dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4936
share rss forum feed


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 recommendation

reply to lorennerol

Re: GoDaddy DNS Outage takes out 1000s of sites+email

said by lorennerol:

I'm sorry, I thought "The Cloud" was the solution to all IT problems??

I think "The Cloud" will be CBS's new bad tech-drama.
--
Campaign contributions influence laws through a process called bribery.


vircotto

join:2002-06-04
searching...

2 recommendations

said by Noah Vail:

I think "The Cloud" will be CBS's new bad tech-drama.

No, isn't that an old Western/NYC cop show I've seen in reruns? You know, the Marshall from Taos, NM 'on semi-permanent "special assignment" with the New York City Police Department.'

lorennerol
Premium
join:2003-10-29
Seattle, WA
reply to Trel

said by Trel:

Only to people who don't understand IT.

Can't count how many times we've had clients ask, "Shouldn't we put that on The Cloud?"

I've taken to responding by asking them what they think the cloud actually is. To-date, not a one has even tried to answer the question.


Noah Vail
Son made my Avatar
Premium
join:2004-12-10
Lorton, VA
kudos:3
Reviews:
·Bright House

1 edit

1 recommendation

reply to vircotto

said by vircotto:

said by Noah Vail:

I think "The Cloud" will be CBS's new bad tech-drama.

No, isn't that an old Western/NYC cop show I've seen in reruns? You know, the Marshall from Taos, NM 'on semi-permanent "special assignment" with the New York City Police Department.'

Wholly Cow - It's the NBC Mystery Movie zombie come back from 1972 to eat our brain.



--
Campaign contributions influence laws through a process called bribery.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to Noah Vail

GoDaddy spokeswoman Elizabeth Driscoll said the outage began shortly after 1 p.m. EDT. By around 5:50 p.m. EDT, the GoDaddy.com website and sites hosted by the company were back up and running. Driscoll had said the company was investigating the cause.

She also said she could not say how many sites were affected, whether it was thousands or millions, or whether the outage had affected just sites hosted by Go Daddy or those who use its DNS services as well.


--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 edit
reply to Noah Vail

GoDaddy's DNS Service is Down

»news.ycombinator.com/item?id=4500993

Amid Outage, GoDaddy Moves DNS to Competitor VeriSign

DNS servers at the company’s U.S. data center were hit, but servers in Asia continued to operate normally.

»www.wired.com/wiredenterprise/20···erisign/



rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA

Wow! If the servers were actually down because of an attack, then any other DNS provider could be next. That is an ominous possibility.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.


itguy05

join:2005-06-17
Carlisle, PA

1 recommendation

said by rcdailey:

Wow! If the servers were actually down because of an attack, then any other DNS provider could be next. That is an ominous possibility.

I wonder if they are running their DNS on Windows servers like the rest of their stuff. More reason not to use them, IMHO.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to Name Game

said by Name Game:

She also said she could not say how many sites were affected, whether it was thousands or millions, or whether the outage had affected just sites hosted by Go Daddy or those who use its DNS services as well.

While determining the root cause may require forensic analysis and take a long time you would expect that the extend of the damage (unavailable or impaired services) would be known almost immediately (due to network monitoring).
It is not exactly confidence inspiring if a day after a major incident a service provider still doesn't know which of its services are (or have been) unavailable.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

said by leibold:

It is not exactly confidence inspiring if a day after a major incident a service provider still doesn't know which of its services are (or have been) unavailable.

Telling people that they don't have all the information is not the same as them not having any idea what happened; when there is a lot of smoke and fire, there's essentially no upside for giving this kind of detail because in the end this information will almost always have parts that are substantially wrong. Wait until the dust settles and you have a substantial handle on everything before saying too much. Incident Response 101.

But they're now saying it wasn't a hack, but an internal network issue.

»techcrunch.com/2012/09/11/godadd···-issues/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

GoDaddy has moved the nameservers of godaddycom back to themselves from Verisign.



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Noah Vail

Earthquake in Argentina, Anonymous claims resposibility ???

»current.com/community/89003708_t···aarp.htm


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Name Game

said by Name Game:

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

What makes you think the GoDaddy DNS zone is authoritative for all 53 million names they have registered?
WHOIS information for aosake.net:***
 
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
   Domain Name: AOSAKE.NET
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: A.AUTH-NS.SONIC.NET
   Name Server: B.AUTH-NS.SONIC.NET
   Name Server: C.AUTH-NS.SONIC.NET
 
Registrar need not be the DNS authority.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

Did not..that is why the question mark and Thomas explained it all Thanks.

»Re: GoDaddy DNS Outage takes out 1000s of sites+email



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Noah Vail

Feds Warn of Zombie Apocalypse! Buy emergency kit, but you might be a terrorist if...

How do you kill a zombie? No, not a zombie process killed via command line, but the brain-eating kind.

»www.networkworld.com/community/node/81356
--
Gladiator Security Forum
»www.gladiator-antivirus.com/



Triple Helix
Go Blue Jays Go
Premium
join:2007-07-26
Oshawa, ON
kudos:7
Reviews:
·Rogers Hi-Speed
reply to Noah Vail

Who's lying about the GoDaddy outage?

»betanews.com/2012/09/11/whos-lyi···eed+-+BN

TH
--
Triple Helix - Microsoft® MVP Consumer Security 2012
VIP Member Of ASAP - (Alliance of Security Analysis Professionals™)
Official Webroot SecureAnywhere (Prevx) Support Forum Helper.
(H59 Clan)



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

and within the hour publicly posted what supposedly is GoDaddy "source code and database".

