LinkedIn Outage Caused by DDoS

Monday, June 24, 2013 @ 06:06 PM gHale


The lack of service suffered by LinkedIn last week was the result of an issue with DNS servers as cyber criminals were not directly responsible for the downtime, they indirectly played a part.

Cisco researchers monitored the events and they found a number of organizations with domain names registered with Network Solutions had problems similar to LinkedIn.

RELATED STORIES
Self-Propagating Trojan Lives On
BIND 9 DoS Hole Patched
P2P Botnets Keep Growing
Global Cybercrime Botnet Breached

“Their DNS nameservers were replaced with nameservers at ztomy.com. The nameservers at ztomy.com were configured to reply to DNS requests for the affected domains with IP addresses in the range 204.11.56.0/24,” said Cisco’s Jaeson Schultz.

“Cisco observed a large number of requests directed at these confluence-network IP addresses. Nearly 5000 domains may have been affected based on passive DNS data for those IPs.”

Network Solutions officials said they were the victim of a distributed denial-of-service (DDoS) attack.

“In the process of resolving a Distributed Denial of Service incident on Wednesday night, the websites of a small number of Network Solutions customers were inadvertently affected for up to several hours,” Network Solutions said.

They reassure customers that no data suffered compromise as a result of the incident.

The issues experienced by LinkedIn and others are the result of both malicious activity and misconfiguration.

“Interestingly, several of these domains were setup under different nameservers at ztomy.com. For example, the domain usps.com was pointed to the DNS nameservers ns1621.ztomy.com and ns2621.ztomy.com. Yelp had their nameservers changed to ns1620.ztomy.com and ns2620.ztomy.com,” Schultz noted.

“Fidelity, meanwhile, was pointed at ns1622.ztomy.com and ns2622.ztomy.com. However, the fact that so many domains were displaced in such a highly visible way supports Network Solutions’ claim that this was indeed a configuration error.”



Leave a Reply

You must be logged in to post a comment.