Three separate domain name management and DNS hosting providers have reported DDoS attacks over the past few days, and according to several reports, it is possible that the attacks are related.
EasyDNS, DNSimple and TPP Wholesale all experienced temporary DNS service outages at the beginning of the week, according to a report by InfoWorld on Tuesday. Some of the attacks have been ongoing for days.
TPP Wholesale, a subsidiary of Australian web host Netregistry, told its customers on Monday that eight of its DNS servers had unscheduled service interruption. The team was able to mitigate the DDoS attacks through rate-limiting DNS queries.
The drastic filtering is vulnerable to false positives which can result in some customers being denied DNS service, according to the report.
Based in Toronto, EasyDNS continues to mitigate and investigate the ongoing DDoS attacks.
“This DDoS attack is different from our previous ones in that it looks as if the target is us, easyDNS, not one of our clients,” Mark Jeftovic, EasyDNS CEO said in a blog post on Monday. “It is proving difficult to isolate the real traffic from the DDoS traffic, we are having some success now and are working on routing more DNS traffic through those nodes that are successfully mitigating.”
Florida-based DNSimple was also attacked on Monday, but according to Anthony Eden, DNSimple’s founder, the company was able to mitigate the ongoing attack.
According to InfoWorld, attackers used a technique referred to as DNS reflection or DNS amplification, a technique that was used in the attack against Spamhaus in March.
Based on the fact that the patterns of the attacks seem to be similar, Eden tells InfoWorld that it has been communicating with TPP Wholesale and EasyDNS to find other similarities between the attacks.
DNSimple says its authoritative name servers were used to boost a DDoS attack directed at Sharktech, a hosting company. Sharktech confirmed the DNS amplification attack against its own customers, and said the attack was larger than 40Gbps.
What do you think about the DNS service outages? Do you believe the DDoS attacks to be related to one another? Let us know in a comment.