DNSimple Suffers DDoS Attack

Tuesday, June 4, 2013 @ 04:06 PM gHale

DNSimple is under attack.

The hosted DNS service that allows users to easily manage their domains is suffering from a massive distributed denial-of-service (DDoS) attack.

New Trojan can Avoid Capture
Botnet Builds off Ruby on Rails Bug
Ruby on Rails Patches Holes
Botnet Comes Back with DGA Gusto

The first reports about a DDoS attack came from the company on May 31. Monday, DNSimple said it was experiencing a “significantly larger and sustained DDoS.”

Customers are starting to complain they can’t reach DNSimple’s website or their own sites.

“Our services are down, none of your DNS servers work nor your website,” one customer wrote.

The company is working on addressing the issues. It says name servers should be running, but ALIAS and URL forwarding ended up temporarily disabled while they deal with the attack.

DNSimple founder Anthony Eden said the DDoS attack is ongoing, but the company managed to mitigate it.

“Our authoritative name servers were used as an amplifier for an attack against a third-party network,” Eden said Tuesday. “The attacker essentially flooded us with ‘ANY’ queries for a variety of domains managed by our DNS service, with the intention of amplifying these small queries into significantly larger responses aimed at a specific network.”

This attack technique is a DNS reflection or DNS amplification. It involves sending queries with a spoofed source IP (Internet Protocol) address — usually the victim’s address — to DNS servers from a large number of computers in order to trigger long responses to go out from those servers to victim’s IP address within a short time window. If enough computers and DNS servers end up used, the resulting rogue DNS traffic will exhaust the victim’s available Internet bandwidth.

The DNS reflection technique has been around for a while, but its recent use to launch DDoS attacks of unprecedented scale, like the one in March that targeted a spam-fighting organization called Spamhaus, has likely brought it renewed interest from attackers.

The attack experienced by DNSimple on Monday was larger in volume and duration than other attacks that hit the company’s name servers in the past, Eden said.

Leave a Reply

You must be logged in to post a comment.