Sign in to follow this  
supercaffeinated

Denial of service attacks today

Recommended Posts

It's the nameservers, for the most part.

DNS servers (and upstream servers) for a lot of sites are getting hammered.. can't resolve the name so it looks like the sites are down. Same thing is causing my dyndns to not resolve which is why drivebench access is hosed right now.

For a while almost half the root nameservers were getting flooded so bad that they were useless.

Share this post


Link to post
Share on other sites
http://www.cnn.com/2003/TECH/internet/01/2...tack/index.html

I noticed that the following sites are hosed:

http://www.pricewatch.com

http://www.anandtech.com

http://www.dallasmemory.com

SR is okay though :)  Anyone else notice any other sites down?

yeah, one mof my favourite sites is down:

www.howardforums.com

and you currently can't do online banking at www.royalbank.com too because of this.

:(

I wonder what would happen if all of the internet came to a stand still.... 8O

Share this post


Link to post
Share on other sites

Yes, I noticed problems with Anandtech - indeed, Zone Alarm tells me I got probed from there when I attempted my morning surf to it. - Forums are down "for maintenance" as well.

Share this post


Link to post
Share on other sites

UUnet to blame?! It can't be!@$

Oh wait.. UUnet blows.. so I can believe it. If you clickthrough all the way, it seems that their Dallas NAP is the monkey in the wrench for the rest of the internet, causing things to sucketh greatly.

I'm not suprised though.. UUnet has always been a clueless group of pseudoadmins. ;)

Share this post


Link to post
Share on other sites

Storagereview was unreachable for me last night, as was www.storageforums.net. I thought it was a DNS problem because I couldn't even resolve the addresses from my computer or any of the other computers that I have shell accounts on (which use different name servers). When I woke up the is morning, I heard the news on NPR (public radio).

Share this post


Link to post
Share on other sites
Guest russofris

Ahhh, it's a SQL worm....

That explains all the recent hits I gotten on 1434... I was wondering about that.

Thank you for your time,

Frank Russo

Share this post


Link to post
Share on other sites

It's not just a MSSQL worm.. it's an MSSQL worm that's had a patch out for the past six months or so.. all this mayhem was caused entirely by lazy admins who haven't patched their SQL installations in at least that long, could be even longer.

Share this post


Link to post
Share on other sites
UUnet to blame?!  It can't be!@$

Oh wait.. UUnet blows.. so I can believe it.  If you clickthrough all the way, it seems that their Dallas NAP is the monkey in the wrench for the rest of the internet, causing things to sucketh greatly.

I'm not suprised though.. UUnet has always been a clueless group of pseudoadmins. ;)

I know quite a few talented people who work at UUNet and they consistently get frustrated, because they are always being held back from doing 'good' things by middle and upper mangers who stifle their efforts, because they don't understand.

That's why I left! :mrgreen:

Share this post


Link to post
Share on other sites
UUnet to blame?!  It can't be!@$

Oh wait.. UUnet blows.. so I can believe it.  If you clickthrough all the way, it seems that their Dallas NAP is the monkey in the wrench for the rest of the internet, causing things to sucketh greatly.

I'm not suprised though.. UUnet has always been a clueless group of pseudoadmins. ;)

I know quite a few talented people who work at UUNet and they consistently get frustrated, because they are always being held back from doing 'good' things by middle and upper mangers who stifle their efforts, because they don't understand.

That's why I left! :mrgreen:

I'll forgive you just this once.. you surely weren't to blame for the outages we've all suffered. I have only one philosophical question : Is it more frustrating to be a uunet network engineer, or a uunet customer? :twisted:

Share this post


Link to post
Share on other sites
This is wild.  Pricewatch is still down.  This has been going on for at least the last 12 hours now.  Wow.

My traceroute goes through Time Warner to get to pricewatch.. it dies @ hop 18 : arc-02-at-0-10-0.snan.twtelecom.net

twtelecom is time warner.. what about yours?

Share this post


Link to post
Share on other sites

www.wdc.com is unreachable, too, because of DNS trouble...

My traceroute goes through Time Warner to get to pricewatch.. it dies @ hop 18 : arc-02-at-0-10-0.snan.twtelecom.net

Same here...

Share this post


Link to post
Share on other sites

Because the worm is searching for new MSSQL boxes so rapidly that it is packet flooding the internet, and overloading the DNS servers...similar to what Code Red did.

Future Shock

Share this post


Link to post
Share on other sites

From what I know, the worm does not explicitly target DNS, nor does it resolve IP addresses. It just generates them randomly and sends its infectious packet. So my guess is that the DNS system itself is probably fine, but the route to the main DNS servers is becoming increasingly clogged...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this