DDoS attack on UltraDNS affects Amazon.com, SalesForce.com, Petco.com

DDoS attack on UltraDNS affects Amazon.com, SalesForce.com, Petco.com

Summary: Several NeuStar UltraDNS managed DNS service customers, including Amazon.com, SalesForce.


Several NeuStar UltraDNS managed DNS service customers, including Amazon.com, SalesForce.com, advertising.com and Petco.com, were knocked offline for several hours yesterday morning by a distributed denial of service attack, reports rival Dynamic Network Services.

Neustar confirmed the attack to NetworkWorld with the following statement:

"Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours. While we continue to investigate the cause, the extent, and the duration of the attack, service was completely restored by 10 a.m. EST."

Dynamic Network Services blogged about the UltraDNS outage first:

This morning, our Dynect Platform monitoring system noticed a problem, a big one. From our global perspective, it appears that many online services, including amazon.com (the store, AWS, and S3), salesforce.com, advertisting.com, and petco.com, had some serious DNS troubles. As many of our readers know, DNS is the glue that binds domain names, like dynect.com to their respective server’s IP addresses ( Without DNS, nothing works; no web, e-mail, voip, IM, file sharing, etc.

The Dynect Team quickly began to analyze the situation by checking the resolution chains for these popular web sites. Our analysis revealed that multiple UltraDNS PDNS (a special class of ultradns server) nodes were failing to respond to all DNS queries. Amazon.com clearly knew about the problem, as our monitoring then detected a change in the delegation for amazon.com from UltraDNS’ PDNS nodes to their UDNS nodes at approximately 8:50 am Eastern.

According to NetworkWorld, Hitchcock said his company's Dynect Platform monitoring system saw heavy packet loss on UltraDNS name servers, with as much as 50 to 70 percent of responses being dropped.

Based in Reston, Va., NeuStar is a major provider of high-availability DNS services to e-retailers as well as high-tech companies such as Oracle and Juniper. NeuStar is also the registry for the .biz and .us domains, and provides telephone number look-up services for carriers in North America.

Topics: Security, Amazon, Browser, Enterprise Software, Networking

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Ouchies

    Wonder who they pissed of? Any ransom demands? Could this be related to the worm everyone is talking about?
  • M$ louzy windoze is the culprit

    this attack would not have been possible wihout M$ windoze as an infected host.
    M$ should be sued for damages due to negligence.
    Linux Geek
  • RE: DoS attack on UltraDNS affects Amazon.com, SalesForce.com, Petco.com

    Idiots always blame computers instead of the admins.
  • RE: DoS attack on UltraDNS affects Amazon.com, SalesForce.com, Petco.com

    Are you just a MS basher or are you really that dunce?

    It can be any host. Just because the creator of the
    attack chose windows as a platform (because there are
    80% windows machines on the net) is not MS's fault.

    Think about it, why would you pick a platform that has
    20% or less users? "Lets write a virus that will
    perform a DDoS attack, but lets use Mac machines,
    because there isn't a lot of them on the net". Or you
    could pick windows machines and have the ability to
    infect as many as possible.

    Oh, and negligence is not a "problem". A court would
    need to find that MS completely ignored an impending
    threat to find against them in such a case.

    Really, they need to go after the attacker who wrote
    the virus in the first place.

    The service worked fine BUT after being a customer for many years this is how they responded when we no longer needed service (we hadn?t signed a new contract for 4 years!!!):

    ?We have reviewed your request to cancel and based on the terms of your contract it has been determined that your official cancel date is in five months. Your service will remain on and you will continue to be billed through then?

    They then continued to bill us for 5 months and when we refused to pay the ?bill? they sent it to a collections agency that started calling, emailing and threatening legal action. We spent more than 20K with them and always paid on time so again WATCH OUT!!!