Rolling outages and intermittent connectivity problems hit the Internet today, thanks to a massive DDoS (Distributed Denial of Service) attack launched at DNS provider Dyn. A DDoS attack can knock out a single website or service provider by overloading their servers with garbage data and overwhelming their ability to process new connections. Affected sites include GitHub, LinkedIn, Reddit, Spotify, and Twitter. Only Facebook, which appears to have been unaffected, has kept American productivity from skyrocketing today. A wider range of sites are still accessible, but running slowly.
Attacking a DNS (Domain Name System) provider is a good way to knock out large swaths of the Internet. A website’s DNS address functions much like your home address. Just as your home address contains specific information to help the Post Office zero in and deliver mail to your exact location, the DNS system ensures that web traffic is routed to the appropriate location using user-friendly domain names rather than long strings of IP addresses (this is basically why you don’t need to remember the exact IP addresses of the various sites you use). The DNS system does other things — one important service it provides is translating your IP address and connecting you with a proximal server near you, which helps ensure that not all traffic has to be routed through a single point of failure. But for our purposes, the phone book analogy holds up reasonably well.
The massive DDoS launched against Dyn basically blocks the ability of other sites to read the phone book, as it were. As a result, service to the Internet has been spotty, particularly on the East Coast, as seen below (image from Down Detector, via Daily Dot).
Image by Down Detector
We’ve seen a troubling new trend in DDoS attacks recently, thanks to the widespread use of malware inside IoT (Internet of Things) devices. The additional bandwidth these products provides has allowed black hats to drastically step up the size of their attacks. Security researcher Brian Krebs was taken offline several weeks ago by one such flood of traffic, and the attacks against Dyn today may have been perpetrated by the same group of people. In that case, attackers leveraged roughly 1.2 million devices against Krebs and may be doing so again, this time against the larger Internet. Dyn has been struggling to restore service, but the attacks have come in two waves, one early this AM and one that began about 12:10 PM.
“Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure,” Dyn confirmed in a statement to Gizmodo. “Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”
There’s no word on when the problem is expected to resolve, and investigation into who was behind the attacks could take several days. Depending on where you are, the Internet may or may not be working flawlessly — I’ve had problems reaching sites today that others on-staff can access with no problem.