#21

Administrator
Philadelphia, PA
(10-23-2016, 02:22 AM)BoarderPhreak Wrote:
(10-23-2016, 01:00 AM)andrewjs18 Wrote: hopefully they learn to not have a single point of failure now.

DNS, by nature has redundancy...  But of course that depends on having multiple nameservers across different registrars.  If all your nameservers sit with one company...  Yeah, you're screwed, especially if your TTL is short and nobody has a valid cached IP.  You're right though - hopefully this is a big learning experience and wake up call.

true, but when a massive DDOS is literally pounding all of them in a geographical area, it'll eventually go down.

I have a friend who is an engineer at paypal who was literally in the process of working out redundant DNS solutions when dyn got hit with their DDOS...they sped up getting that implemented the same day..


(10-23-2016, 02:58 AM)bakerbarber Wrote: I have to take my tinfoil hat off.

I see the issue from the perspective of who gained from doing it and why. As well as who is capable of doing it. I'm cognizant of the fact that I couldn't even begin to actually understand the situation by reading the headlines or watching the news in the US.

The more I read about it the less I want to read about it. The motives. The implications. The consequences if it would to happen twice as bad the next time.

The whole thing stinks of being a part of a bigger issue.

The headlines are all about Netflix and Twitter as if either of them matter in the grand scheme of things. The company that was affected the most is supposed to specialize in insulating others from ddos attacks isn't it? Am I misinformed or misunderstanding what happened?

I feel like what we're being told happened, who likely did it, and how it went down is not the truth. Have felt that way about a lot of things but never as much as in the past few years... 15 at least.

I have to take my tinfoil hat off.


the problem is, if something is IP addressable, as soon as it hits the wire and grabs an IP, it's hackable. how quickly or how much effort it'll take to be hacked is a different story, but hackable it is, for sure. even the most secure systems in the world eventually get exploited.

the real issue is how you deal with a hack...how do you prevent downtime, how do you mitigate it & how do you recover from it. a lot of these companies could of been running still had they used a secondary (slaved) DNS server/service. when dyn's services went down, the secondary DNS records would of started answering queries.

bakerbarber likes this post
Tu ne cede malis, sed contra audentior ito.
#22
(10-23-2016, 06:19 AM)andrewjs18 Wrote: true, but when a massive DDOS is literally pounding all of them in a geographical area, it'll eventually go down.

I have a friend who is an engineer at paypal who was literally in the process of working out redundant DNS solutions when dyn got hit with their DDOS...they sped up getting that implemented the same day..

the problem is, if something is IP addressable, as soon as it hits the wire and grabs an IP, it's hackable. how quickly or how much effort it'll take to be hacked is a different story, but hackable it is, for sure. even the most secure systems in the world eventually get exploited.

the real issue is how you deal with a hack...how do you prevent downtime, how do you mitigate it & how do you recover from it. a lot of these companies could of been running still had they used a secondary (slaved) DNS server/service. when dyn's services went down, the secondary DNS records would of started answering queries.

Yup, there's little defense currently against such a massive DDoS. I'm sure most companies affected are working overtime now.

I think a big part of the problem is cheap IoT devices that don't get updated nearly enough (or at all) and once compromised, hackers can use essentially all of them in their botnets. I run my own mail server, and that's how spam is sent these days. It's a game of whack-a-mole. You can't block one IP or even a block anymore. It's all botnets. Bastards.
#23

Member
Los Angeles
I am not sure I understand this. The article you quoted was dated the 21st two days ago. I was able to get on three Artisans site and on ATT. What actually happened?
#24
(10-23-2016, 03:49 PM)Tidepool Wrote: I am not sure I understand this. The article you quoted was dated the 21st two days ago. I was able to get on three Artisans site and on ATT. What actually happened?

The "incident" started at 7am and finished by about 6pm on October 21st. After which, yeah - everything was mostly back to normal.
#25

Member
Los Angeles
Thank you for the clarification.
#26
(10-23-2016, 09:45 PM)Tidepool Wrote: Thank you for the clarification.

You're welcome! Smile
#27
Lions and Tigers and Y2K, oh my! Write down phone numbers, addresses and stocklist numbers of items you frequently buy. There is this archaic thing called a Postal Money Order. You put it in an envelope with a stamp and mail it. It's slow, but worked fairly well before this deux ex machina we prostrate ourselves to was thrust on us along with cellphones, non silver coinage, Playboys without staples ( they even dropped the girls) and light beer in plastic bottles.

Matsilainen likes this post


Users browsing this thread: