DDoS attack on DNS provider Dyn was performed with Mirai botnet




The person behind the DDoS attack Friday on DNS provider Dyn used the Mirai botnet consisting of many different iot devices. A similar network was also recently used to explain to security journalist Brian Krebs Website flat.

Both security firm Flashpoint as Dale Drew, head of security ISP Level 3, saying the attack to have seen Friday characteristics indicating that it is a Mirai botnet. Flash Point says that there are in the bot, inter alia, digital video recorders that are known to be susceptible to addiction to the Mirai network. Dale Drew speaks opposite Network World that there are about 50,000 to 100,000 by Mirai infected iot devices were involved in the attack. That would be 20 percent of the entire Mirai network, which comprises 500,000 units, according to him. In addition, other botnets were used, but there is no further information available.

The attack would have consist mainly of TCP SYN floods , requests from clients to perform a handshake with a server. Addition, it would also have found a large amount of subdomain attacks place, wherein bots not only navigate to a domain managed by Dyn, but also a still obscure, non-existent subdomain reverse directions. The DNS servers should examine whether the subdomain exists or not, what additional computing power requires at connecting to a normal request.

Dyn logo The first attack, which lasted about two hours long, was aimed at Dyn data centers in Chicago, Washington DC and New York. Hence users on the East Coast of the United States were faced with here; DNS lookups go to Dyn always using the nearest server. The second attack was one that was undoubtedly planned in detail as it Dyn 20 data centers worldwide hit simultaneously in order to reach a much larger group of users. Of that last attack were users here also last in Western Europe.

According to Nick Kephart, failure analyst at network company Thousand Eyes, have various Internet backbone providers such as Level 3, at a given moment chosen to break temporarily off their connection to Dyn in order to prevent that there are also outside Dyn and the associated websites would create congestion. He says that even at Network World.

The Mirai botnet was more recently deployed to the site security researcher Brian Krebs from the air pick . Shortly thereafter took a person named “Anna-senpai ‘the source code for the botnet online for anyone to use. The malware used it, focuses on non or weakly secured iot devices like IP cameras and digital video recorders. Mirai is also used in a DDoS attack on the French internet service provider OVH. The DDoS the site Krebs went with 600Gbit / s and at OVH with 1Tbit / s. It is unclear how much bandwidth was used during the attack on Dyn.

At the moment it seems that the attacks have stopped, so writes also Dyn itself. Sites as Reddit, Soundcloud, Spotify, The New York Times, GitHub, Twitter and Airbnb are simply accessible at the time of writing, from the Netherlands.


In: A Technology & Gadgets Asked By: [22637 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »