After several hours of disruption, public cloud hosting provider Rackspace recovered from a Distributed Denial of Service attack which began flooding its DNS servers early this week at its Northern Virginia, Chicago, and London data centers.
According to company updates, Rackspace backbone engineers discovered the DDoS attack at approximately 12:54 a.m. EST on Monday, December 22. DNS requests made to DNS servers at the three locations would not resolve. Rackspace began implementing additional mitigation services on the impacted DNS infrastructure, and this may have inadvertently blocked some legitimate traffic.
Rackspace reported that its engineers had restored the DNS service around 12 hours later. The majority of the inbound DDoS attack had been blocked, but there was an added complication given. A fraction of DNS servers were sending both legitimate and DDoS traffic to Rackspace, and had been blacklisted. After further work and mitigation profile tweaking, engineers resolved the last remaining issues by 1:15 p.m. Monday.
Customers still experiencing problems are advised to contact Rackspace support.
Rackspace is undergoing a Root Cause Analysis, which is its routine procedure to discover additional details around serious incidents.
Earlier this month, 1&1, one of the world’s largest web hosts, experienced a DDoS attack on its DNS infrastructure which caused significant downtime.
The size of DDoS attacks has risen dramatically in the past few years. According to Akamai’s State of the Internet Report: Security, DDoS attacks had increased 80 percent in average peak bandwidth in Q3 2014 compared to the previous quarter. In Q3, Akamai tracked 17 attacks which peaked above 100 Gbps including one reaching 321 Gbps.
These incidents of attacks continue to make DDoS mitigation a major issue for web hosts and enterprises, and a major area of innovation given the uptime that could be at stake.