Major sites such as Twitter, Reddit and Spotify were disrupted today as the hosting provider Dyn was hit by a large-scale DDoS attack.
Starting at 11:10 AM UTC (12:10 PM BST), the DDoS hit the Dyn Managed DNS infrastructure.
Dyn began to monitor and mitigate the attack, saying in a statement that “some customers may experience increased DNS query latency and delayed zone propagation during this time.”
Dyn confirmed that services had been restored to normal as of 13:20 UTC (14:20 BST).
The attack mainly impacted customers in the US East region.
DDoS attacks have been prominent in the news recently. Security blogger Brian Kreb’s site KrebsOnSecurity was hit in one of the largest DDoS attacks of all time in September, peaking at 620 Gbps.
Dyn could potentially fit into a pattern of attacks on hosting providers.
OVH, a hosting provider and DDoS mitigation service, was also targeted in a DDoS attack in September, with the combined brunt of the attack apparently amounting to around 1.1 Tbps.
According to OVH’s founder, posting on Twitter, the combined brunt of the attack amounted to around 1.1 Tbps – dwarfing the Krebs attack mere days later. He later commented that over 150,000 CCTV cameras participated in the DDoS during the 48-hour period.
Bruce Schneier, CTO of Resilient, recently warned that several internet companies, unnamed, had been hit by DDoS attacks which had started at a certain point and then been steadily ramped up before stopping. The attack would later resume at a higher point and continue.
Schneier suggested that a major nation state was behind this activity and that it could be calibrating its tools for a potential cyber war.
Corero CTO Dave Larson commented on the attack, saying:
“DDoS attacks targeted specifically against Domain Name Service Providers can be especially damaging – not only for the intended victim – but from the perspective that there will also be significant collateral damage.
“A DDoS attack, regardless of the vector or technique utilised, against a DNS operator targeting a domain or group of domains can effectively shut down service to that domain, as well as any other domains serviced in a particular region.
“DNS providers are central to the operation of the Internet and must consider DDoS attacks as a critical availability issue and maintain automated mitigation techniques in order to protect their customers from this breed of attack.”