On Friday, October 21, 2016, Internet performance management company Dyn suffered a series of three distributed denial of service (DDoS) attacks, beginning at about 4:00 AM Pacific time and concluding at about 1:00 PM. The attack involving tens of millions of IP addresses affected users’ abilities to access the websites of many of Dyn’s customers, such as Twitter, Reddit, Spotify, Etsy, and others. Experts believe the attack was targeted at Dyn with one source of traffic sourcing from devices infected by the Mirai botnet.
What is a DDoS attack?
A DDoS attack is when an overwhelming amount of web traffic is directed at an online service (such as a website) in an attempt to make the service unavailable to legitimate users. In this case, tens of millions of IP addresses flooded Dyn’s Managed DNS infrastructure with requests, causing Dyn’s customers’ sites to either fail to load or load very slowly. In other words, many users attempting to do their morning scan through Twitter were disappointed when Twitter did not load.
What is DNS?
Note that the following has been simplified for the sake of simple explanation.
The domain name system (DNS) is what’s responsible for converting a domain name into its associated IP address when a website is accessed. Think of it this way: if the IP address is a set of GPS coordinates (latitude and longitude) for a business, the domain name is the street address (123 Street Ave).
When any URL is typed into the address bar of the web browser, a request is sent to a DNS server (many actually) to translate the URL into its IP address, which is then sent back to the browser, telling it how to access the website at the specified URL.
The incident on the 21st occurred when a large number of devices (many infected by the Mirai botnet) attempted to make too many requests to Dyn’s DNS servers, and the overloaded servers could not send back information to fulfill any requests.
It’s important to note that DNS hosting (the service provided by Dyn in this case) differs from website hosting. The latter generally refers to the location on a web server where a website’s files are stored.
What is Mirai?
Mirai is a new type of malware that targets “Internet of Things” or smart-devices – things like CCTV cameras, DVRs, the Nest smart-thermostat, even Internet-connected cars and refrigerators. Mirai is able to take control of such devices and use them to flood a target with traffic. When millions of infected devices are directed toward a single target in a DDoS attack, it’s enough to bring the target down across the web for both legitimate and malicious users.
How can I keep my smart-devices safe?
- Be selective with which smart-devices you use. Not all devices are created equally when it comes to security. Research before you buy, and always opt for the most secure devices, even if they cost more.
- If possible, disconnect your smart devices from an internet connection when you’re not actively using them. If there is not an option to disconnect your device from the internet, make sure it is powered off and not in a “standby” state.
- Keep your devices up to date with the most current software.
- Always use strong passwords. Some devices such as webcams and CCTVs use default passwords and settings, making them especially attractive targets for malware. Read your manual or do a Google search on how to change the passwords for these devices.
- If your smart device has been infected by Mirai, you may be able to clean it by rebooting the device, however this action alone will not protect your device from being re-infected.
- Disable WPS connection on your wireless router, and make sure your Wi-Fi network is password protected.
- Contact Feynman Group if you have any security concerns and we will work with you to implement solutions relevant to your specific needs.
Does a DDoS attack pose a threat to my website?
If you’re concerned about the resiliency of your hosting environment, contact Feynman Group to discuss whether or not changes to your current situation may be necessary.
- Dyn Statement on 10/21/2016 DDoS Attack
- What is a DDoS Attack
- Definition of DNS
- Mapping Mirai: A Botnet Case Study
- Internet of Things (IoT)
- PSA: Change Your IP Webcam’s Default Password, if You Haven’t Already
Note, Feynman Group, Inc. is not affiliated with and does not endorse any of the websites, articles, or authors referenced in this post.