Share

Related Links

Top 5 Stories

News

AT&T DDoS’d by unknown attackers

17 August 2012

For most of Wednesday many AT&T business customers suffered ‘intermittent disruption’ to their service while AT&T DNS servers came under DDoS attack from an unknown source.

“AT&T DDoS Defense,” says the company to its potential customers, is “an optional feature to the AT&T Internet Protect malware-monitoring service, uses powerful, specialized devices running sophisticated algorithms to identify attacks headed toward your network. We can mitigate them before they reach your network to keep your critical infrastructure running.”

Unfortunately it didn’t use it to protect its own network – or more specifically, its DNS servers. On Wednesday morning, West Coast time, 16th August, AT&T was hit by a DDoS attack against two of its DNS locations from an unknown source. The company has so far given little details on the attack, merely acknowledging it on a service status page.

"Due to a distributed denial of service attack attempting to flood our Domain Name System servers in two locations,” it said, “some AT&T business customers are experiencing intermittent disruptions in service. Restoration efforts are underway and we apologize for any inconvenience to our customers. Our highest level of technical support personnel have been engaged and are working to mitigate the issue.”

The DNS servers translate web access attempts from the usable ‘www’ names to the destination’s formal IP address. Without this translation service (and assuming the user doesn’t know the IP address), websites cannot be reached. So by attacking the DNS servers, the attackers effectively DDoS’d all of the AT&T customers served by those DNS servers. The issue has now been resolved, company spokesman Mark Siegel told Reuters yesterday.

The attack is known to have lasted at least eight hours, although it is not yet known whether it was mitigated or simply stopped by the attackers. A recent DDoS attack against WikiLeaks was effective for more than a week before being mitigated. While WikiLeaks’ attackers quickly announced themselves, there have, at the time of writing this, been no claims for the AT&T attack.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×