What We Know About Friday’s Massive East Coast Internet Outage

Slide: 1 / of 1 . Caption: DYN

Skip Article Header. Skip to: Start of Article.
  • Author: Lily Hay Newman. Lily Hay Newman Security
  • Date of Publication: 10.21.16. 10.21.16
  • Time of Publication: 1:04 pm. 1:04 pm

What We Know About Friday’s Massive East Coast Internet Outage


Friday morning is prime time for some casual news reading, tweeting, and general Internet browsing, but you may have had some trouble accessing your usual sites and services this morning and throughout the day, from Spotify and Reddit to the New York Times and even good ol’ WIRED.com. For that, you can thank a distributed denial of service attack (DDoS) that took down a big chunk of the Internet for most of the Eastern seaboard.

This morning’s attack started around 7am and was aimed at Dyn, an Internet infrastructure company headquartered in New Hampshire. That first bout was resolved after about two hours; a second attack began just before noon. In both cases, traffic to Dyn’s Internet directory servers on the East Coast of the United States was stopped by a flood of malicious requests disrupting the system. Still ongoing, the situation is a definite reminder of the fragility of the web, and the power of the forces that aim to disrupt it.

Ripping Up the Telephone Book

Dyn offers Domain Name System (DNS) services, essentially acting as an address book for the Internet. DNS is a system that resolves the web addresses we see every day, like https://www.WIRED.com, into the IP addresses needed to find and connect with the right servers so browsers can deliver requested content, like the story you’re reading right now. A DDoS attack overwhelms a DNS server with lookup requests, rendering it incapable of completing any. That’s what makes attacking DNS so effective; rather than targeting individual sites, an attacker can take out the entire Internet for any end user whose DNS requests route through a given server.

DDoS is a particularly effective type of attack on DNS services, because in addition to overwhelming servers with malicious traffic, those same servers also have to deal with automatic re-requests, and even just well-meaning users hitting refresh over and over to summon up an uncooperative page.

That it was a DDoS attack is about the extent of the confirmed information available. “Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States,” said Dyn executive vice president of products Scott Hilton in a statement during the first outage. “We have been aggressively mitigating the DDoS attack against our infrastructure.”

During that time, access to dozens of sites and services was disrupted by the attack. Users in some regions like Asia seemed to experience fewer problems than those in the US. Though the topology of the Internet does not directly correspond to physical geography, it does approximate it to a degree, says Roland Dobbins, a principal engineer at Arbor, a security firm that specializes in DDoS attacks. Since Dyn says the impact was on its East Coast servers, this probably created the localized effect.

“This attack highlights how critical DNS is to maintaining a stable and secure internet presence, and that the DDOS mitigation processes businesses have in place are just as relevant to their DNS service as it is to the web servers and data centers,” Richard Meeus, a vice president of technology at the enterprise security firm NSFOCUS, writes in an email.

What the Botnet

All of which still leaves plenty of open questions, like where the DDoS attack against Dyn originated, and how big it was. It’s possible that the attack was part of a genre of DDoS attack that infects Internet of Things devices all over the world with malware, and conscripts them into botnet armies to then coordinate, generate, and amplify malicious traffic toward a target. The source code for one of these types of botnets, called Mirai, was recently released to the public, leading to speculation that more Mirai-based DDoS attacks might crop up. Whether that’s the case with Dyn isn’t yet known.

Though there may be a hint that it was, or if not, a striking bit of irony.

Dyn’s principal data analyst Chris Baker wrote about these types of IoT-based attacks just yesterday in a blog post titled “What Is the Impact On Managed DNS Operators?”. It appears he has his answer. And that all DNS services, and their customers, should be on notice.

Go Back to Top. Skip To: Start of Article.
Skip Latest News. Skip to: Comments.

Most Popular

More Stories

Previous Post
Next Post