Rackspace Recovers From Major DNS DDoS

Keep on Guard!


So Rackspace has just recovered from a major DNS DDoS attack which rendered some domains inaccessible for over 11 hours. It seems to have been a fairly frequent occurrence lately with Namecheap also undergoing several attacks against its DNS infrastructure.

I got affected again recently on December 18th when they were hit with a massive attack: DDoS Attack against Default DNS System V2

Rackspace DNS DDoS

This wasn’t the only attack with a large portion of the Internt being effected back in February when Namecheap DNS system underwent a heavy and sustained DDoS attack: Namecheap Is In The Middle Of A DDoS Attack.

Rackspace says it has recovered from a nasty distributed denial of service attack that it says may have seen “a portion of legitimate traffic to our DNS infrastructure … inadvertently blocked.”

The trouble started just before lunchtime on Monday, US central time, and persisted until 11 hours later.

Over on the company’s Google+ page Rackspace warned of “intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com.”

The company’s status report later confirmed it had “… identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers [North Virigina, Chicago and London]. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services.


Several other services have been hit with heavy, sustained DDoS attacks for no apparent reason including SaaS services like Dropbox which got taken offline.

In this instance (as usual) there doesn’t seem to be any reason so far, perhaps extortion? Gaming services are frequent targets with Steam, Xbox Live and PSN all having been taken offline previously by DDoS attacks.

This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.”

Rackspace is now confident things are back in order, as it has blacklisted DNS servers that were “sending both legitimate and DDoS traffic to Rackspace”. Users may not be entirely out of the woods, as its most recent update says “If you continue to experience adverse impact, please reach out to your support teams and provide trace route information for further investigations.”

A full root cause analysis of the incident is under way.

It can be really serious too, earlier this year Code Spaces was put out of business by a sustained DDoS attack which turned into an intrusion, extortion and eventual deletion of their entire business.

It’ll be interesting to see if any reason comes out for this Rackspace attack, but with the power of botnets now – it might just be for no reason at all.

A recent survey has shown that DNS attacks are putting organizations at risk – so yah, serious business.

Source: The Register

Learn about Networking Hacking



Posted in: Networking Hacking

,

Latest Posts:


CCleaner Hack - Spreading Malware To Specific Tech Companies CCleaner Hack – Spreading Malware To Specific Tech Companies
The CCleaner Hack is blowing up, initially estimated to be huge, it's hit at least 700k computers & is specifically targeting 20 top tech organisations.
AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.


Comments are closed.