A bit more information about the massive and sustained Internet DDoS attack that has caused outages and network congestion on Friday for a large number of Web sites. The attack, launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, targeted Dyn, a DNS provider.
What is a DNS? It is essentially as an address book for the Internet. DNS is a system that resolves the web addresses we see every day, like https://www.ems-solutionsinc.com, into the IP addresses needed to find and connect with the right servers so browsers can deliver requested content. A DDoS attack overwhelms a DNS server with lookup requests, rendering it incapable of completing any.
“At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Also, if you don’t follow Brian Krebs, START! He has been discussing these type of “internet of things” (IoT) attacks for the past few weeks. https://krebsonsecurity.com/
A brave new world.