Major DNS provider hit by mysterious, focused DDoS attack
Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider, for over a week. While the company has essentially shunted off much of the attack traffic, NS1 experienced some interruptions in service early last week. And the attackers have also gone after partners of NS1, interrupting service to the company’s website and other services not tied to the DNS and traffic-management platform. While it’s clear that the attack is targeting NS1 in particular and not one of the company’s customers, there’s no indication of who is behind the attacks or why they are being carried out.
NS1 CEO Kris Beevers told Ars that the attacks were yet another escalation of a trend that has been plaguing DNS and content delivery network providers since February of this year. “This varies from the painful-but-boring DDoS attacks we’ve seen,” he said in a phone interview. “We’d seen reflection attacks [also known as DNS amplification attacks] increasing in volumes, as had a few content delivery networks we’ve talked to, some of whom are our customers.”
In February and March, Beevers said, “we saw an alarming rise in the scale and frequency of these attacks—the norm was to get them in the sub-10 gigabit-per-second range, but we started to see five to six per week in the 20 gigabit range. We also started to see in our network—and other friends in the CDN space saw as well—a lot of probing activity,” attacks testing for weak spots in NS1’s infrastructure in different regions.