dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
27

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

1 recommendation

leibold to norwegian

MVM

to norwegian

Re: GoDaddy DNS Outage takes out 1000s of sites+email

said by norwegian:

I understand they were down, but has anyone verified it was anon, or even a member of the organization,

The who and how is hard to know with certainty for anybody other then those who actually caused the incident (regardless whether it is was accidental or a deliberate act).
said by Noah Vail:

said by Name Game:

GoDaddy's 77 name servers all have IP addresses in AS26496

So maybe he's got some kind of BGP poisoning going on.

Name Game See Profile pointed out that all the GoDaddy nameservers are in the same AS and Noah Vail See Profile correctly replied that BGP poisoning (or any other kind of BGP problem) could be responsible for making all of them unreachable at the same time.
For those that don't know it, BGP stands for Border Gateway Protocol and is used in peering routers. Unlike LAN routers who tend to make routing decisions primarily on target IP address alone, border routers tend to use AS numbers in their routing policies with each AS (autonomous system) representing one or more IP address blocks. While this grouping of IP address blocks greatly reduces the number of policy rules and makes the router more efficient it also has the potential to spread the effect of a single incorrect entry to many separate IP blocks (in this case all locations of GoDaddy's nameservers).

This lends credibility to GoDaddy's statement that a corrupt routing table was responsible for the outage.
jst3751
Premium Member
join:2004-07-08
Rowland Heights, CA

jst3751

Premium Member

The fact that this was an internal problem (if it was) actually gives GoDaddy a bigger black eye than if they were hacked.

bitemeboy
join:2005-04-06
Otego, NY

bitemeboy

Member

Well, they apologized to me and, ARE YOU READY, gave me a one month's extension on my account. So there

jimkyle
Btrieve Guy
Premium Member
join:2002-10-20
Oklahoma City, OK

jimkyle

Premium Member

I got that email also, but my filters didn't let their button make it through. Are you certain that it was legitimate? I suspected (and still do) that it could well be a phishing attempt, since I never click links received in unsolicited email...

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to leibold

Premium Member

to leibold

I do not know enough on networks, so generally speaking this could be a hardware/software related issue? The person publicizing himself or herself saying they will have to do it again to force GoDaddy's hand to tell the truth maybe just an internal employee looking for a minute of fame?

I guess we will only find out if facts are presented, but to save face as a business, GoDaddy may never want the factual truth published.

leibold
MVM
join:2002-07-09
Sunnyvale, CA
Netgear CG3000DCR
ZyXEL P-663HN-51

leibold

MVM

said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

1 recommendation

AVD

Premium Member

said by leibold:

said by norwegian:

I do not know enough on networks, so generally speaking this could be a hardware/software related issue?

Assuming that the cause was a bad routing table a partial list of possible reasons includes:

- a bad memory module in the router (hardware)
- a software bug in the router software
- a software bug in GoDaddy's network management software (pushing a bad policy update to one or more routers)
- a GoDaddy employee making a typo and changing the wrong routing policy (or wrong change to the right policy)
- a disgruntled GoDaddy employee intentional making a harmful change to the routing policies
- an outside attacker gaining controlling access to either the router directly or to GoDaddy's network management system

A lot of possibilities and very difficult for an outsider to prove one or the other.

either 3 or 4/5
4 and 5 are one in the same except a hacker would need to penetrate GoDaddy security while a malicious employee would have access already.

It is not impossible that is was unintentional, but where is the drama in bad QC these days?