Major US DNS provider hit with DDoS, part of the Internet becomes unreachable

US-based DNS provider Dyn has suffered a massive DDoS attack earlier today, and it resulted in many websites being completely or intermittently inaccessible for a few hours.

According to status reports published by the company, the target of the attack was the company’s Managed DNS infrastructure, and impacted Managed DNS customers located on the East Coast of the US.

Among the websites that experienced issues as a result of the attack are Reddit, GitHub, Spotify, Twitter, Imgur, PayPal, Wired, Etsy, Amazon, Yelp and many others.

Brian Krebs speculates that the attack might be a reaction to DYN researcher Doug Madory presenting a talk on DDoS attacks a few hours before the attack.

Another theory is that the attack is part of the DDoS probing that, according to security expert Bruce Schneier, has been going on for a while.

The targets are major companies that provide the basic infrastructure for the functioning of the Internet, and the goal of these attacks seems to test their resilience. Schneier believes that a large nation state might be behind them.

“The internet continues to rely on protocols and infrastructure designed before cyber security was an issue. DDoS, especially with the rise of insecure IOT devices, will continue to plague our organizations,” Ben Johnson, ex-NSA hacker and co-founder/chief security strategist for Carbon Black, commented for Help Net Security.

“Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done.”

Dyn moved to mitigate and resolve the attack immediately, and after a little over two hours of increased DNS query latency and delayed zone propagation, its services went back to normal around 13:20 UTC (15:20 CEST).

Then, two hours and a half later (15:52 UTC), the company said that they have resumed their mitigation efforts as they are still under attack.