Rackspace Recovers From Major DNS DDoS

Use Netsparker


So Rackspace has just recovered from a major DNS DDoS attack which rendered some domains inaccessible for over 11 hours. It seems to have been a fairly frequent occurrence lately with Namecheap also undergoing several attacks against its DNS infrastructure.

I got affected again recently on December 18th when they were hit with a massive attack: DDoS Attack against Default DNS System V2

Rackspace DNS DDoS

This wasn’t the only attack with a large portion of the Internt being effected back in February when Namecheap DNS system underwent a heavy and sustained DDoS attack: Namecheap Is In The Middle Of A DDoS Attack.

Rackspace says it has recovered from a nasty distributed denial of service attack that it says may have seen “a portion of legitimate traffic to our DNS infrastructure … inadvertently blocked.”

The trouble started just before lunchtime on Monday, US central time, and persisted until 11 hours later.

Over on the company’s Google+ page Rackspace warned of “intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com.”

The company’s status report later confirmed it had “… identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers [North Virigina, Chicago and London]. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services.


Several other services have been hit with heavy, sustained DDoS attacks for no apparent reason including SaaS services like Dropbox which got taken offline.

In this instance (as usual) there doesn’t seem to be any reason so far, perhaps extortion? Gaming services are frequent targets with Steam, Xbox Live and PSN all having been taken offline previously by DDoS attacks.

This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.”

Rackspace is now confident things are back in order, as it has blacklisted DNS servers that were “sending both legitimate and DDoS traffic to Rackspace”. Users may not be entirely out of the woods, as its most recent update says “If you continue to experience adverse impact, please reach out to your support teams and provide trace route information for further investigations.”

A full root cause analysis of the incident is under way.

It can be really serious too, earlier this year Code Spaces was put out of business by a sustained DDoS attack which turned into an intrusion, extortion and eventual deletion of their entire business.

It’ll be interesting to see if any reason comes out for this Rackspace attack, but with the power of botnets now – it might just be for no reason at all.

A recent survey has shown that DNS attacks are putting organizations at risk – so yah, serious business.

Source: The Register

Posted in: Networking Hacking

,


Latest Posts:


airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.


Comments are closed.