Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[kitz]

Ive been attempting to get to paypal to pay a bill, but their website wouldnt load as server not found for the past few hours.
Then I noticed various other large US based sites were also unobtainable. ie twitter

downforeveryoneorjustme was exceedingly slow to load for some reason.   But when it eventually did load it said "paypal.com' is up.
Yet isitdownrightnow says 'paypal is down for everyone'.

Tracerts showed what looks like could be a dns issue.

Code: [Select]

C:\WINDOWS\system32>tracert www.paypal.com
Unable to resolve target system name www.paypal.com.

C:\WINDOWS\system32>tracert twitter.com
Unable to resolve target system name twitter.com.
Changed my dns settings from google to OpenDNS [208.67.220.220/2-8.67.222.222] and the internet sprang back to life.

[jelv]

I've seen something that suggests there is a big DDOS going on.

[jelv]

Just found this: http://www.bbc.co.uk/news/technology-37728015

PayPal is specifically mentioned.

[kitz]

Thanks.   Wonder if they are also attacking googles DNS servers.   
Its strange that I couldnt reach many sites when using google's DNS servers, but now Im using OpenDNS everything seems ok.

[NEXUS2345]

Yeah, a managed DNS provider called Dyn have been experiencing a DDoS attack, which is grinding many websites to a halt. Twitter, Github, PayPal, Ebay, and many others.

http://www.theregister.co.uk/2016/10/21/dns_dyn_ddos/

https://www.dynstatus.com/

OpenDNS might simply have not cleared their cache yet, or may be sourcing it from a different DNS zone.

There is mention of an escalated attack, but not sure what they meant by this. Could be that they are targeting multiple DNS providers, although Google would be very difficult a target to take down with just a DDoS.

[Bowdon]

I noticed the story in the newspaper this morning and it wasn't effecting UK people. But now it is. PSN is down too. Paypal is listed as well.

I'm getting DNS error and I moved away from Google DNS a few days ago. So its not only Google's DNS.

Hopefully things settle soon.

[Bowdon]

http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835

Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.

Update 12:28 PM EST: Dyn says it is investigating yet another attack, causing the same massive outages experienced this morning. Based on emails from Gizmodo readers, this new wave of attacks seems to be affecting the West Coast of the United States and Europe. It’s so far unclear how the two attacks are related, but the outages are very similar.

[kitz]

Just seen this which may in part explain why OpenDNS is working?

Out of curiosity, why do caching DNS resolvers, such as the DNS resolver I run on my home network, not provide an option to retain last-known-good resolutions beyond the authority-provided time to live? In such a configuration, after the TTL expiration, the resolver would attempt to refresh from the authority/upstream provider, but if that attempt fails, the response would be a more graceful failure of returning a last-known-good resolution (perhaps with a flag).

>>  OpenDNS does this: It's called SmartCache.

>>> Anyone know if Google Public DNS does?

>>>> It doesn't (first result is openDNS, second is google):

[jid]

Yep OpenDNS do some local caching their end, I realised what was going on when I saw the news article on BBC and added secondary DNS as OpenDNS and thats resolving the addresses - Google's DNS is still failing.

[Starman]

Yeah that would explain issues this evening so I added OpenDNS has my secondary server so at least one provider should remain online.

[NEXUS2345]

This is an analysis from Brian Krebs, whose site along with OVH were subject to the largest DDoS attacks ever seen (620Gbps and 1.2Tbps respectively).

https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

[kitz]

Article in elreg - link

After two hours into the initial tidal wave of junk traffic, Dyn announced it had mitigated the assault and service was returning to normal. But the relief was short lived: just about an hour later, the attack resumed

/snip/

OpenDNS is about the only major public DNS provider weathering the storm – if you're having problems connecting to websites, you should use OpenDNS's resolvers at 208.67.222.222 and 208.67.220.220. OpenDNS uses smart caching during outages to keep looking up hostnames even if the websites' backend DNS is flooded off the 'net.

I hadn't seen other articles, I'd tried to pay for something quickly by paypal, but then had to go out, so didnt really have time to look.   When I got back it was then I realised it was also affecting some other websites too, and from a tracert it looked like it could be DNS.   I just happened to pick OpenDNS because it was the other public DNS that I knew off the top of my head. 

Good way to take out the internet - knock out all the major DNS servers
In the meantime speculation begins as to who the culprit is and their motive.

[Chrysalis]

These companies have made themselves extra vulnerable by the fact they all have very low TTL A records, so dns lookups wont be cached for long.

[NEXUS2345]

These companies have made themselves extra vulnerable by the fact they all have very low TTL A records, so dns lookups wont be cached for long.

While this could be seen as a vulnerability, it is also an advantage, because as GitHub have done, it aids in the transition to a new provider in lieu of their current provider being attacked.

In terms of this attack, the fallout initially will last a few days I feel, but we will probably see in the long term a lot of companies moving to in house DNS, or moving to providers that actually use DDoS protection in front of their servers that are capable of defeating such large attacks.

[Dray]

Are you aware that Dyn DNS are currently suffering a Ddos attack?
https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/