A wave of DDoS attacks seems to be knocking out popular websites like Netflix, Twitter, and Spotify. Currently Twitter is choppy at best for us here at Techaeris and Netflix is not rendering all of its content on our end. Popular tech websites like The Verge also seem to be suffering, we only get a DNS error when attempting to visit their site. The attacks seem to be centered and targeted on the east coast of the United States so it makes sense sites like The Verge are affected.
It was unclear Friday if the attacks are focused on Dyn specifically or companies that it provides services to, said Carl Herberger, vice president of security at security company Radware. The attack is “consistent with record-setting sized cyberattacks seen in the last few weeks,” he said. He noted that easy-to-use computer code that allows even amateurs to create to create robot networks, so-called ‘bot nets’, to attack websites was released by hackers earlier this month.
It’s not clear if we know for certain where or who the attacks are coming from but USA Today explains how the attack is being implemented and we quote that below just in case you can’t reach their website. We haven’t experienced any problems with our website loading but we have noticed ads are loading slower which could be part of this attack.
Dyn provides DNS service, effectively an Internet address book for companies and that’s what’s being attacked said Steve Grobman, chief technology officer for Intel Security. DNS stands for Domain Name Servers. These are computers that contain databases of URLs and the Internet Protocol addresses they represent. “If you go to a site, say www.yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” said Grobman. For example, the IP address for yahoo.com is 184.108.40.206.
The attack is on the Dyn server that contains that address book. Dyn provides that service to multiple Internet companies, so when someone types in twitter.com or tumblr.com or Spotify.com, via a complex series of jumps the address book is able to tell their browser which numerical IP address to look at. The DDoS attack floods that server with illegitimate requests, so many that very few real requests can get through. The user gets a message that the server is not available. Service is intermittent because a few requests are sometimes still able to go through. In addition, many sites keep cached address books their computers can refer to. However those caches always have a time limit on them and when that “time to live” expires, they must go back to the DNS server to confirm the IP address is valid. If the DNS server is unavailable, a site that was working could suddenly stop being available, said Grobman.
We will keep following the story and report back what we can. Have you seen issues on your end? Let us know in the comments below or on Twitter (if you can use it), Facebook and Google+.Source: USA Today