Monday, April 6, 2009 DDoS - Part Deux

There's nothing worse than being victimized.  Scratch that... the only thing worse than being victimized is then being blamed for the troubles.

Now, I'm the first to say that a massive Domain Name behemoth like should be well-prepared to hold up against even a large-scale DDoS so I think it's only fair to ask those folks to be forthright and honest with the customers about what happened, how it happened, and what they are doing to build more resiliency into their infrastructure.  I realize that there are some proprietary company secrets in there they would rather not disclose publicly but in the name of transparency and positive PR they should make a best-effort and really push for openness.

My personal feelings here, as a customer of theirs affected by this outage, is that something should have been done to make sure I was at least getting minimal service during this massive outage.  While you can't control things like a DDoS we know after years of research that there are technologies that can aide in holding back the flood-waters of a DDoS and at least let some transactions function.

As this article clearly points out there are at least two different ways that such an outage can be handled in the PR arena... both of them were terrible.  Denial is not good because customers and analysts can see right through it - quite obviously; and radio silence (a la no information) is just as bad...  I've been urging the folks (Nick Dellis posted a comment previously on this blog) to come clean and give us at least some information on what took place.  I'm not asking for every intimate detail, I just want to know what/how/why and why it won't happen again... as a paying customer I feel that is my right.

So to the folks, I'm posing this request, please reply either privately or publicly to this blog with the following information...
  1. Please explain to us with as many technical details as you are able WHAT happened
  2. Please provide the scope, length and nature of the attack
  3. Please tell us what is doing to make their service resilient against this type of attack going forward
There are a lot of DNS services out there, and quite honestly I don't think silence is an acceptable response.  If doesn't feel the need to share some of this information... I don't feel I want to continue as a customer - it's only fair.  I'm fairly sure I won't be alone in that regard.


Anonymous said...

Yes the very lack of information has forced our hand by moving all our Domain names over to I've been with for over 10 years and continued to pay the high domain registration fees because of the assumption they were the big boys that would always have the DNS up and running. It's just been horrible the last couple of years and last week finally was it.

Moved everything to

Rafal Los said...

@niels: Yes - sadly I have to agree. I'm fairly sure I'll be investigating alternatives to as well. I think we as customers have been more than fair, requesting information and being patient... but we do not like to be kept in the dark.

Nick D said...

Thanks for your feedback. I want to take some time to address your questions.

First, the official stuff: We experienced intermittent service disruptions as a result of a distributed denial of service (DDoS) attack – an intentionally malicious flooding of our systems from various points across the internet. This occurred initially on Wednesday and the attacks continued to escalate, with changing attack methods, or "multiple waves."

Our response efforts helped to mitigate the impact of the attack. I can say that we did the following to counteract it:

- Deployed counter-measures on the first day to mitigate the attack and added capacity across the company’s network
- Setup special channels with major ISPs to re-enable customers’ services
- Isolated the profile of the attack through forensic data analysis
- Engaged the FBI and The Department of Homeland Security
- Counter-measures had to be adapted as the attack changed

I know you’re looking for more technical information on this, but we don’t want the bad guys who did this to us to get that kind of information. Sorry I can’t get into more specifics.

As you know events like these impact many people in many different ways, that’s why we utilize a broad range communications strategies including posting information directly on our home page, sending email updates to registrants and using social media sites like Twitter to keep people informed.

Personally, I was helping monitor our customers’ problems on Twitter, and it was truly disheartening to hear the anguish this situation was causing people.

We’re happy to continue a dialogue here. Just let us know if there are still any unanswered questions.

Anonymous said...

I have used since 2003 and have NEVER had an issue. Super cheap as well, $12yr.


Rafal Los said...

@Nick D: Thanks for following up, I'm sure you've been busy the last couple days with a mountain of responses...

I understand there are some things you can't share... which is fine. Thanks for taking the time to respond to this little blog and give my readers some comfort... good luck fighting back the monster.

I do have to wonder though... do you think, personally, this has anything to do with the Conflicker mega-botnet?