[Infowarrior] - Tucows under DDOS attack

Richard Forno rforno at infowarrior.org
Thu May 4 16:46:50 EDT 2006 

(from Anonymous, noting that they've not seen this discussed in the MSM
yet.)

*******

Begin forwarded message:

From: <removed>
Date: May 4, 2006 2:42:18 PM EDT
To: <removed>
Subject: <removed> Update [Service Performance]-04/05/2006

Greetings,

Yesterday, beginning at approximately 1600 UTC, a distributed denial
of service (DDOS) attack using recursive name servers was launched
against Tucows DNS system. The target of the attack was a single
domain using Tucows DNS but registered through another registrar.

As a result of this attack, Managed DNS was offline until
approximately 0800 UTC today.

Because the attack was unusually aggressive, two of Tucows'
upstream providers experienced intermittent network outages.
Therefore the following services had degraded performance until
approximately 0300 UTC today:
* Domain Name Registration and Management
* Tucows Email and Email Defense
* Blogware
* Website Building Tools

Tucows Hosted Email solution was unaffected.

During the DDOS, Tucows took the following steps:
* Tucows DNS was renumbered.
* Tucows contacted the domain's registrar and requested that DNS be
moved away from our servers. Due to the registrar's hours of operation
there was a delay in contacting them to request the change.

Our operations staff noted an immediate improvement in service
performance as soon as these two actions were completed.

Service providers and their customers may experience delays in
service performance until DNS changes have propagated worldwide.
We are contacting major ISPs to speed this process.

This outage occurred while we are in the final stages of
planned bandwidth and hardware upgrades to our data centers later
this month.  This work continues with renewed urgency.

Malicious attacks are a common concern to all reputable providers
within the Internet community.  This attack was unique in terms of
its aggressiveness and widespread impact.

We would like to thank everyone who contacted us for their
understanding and offers of assistance.  Times like this remind us
that our customers are extraordinary.

Sincerely,
Judy Fields
VP, Operations
Tucows Inc


******** From 3 May 2006 ********

    Subject:     <removed> - DDOS Attack 05/03/2006
    Date:     May 4, 2006 2:02:57 AM EDT
    To:       <removed>

To all:

Beginning at approximately noon Wednesday May 3rd the Tucows network
has been under a severe DDOS (Distributed Denial Of Service) attack
whose impact has been amplified by the attack's use of recursive name
servers.

The extent of the DDOS attack was enough to knock out two of the
three upstream providers to our colocation facility. Because of this,
for the first four and a half hours of the attack, it was assumed by
all involved that this was a network outage. It was only when the
upstream providers were able to recover from the initial blow that we
were able to determine that it was in fact an DDOS attack.

The attack, while apparently directed at a single website, had an
impact beyond its target making large portions of our network
inaccessible for periods of time throughout the day. While the site
under attack used our Managed DNS Service, Tucows is not the domain's
registrar and as such our options for resolving without impact have
been limited. Our operations staff, along with those of both our
colocation provider and their upstream providers have been working
diligently to return service to normal.

Our operations staff will be working through the night to make this
situation as painless as possible. I can only tell you all that I am
sorry and we will continue to do everything in our power to make this
better.


Regards,
Elliot Noss

More information about the Infowarrior mailing list