On Friday, multiple large Distributed Denial of Service (DDoS) attacks against a company which runs managed DNS infrastructure in the US took down multiple prominent websites, including Twitter, PayPal, Reddit, and Amazon.
The DDoS attacks, which according to reports were conducted in three waves, were targeted against Dyn.
Kyle York, Dyn’s Chief Strategy Officer, has confirmed that the attacks were targeted at its Managed DNS infrastructure.
“Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different,” said York.
Approximately two hours later, the Dyn NOC team was able to mitigate the attack and restore service to customers.
During that time, Internet users directed to Dyn servers on the East Coast of the US were unable to reach some of Dyn’s customers’ sites, including some of the marquee brands of the Internet.
“We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful,” said York.
After restoring service, Dyn experienced a second wave of attacks just before noon. This second wave was more global in nature, but was mitigated in just over an hour.
“Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time,” said York.
“While there was a third attack attempted, we were able to successfully mitigate it without customer impact,” he said.
“At this point we know this was a sophisticated, highly-distributed attack involving 10s of millions of IP addresses,” said York.
He said it was a sophisticated attack across multiple attack vectors and Internet locations, and that one source of the traffic for the attacks was devices infected by the Mirai botnet.
“We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” said York.