As internet users on the East Coast of the United States woke up Friday morning to access the internet, many were impacted by a massive distributed denial-of-service (DDoS) attack that slowed access to popular services including Twitter, Reddit, Spotify, GitHub and Soundcloud, among others.
The attack appears to have been a multipronged effort focused against Domain Name System (DNS) services from provider DynDNS and on Amazon Web Services (AWS).
“Starting at 11:10 UTC (7:10 ET) on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure,” the DynDNS status page reports. “Some customers may experience increased DNS query latency and delayed zone propagation during this time.”
For its part, Amazon first began reporting that it was experiencing DNS resolution errors at 7:31 a.m. EDT, specifically in the US-EAST-1 Region, which is Amazon’s data center in Virginia. Amazon reported that as of 9:10 a.m. EDT it had resolved the issue.
“We experienced errors resolving the DNS hostnames used to access some AWS services in the US-EAST-1 Region,” the AWS Service Health Dashboard states. “During the issue, customers may have experienced failures indicating ‘hostname unknown’ or ‘unknown host exception’ when attempting to resolve the hostnames for AWS services and EC2 instances.”
DynDNS reported that its services were restored to normal as of 13:20 UTC/ 9:20 a.m. EDT.
DNS is a core foundational element of the internet, connecting IP addresses to domain names. Internet users and services rely on DNS services in order for the browsers and internet services to be able to connect to content.
It’s not yet clear who is behind the DNS attack or the size of the attack in terms of total bandwidth. While there are different types of DDoS attacks, volumetric—that is, attacks that attempt to overwhelm services with a massive volume of bandwidth—are typically the most common.
Among the common ways that attacks boost the volume of DDoS traffic is by way of a reflection or amplification attack. With a reflection or amplification attack, the DDoS abuses misconfigured services to boost the volume of DDoS traffic. Ironically, one of the common types of amplification attacks is a DNS reflection attack, though there is no evidence yet to imply that today’s attack was a reflection one.
DDoS attacks overall have been sharply rising in 2016. On Sept. 21, the largest DDoS ever publicly reported was disclosed, a nearly 1T-bps attack against internet service provider OVH. A day earlier, security blogger Brian Krebs was the victim of the second largest DDoS attack ever publicly reported, at 665G bps. Both the Krebs and OVH attacks were conducted by a DDoS botnet known as Mirai that comprises hundreds of thousands of compromised internet of things (IoT) devices.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.