Since Friday a lot of websites have either been slow or unreachable. This is because of a DDoS attack on Dyn (A DNS provider)
What is DNS?
All websites have atleast 1 IP address. If you wanted to go to eBay.com (without DNS) you’d need to remember the IP address of the site, along with all your favorite sites. Basically like remembering each phone number in your phones address book. The DNS server is exactly that, a phone book that looks up ebay.com and translates it into an IP. The IP is sent back to your computer and your website is then downloaded.
What is a DDoS attack?
A Distributed Denial of Service attack is when lots of coordinated nodes, bots, machines will attack a certain IP (or range of IPs) they do this by flooding the service with requests for information normally. They are bogus requests but enough of them from enough “attackers” will be enough to bring a service to its knees and slow the internet for the rest of us, or effectively take the site down as our DNS requests wont work.
As the attacks can come from anywhere on the internet it can be difficult to manage the attacks or mitigate the attacks as there are so many of them.
I’ve put attackers in quotes a the attackers could be computers of devices that don’t even know about being an attacker, they probably are not actual people.
Now that we’ve covered the basics quickly, So what has been happening?
Dyn, a DNS provider have been attacked by a massive DDoS attack perpertrated by a botnet and this has been suspected to be coming from IoT (Internet of Things) devices, such as CCTV cameras that connect to the internet.
Normally it’s a DDoS attack against a certain company, for various reasons, ie a specific website. This is against a service and gives a good example that DNS is not secure and is more vulnerable to attack than most think.
A good quote I have seen is:
Richard Meeus, VP of technology at NSFOCUS, which specializes in handling DDoS attacks noted: “DNS has often been neglected in terms of its security and availability from an enterprise perspective – it is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on.
Are you having problems?
…connecting to websites, you should use OpenDNS’s resolvers at 208.67.222.222 and 208.67.220.220