Faked by anon.."No point, it is fake: open source project from 2010: »code.google.com/p/ttpython/sourc···Fgodaddy … This is where he got that code.

»code.google.com/p/ttpython/sourc···Fgodaddy

»twitter.com/AnonymousOwn3r/statu···20293889
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to leibold

said by leibold:

said by Name Game:

Since GoDaddy is the authority record for all the domains in their DNS zone that is a big hit..53 million ?

I have trouble understanding what you are trying to say.

With "authority record" are you referring to the SOA (start of authority) record in each DNS zone file or do you mean something else (perhaps DNSSEC related which also has the concept of authorities) ?

I have similar difficulty with "all the domains in their DNS zone".

If you what you trying to say is that all of GoDaddy's customers lost their DNS service then that is clearly not the case. Anybody that is only using GoDaddy as a domain registry and uses his/her own servers for web, email and dns will not be effected by this (other then the inability to make any changes to their accounts).

Nevertheless this is a big deal and a lot of GoDaddy's clients are likely using them not just as domain registry but also as DNS provider.

GoDaddy goes down, Anonymous member takes credit

Popular domain name registrar and Web and email hosting provider GoDaddy is experiencing a severe outage, one that appears to have taken out not only its hosted services, but even those websites that have registered their domain names through GoDaddy.
Background

Users started noticing the troubles in the late morning Eastern Time. Customers with GoDaddy-hosted email accounts and websites noticed the outage, as did at least some users who had registered their domain names with GoDaddy, even though their sites are actually hosted elsewhere. When pinged, websites registered with GoDaddy receive only a "ping request could not find host," message. The GoDaddy.com site itself went offline.

GoDaddy claims to be the world's largest domain name registrar. The company reportedly manages more than 48 million domain names and serves more than 9.3 million customers.

»www.pcworld.com/businesscenter/a···dit.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


norwegian
Premium
join:2005-02-15
Outback

2 edits
reply to Noah Vail

I understand they were down, but has anyone verified it was anon, or even a member of the organization, as it seems to me it was someone acting on their own just before 9/11 (on that note - My sympathy goes out to the families involved).......does anyone wonder if there is more to be published if there is a network hole in GoDaddy, or we will all be seeing lock down on the Internet due to terrorist activity?

Don't get me wrong, but this one is one of the weirdest Internet issues to date. Mass hysteria with no real back bone...call me skeptical until the juice is out of the bottle.

It is already a very sensitive time for so many.

--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to lorennerol

said by lorennerol:

said by Trel:

Only to people who don't understand IT.

Can't count how many times we've had clients ask, "Shouldn't we put that on The Cloud?"

I've taken to responding by asking them what they think the cloud actually is. To-date, not a one has even tried to answer the question.

I think our IT guys are soliciting bids from cloud providers.
--
--Standard disclaimers apply.--


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to norwegian

said by norwegian:

I understand they were down, but has anyone verified it was anon, or even a member of the organization,

The who and how is hard to know with certainty for anybody other then those who actually caused the incident (regardless whether it is was accidental or a deliberate act).

said by Noah Vail:

said by Name Game:

GoDaddy's 77 name servers all have IP addresses in AS26496

So maybe he's got some kind of BGP poisoning going on.

Name Game See Profile pointed out that all the GoDaddy nameservers are in the same AS and Noah Vail See Profile correctly replied that BGP poisoning (or any other kind of BGP problem) could be responsible for making all of them unreachable at the same time.
For those that don't know it, BGP stands for Border Gateway Protocol and is used in peering routers. Unlike LAN routers who tend to make routing decisions primarily on target IP address alone, border routers tend to use AS numbers in their routing policies with each AS (autonomous system) representing one or more IP address blocks. While this grouping of IP address blocks greatly reduces the number of policy rules and makes the router more efficient it also has the potential to spread the effect of a single incorrect entry to many separate IP blocks (in this case all locations of GoDaddy's nameservers).

This lends credibility to GoDaddy's statement that a corrupt routing table was responsible for the outage.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

jst3751
Premium
join:2004-07-08
Rowland Heights, CA

The fact that this was an internal problem (if it was) actually gives GoDaddy a bigger black eye than if they were hacked.



bitemeboy

join:2005-04-06
Otego, NY

Well, they apologized to me and, ARE YOU READY, gave me a one month's extension on my account. So there



jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
kudos:2
Reviews:
·AT&T Southwest

I got that email also, but my filters didn't let their button make it through. Are you certain that it was legitimate? I suspected (and still do) that it could well be a phishing attempt, since I never click links received in unsolicited email...
--
Jim Kyle



norwegian
Premium
join:2005-02-15
Outback
reply to leibold


I do not know enough on networks, so generally speaking this could be a hardware/software related issue? The person publicizing himself or herself saying they will have to do it again to force GoDaddy's hand to tell the truth maybe just an internal employee looking for a minute of fame?

I guess we will only find out if facts are presented, but to save face as a business, GoDaddy may never want the factual truth published.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

1 recommendation

said by leibold:

said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.

either 3 or 4/5
4 and 5 are one in the same except a hacker would need to penetrate GoDaddy security while a malicious employee would have access already.

It is not impossible that is was unintentional, but where is the drama in bad QC these days?
--
--Standard disclaimers apply.--