LinkedIn just one of thousands of sites hit by DNS issue: Cisco

LinkedIn just one of thousands of sites hit by DNS issue: Cisco

Summary: Although LinkedIn bore the brunt of attention over a DNS issue that saw it drop off the web for hours, Cisco believes that almost 5,000 other sites were also affected.

SHARE:
TOPICS: Security, Outage
2

LinkedIn was only one of thousands of websites that went down on Wednesday due to issues with its domain name system (DNS) servers, according to Cisco.

Although LinkedIn has stated that its outage was due to an error made by the company that manages its domain and not due to any form of malicious activity, there was some malicious activity involved — just not directly aimed at the social networking company.

Network Solutions wrote on its company blog that it had been resolving a distributed denial-of-service (DDoS) attack at the time, and that "a small number of Network Solutions customers were inadvertently affected".

Looking at the problem from a network perspective, Cisco said it saw the name servers for Network Solutions change to those at ztomy.com.

"For example, the domain usps.com was pointed to the DNS nameservers ns1621.ztomy.com and ns2621.ztomy.com. Yelp had their name servers changed to ns1620.ztomy.com and ns2620.ztomy.com. Fidelity, meanwhile, was pointed at ns1622.ztomy.com and ns2622.ztomy.com."

However, Cisco believes that this actually lends credibility to the theory that it was not a malicious attack.

"The fact that so many domains were displaced in such a highly visible way supports Network Solutions' claim that this was indeed a configuration error."

Including the US Postal Service, Yelp, and Fidelity, Cisco believes that almost 5,000 domains may have been affected. The list includes other major companies, including Subaru, Mazda USA, US Airways, Craigslist, and Weather.com.

Topics: Security, Outage

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Network Solutions Facebook page

    There is a posting on the netsol facebook page that states that they were hacked on Tuesday 7/16/13. I can't access the my.web.com link that was included...

    https://www.facebook.com/networksolutions

    ---
    Tuesday, July 16, 2013 at 11:57am
    ---
    Some of you have posted about issues with your sites. Yesterday, some
    Network Solutions customer sites were compromised. We're investigating
    the cause of this situation, but our immediate priority is restoring
    your sites as quickly as possible.

    Unfortunately, cybercrime is a persistent threat in today's world.
    Despite our best efforts, no one is immune—including large providers
    like Network Solutions. We're always working to create a more secure and
    reliable Internet environment for our customers.

    Please refer to our blog for updates: http://my.web.com/12DyLxE. We
    appreciate your patience as we work to restore the affected sites.
    ---
    dbennett455
  • They deleted the posting

    The posting I mentioned above has since been deleted from their facebook site.
    dbennett455