dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4984
share rss forum feed


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

1 recommendation

reply to norwegian

Re: GoDaddy DNS Outage takes out 1000s of sites+email

said by norwegian:

I understand they were down, but has anyone verified it was anon, or even a member of the organization,

The who and how is hard to know with certainty for anybody other then those who actually caused the incident (regardless whether it is was accidental or a deliberate act).

said by Noah Vail:

said by Name Game:

GoDaddy's 77 name servers all have IP addresses in AS26496

So maybe he's got some kind of BGP poisoning going on.

Name Game See Profile pointed out that all the GoDaddy nameservers are in the same AS and Noah Vail See Profile correctly replied that BGP poisoning (or any other kind of BGP problem) could be responsible for making all of them unreachable at the same time.
For those that don't know it, BGP stands for Border Gateway Protocol and is used in peering routers. Unlike LAN routers who tend to make routing decisions primarily on target IP address alone, border routers tend to use AS numbers in their routing policies with each AS (autonomous system) representing one or more IP address blocks. While this grouping of IP address blocks greatly reduces the number of policy rules and makes the router more efficient it also has the potential to spread the effect of a single incorrect entry to many separate IP blocks (in this case all locations of GoDaddy's nameservers).

This lends credibility to GoDaddy's statement that a corrupt routing table was responsible for the outage.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

jst3751
Premium
join:2004-07-08
Rowland Heights, CA
The fact that this was an internal problem (if it was) actually gives GoDaddy a bigger black eye than if they were hacked.


bitemeboy

join:2005-04-06
Otego, NY
Well, they apologized to me and, ARE YOU READY, gave me a one month's extension on my account. So there


jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
kudos:2
Reviews:
·AT&T Southwest
I got that email also, but my filters didn't let their button make it through. Are you certain that it was legitimate? I suspected (and still do) that it could well be a phishing attempt, since I never click links received in unsolicited email...
--
Jim Kyle


norwegian
Premium
join:2005-02-15
Outback
reply to leibold

I do not know enough on networks, so generally speaking this could be a hardware/software related issue? The person publicizing himself or herself saying they will have to do it again to force GoDaddy's hand to tell the truth maybe just an internal employee looking for a minute of fame?

I guess we will only find out if facts are presented, but to save face as a business, GoDaddy may never want the factual truth published.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

1 recommendation

said by leibold:

said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.

either 3 or 4/5
4 and 5 are one in the same except a hacker would need to penetrate GoDaddy security while a malicious employee would have access already.

It is not impossible that is was unintentional, but where is the drama in bad QC these days?
--
--Standard disclaimers apply.--