no upside for giving this kind of detail because in the end this information will almost always have parts that are substantially wrong. Wait until the dust settles and you have a substantial handle on everything before saying too much. Incident Response 101.

But they're now saying it wasn't a hack, but an internal network issue.

»techcrunch.com/2012/09/11/godadd···-issues/