MAJOR WEBSITES HAVE GONE DOWN WORLDWIDE — THE REASON IS STILL UNCLEAR BUT A MAJOR DNS PROVIDER IS SUFFERING A MASSIVE DDOS ATTACK AND EXPERTS ARE CONNECTING THE DOTS.
Twitter, Reddit, Spotify, Etsy, Box, Wix Customer Sites Squarespace Customer Sites and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn, a world renowned Domain Name Servers (DNS) service provider.
In a statement, Dyn acknowledged that their servers are under DDoS attack.
Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available. This attack is mainly impacting US East and is impacting Managed DNS customer in this region. Our Engineers are continuing to work on mitigating this issue.
Imagine a scenario where a DNS provider that is used by Reddit, Twitter or Facebook is under DDoS attack, there is no way a user can visit any of these sites and it looks like that’s what’s going on right now. There are several websites that were down this morning including Twitter, Reddit, Spotify, Esty, Box, Wix Customer Sites Squarespace Customer Sites, Shopify, SoundCloud, Github, Airbnb, Reddit, Freshbooks and Heroku. However, some sites are already coming back online.
List of sites that currently down according to our lovely readers:
Schoology and Apex
Netflix.com (slow loading time)
The Boston Globe
The New York Times
Playstation Network (PSN)
Elder Scrolls Online
Starbucks rewards/gift cards
Squarespace Customer Sites
Wix Customer Sites
Applicant Tracking System and Recruiting Software | iCIMS.com
Sterlingbank.com (sign in issues)
In an exclusive conversation with IEEE senior member Kevin Curran, HackRead was told that:
“If you want to understand what really happens in a DDOS attack, then you just need to look into SYN flood attacks. A SYN flood is a denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.”
At the time of publishing this article, some sites were still down whilst Dyn was still dealing with the attack.
Update (9:37 PM Friday, October 21, 2016, Greenwich Mean Time (GMT))
It looks like the attacks have been stopped and sites that were gone offline are now coming back online. On the other hand, Dyn has tweeted that their advanced service monitoring issue is currently resolved. They are still investigating and mitigating the attacks on our infrastructure.
It’s The Biggest DDOS Attaque in the History of WWW .