Web Mafia Hits Everydns Trough DDOS

Security Incidents : Web Mafia Hits Everydns Trough DDOS

Posted by Max on 2006/12/4 8:16:05 (942 reads)

EveryDNS, a company that offers free domain name administration services, has been hit by a massive DDoS (distributed denial-of-service attack) that caused damage to thousands of sites, including OpenDNS (another startup that runs the PhishTank anti-phishing initiative).

The 400mbps botnet attack did not affect the core recursive DNS resolution service offered by OpenDNS but the company's home page and business blog were crippled for about 90 minutes on Dec. 1.

At 10:00 a.m. EST on Dec. 2, EveryDNS said the continuous attack continues. "[It] is currently being mitigated and service is restored. All services are under close watch by a team of network administrators around the world," according to a note on the home page.

The last time the Web mafia (spammers and phishers using botnets) decided to go after a security service, Blue Security was forced to fold and collateral damage extended to several businesses, including Six Apart.

The attack happened sometime Friday afternoon and, from all indications, was targeting Web sites that used the free DNS management services. "We were collateral damage," Ulevitch explained. "They were going after the DNS provider of these sites and we took the impact of it."

At the height of the DDoS bombardment, EveryDNS was being hit with more than 400mbps of traffic at each of its four locations.

Because law enforcement is involved, Ulevitch was cautious to release details of the actual target but there are signs that some of the targets were "nefarious domains" that have since been terminated.

The attack continues but it's been largely controlled through high-level traffic filtering and some ingenious tricks at the DNS level.

"The bigger problem is that the network providers are hesitant to do any real filtering. They just prefer to block the traffic to stop the attack but that's exactly what the attackers want. They want to knock you offline and the network providers take the easy way out and the attackers accomplish their goal," Ulevitch declared.

Although EveryDNS has been hit by DDoS attacks in the past, he said this was the first "major outage" in five years.

Ulevitch said PhishTank, which uses its own DNS, was not affected. "I've always been concerned about PhishTank being a big target [for these kinds of attacks] but, in this case, we took a hit because someone else was the target."

"We've figured out who these targets were and we've terminated a bunch of domains. We don't want to be the free DNS providers for criminal on the Internet," he added.

Previous article - Next article

Other articles
2008/9/3 17:16:33 - New Spam Terrier 2.0! Free, easy-to-use spam protection
2008/9/3 17:06:53 - New Kaspersky Internet Security 2009 Release
2008/9/3 16:57:16 - New Proactive Security-ware XenCare SoftLock 2.0
2008/9/1 17:00:07 - Sex, Drugs and Software Boost Spam Succes Rate
2008/9/1 16:51:15 - New Digipass Go 7 Strong User Authentication From VASCO

The comments are owned by the poster. We aren't responsible for their content.