Domain hosting service Point DNS suffered a major outage on Friday after it was hit with a serious DDoS attack on all of its DNS servers.
The firm, which claims to offer “reliable, powerful and affordable hosting”, is responsible for more than 220,000 domains worldwide.
It revealed the news in several Twitter updates
on Friday, beginning with: “We're experiencing a DDoS attack on all DNS servers we are working hard mitigate the attack.”
"We're still working through a massive DDoS. We're adding more nameservers and working with our network providers,” it added later that day.
The most recent tweet from the company - posted late on Friday evening UK time, around 11 hours after the first - noted: “Most DNS servers are now back online. dns1, dns2, dns3, dns4 and dns5 are operating normally. Also new DNS servers 8 thru 11 are operational.”
There’s no further update from the firm detailing who might be behind the attack or how exactly it was carried out, but it is believed to have originated from China.
Sean Sullivan, a security advisor with F-Secure
, described the increasing professionalism of DDoS-ers.
“Everything comes in waves or cycles. DNS flood DDoS attacks are not new – but the scale of the attackers’ resources is new,” he said. “Attackers are no longer using home computer-based botnets as a base of attack – they’re using business server-based botnets. They’ve moved from collections of pistols to collections of missile launchers.”
Recent reports have also pointed to the growing threat from DDoS attackers.
Over 80% of attacks studied involved multiple vectors, with nearly 30% of compromised machines attacking over 50 different targets a month.
The report also revealed a major shift towards NTP amplification attacks since January, with the biggest reaching 180Gbps.
Elsewhere, security info and analytics firm Neustar warned in its Annual DDoS Attacks and Impact report last week that in 2013, 60% of UK DDoS attacks measured over 1Gbps. This is double the 30% reported in 2012 and much higher than the 25% reported in Neustar’s US report.
“One reason for more super-sized attacks: the rise in DNS and NTP amplification attacks. In launching these, attackers send UDP packets to vulnerable DNS/NTP servers with the spoofed IP addresses of the targeted servers,” the firm explained in a blog post
“The vulnerable server sends an amplified response to the target IP address. These attacks can easily add up to enormous bandwidth. One amplification attack in 2014 measured 400 Gbps.”