register.com ~50% packet loss
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR. Graham
On Fri, Nov 12, 2010 at 03:06:16PM +0000, Graham Freeman wrote:
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR.
Is there any actual evidence or confirmation that this is a DoS/DDoS? Packet loss isn't necessarily an indicator of such, no matter how many alternate paths or peers/routes you have available to you. It could be something as simple as "we have a core router that has gone haywire and 'Bob' hasn't come into the office yet"... Just sayin'. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
My only comment to failing DNS queries is that last night one of my customers who uses a remote site monitoring tools was getting alot of alerts that there website names weren't resolving. We have three geographic and network diverse Auth DNS servers, so at the time I couldn't explain it. But if register.com was having issues, especially with DNS, that could be a cause. -John On Nov 12, 2010, at 10:25 AM, Jeremy Chadwick wrote:
On Fri, Nov 12, 2010 at 03:06:16PM +0000, Graham Freeman wrote:
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR.
Is there any actual evidence or confirmation that this is a DoS/DDoS? Packet loss isn't necessarily an indicator of such, no matter how many alternate paths or peers/routes you have available to you. It could be something as simple as "we have a core router that has gone haywire and 'Bob' hasn't come into the office yet"...
Just sayin'.
-- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
I've confirmed that this was a DDoS attack. They have a 24x7 NOC and redundant networking systems, but of course redundant only goes so far. All 6 of their name servers are responding normally for me at the moment. I am assuming they have put counter-measures in place. (former rcom employee) Bill On Fri, Nov 12, 2010 at 10:25 AM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
On Fri, Nov 12, 2010 at 03:06:16PM +0000, Graham Freeman wrote:
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR.
Is there any actual evidence or confirmation that this is a DoS/DDoS? Packet loss isn't necessarily an indicator of such, no matter how many alternate paths or peers/routes you have available to you. It could be something as simple as "we have a core router that has gone haywire and 'Bob' hasn't come into the office yet"...
Just sayin'.
-- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
dns still seems down for www.satsig.net Called the register.com folks in usa and told they have reset their dns servers and are awaiting dns cache timeouts to resolve problems Any idea from anyone else most appreciated Colin On 12 Nov 2010, at 16:14, Bill Hazard wrote:
I've confirmed that this was a DDoS attack. They have a 24x7 NOC and redundant networking systems, but of course redundant only goes so far. All 6 of their name servers are responding normally for me at the moment. I am assuming they have put counter-measures in place. (former rcom employee) Bill
On Fri, Nov 12, 2010 at 10:25 AM, Jeremy Chadwick <outages@jdc.parodius.com> wrote:
On Fri, Nov 12, 2010 at 03:06:16PM +0000, Graham Freeman wrote:
Starting at about 06:32 (UTC-8), register.com shows signs of being hit with a DDoS. 40-50% packet loss to register.com from my hosts in California (USA), Minnesota (USA), and England. Likewise at least half of DNS lookups fail. Operator answering calls at register.com acknowledged problem but could give no ETR.
Is there any actual evidence or confirmation that this is a DoS/DDoS? Packet loss isn't necessarily an indicator of such, no matter how many alternate paths or peers/routes you have available to you. It could be something as simple as "we have a core router that has gone haywire and 'Bob' hasn't come into the office yet"...
Just sayin'.
-- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (5)
-
Bill Hazard -
Colin Johnston -
Graham Freeman -
Jeremy Chadwick -
John Von Essen