Dyn, which provides managed domain name service via its Anycast Network, said it has been hit by a distributed denial of service attack that has led to spotty performance by a bevy of popular sites such as Reddit and Twitter.
The DDOS attack notice was posted on Dyn's web site. The incident is affecting Dyn's customers in the US East Coast region. Although the Dyn customer sites are appearing they seem to be slow. We've received a few reports that sites were down too.
Dyn said it has thwarted the attack. Here's the chain of updates from Dyn:
Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.
Customers with questions or concerns are encouraged to reach out to our Technical Support Team.
This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Services have been restored to normal as of 13:20 UTC.
Now there seems to be another attack underway.
We have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue. This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue.
Our engineers continue to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.
Dyn Managed DNS advanced service monitoring is currently experiencing issues. Customers may notice incorrect probe alerts on their advanced DNS services. Our engineers continue to monitor and investigate the issue.
Dyn provides DNS and traffic steering services, monitoring for network and transit as well as load balancing and multi-content delivery network management.
The customer base for Dyn includes Twitter, Zillow, Soundcloud, and Zappos, among others.
Here's a look at Dyn's network map for its Anycast service.
Intel Security CTO Steve Grobman had this take:
This is a reminder of how effective an attack on one can be an effective attack on many. DNS is one of those Internet infrastructure capabilities upon which we all rely. An attacker seeking to disrupt services to multiple websites, may be successful simply by hitting one service provider such as this, a DNS provider, or providers of multiple other Internet infrastructure mechanisms.
It's also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers. Delegating service capabilities to such multi-tenant service providers has tremendous benefits over traditional architectures where you're responsible for running your own capabilities. But it also means that if those services are targeted with attacks of significant scale, all tenant services relying on a provider could be impacted.
Other commentary from industry experts was similar. One thing is clear: This event will be an interesting post mortem for cybersecurity.