Rackspace Recovers From Major DNS DDoS


So Rackspace has just recovered from a major DNS DDoS attack which rendered some domains inaccessible for over 11 hours. It seems to have been a fairly frequent occurrence lately with Namecheap also undergoing several attacks against its DNS infrastructure.

I got affected again recently on December 18th when they were hit with a massive attack: DDoS Attack against Default DNS System V2

Rackspace DNS DDoS

This wasn’t the only attack with a large portion of the Internt being effected back in February when Namecheap DNS system underwent a heavy and sustained DDoS attack: Namecheap Is In The Middle Of A DDoS Attack.

Rackspace says it has recovered from a nasty distributed denial of service attack that it says may have seen “a portion of legitimate traffic to our DNS infrastructure … inadvertently blocked.”

The trouble started just before lunchtime on Monday, US central time, and persisted until 11 hours later.

Over on the company’s Google+ page Rackspace warned of “intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com.”

The company’s status report later confirmed it had “… identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers [North Virigina, Chicago and London]. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers. In order to stabilize the issue, our teams placed the impacted DNS infrastructure behind mitigation services.


Several other services have been hit with heavy, sustained DDoS attacks for no apparent reason including SaaS services like Dropbox which got taken offline.

In this instance (as usual) there doesn’t seem to be any reason so far, perhaps extortion? Gaming services are frequent targets with Steam, Xbox Live and PSN all having been taken offline previously by DDoS attacks.

This service is designed to protect our infrastructure, however, due to the nature of the event, a portion of legitimate traffic to our DNS infrastructure may be inadvertently blocked. Our teams are actively working to mitigate the attack and provide service stability.”

Rackspace is now confident things are back in order, as it has blacklisted DNS servers that were “sending both legitimate and DDoS traffic to Rackspace”. Users may not be entirely out of the woods, as its most recent update says “If you continue to experience adverse impact, please reach out to your support teams and provide trace route information for further investigations.”

A full root cause analysis of the incident is under way.

It can be really serious too, earlier this year Code Spaces was put out of business by a sustained DDoS attack which turned into an intrusion, extortion and eventual deletion of their entire business.

It’ll be interesting to see if any reason comes out for this Rackspace attack, but with the power of botnets now – it might just be for no reason at all.

A recent survey has shown that DNS attacks are putting organizations at risk – so yah, serious business.

Source: The Register

Posted in: Networking Hacking Tools

,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


Comments are closed.