[Outages-discussion] [outages] NeuStar UltraDNS ? ** Why DDOS Neustar?

Wed Jul 11 15:56:20 EDT 2012

This question is basically unanswerable unless you have actual
communication occurring with the individuals who are doing the DDoS.
You'd have to ask them why they're doing it.

The simple version is this: I imagine many people (individuals, small
companies, large companies) rely on UltraDNS to act as their
authoritative nameservers for their domain(s).

Malicious individuals want to take a site offline -- the reason doesn't
matter (ever) because the effects are the same no matter what the reason
(in fact there doesn't even have to be an incentive, it can be as simple
as "some guy/guys were bored").  They look up the common denominator
using dig and/or whois.  "Looks like they only use UltraDNS, with no
other tertiaries..."  You can figure out the rest.  But as I said, the
motive can be anything ranging from financial gain to boredom, so try
not to get too caught up in pondering the reasons.  Sometime there isn't
a reason.

-- 
| Jeremy Chadwick                                   jdc at koitsu.org |
| UNIX Systems Administrator                http://jdc.koitsu.org/ |
| Mountain View, CA, US                                            |
| Making life hard for others since 1977.             PGP 4BD6C0CB |

On Wed, Jul 11, 2012 at 12:38:03PM -0700, Joseph Jackson wrote:
> I always wonder what the motivation is behind doing a DDoS attack against someone like Neustar.  What would be the gain on taking them down?  I guess apart from corporate warfare but I find that to be kind of unlikely.
> 
> 
> 
> From: outages-bounces at outages.org [mailto:outages-bounces at outages.org] On Behalf Of Kuzmowycz, George
> Sent: Wednesday, July 11, 2012 2:14 PM
> To: 'frnkblk at iname.com'; 'Randy Johnson'; outages at outages.org
> Subject: Re: [outages] NeuStar UltraDNS ?
> 
> UltraDNS just sent an e-mail to customers that they are under a DDoS that took down their Hong Kong node.
> 
> "We are proactively defending the attack on our network and working with our upstream telecommunications providers to further mitigate the traffic originating from their networks."
> 
> From: outages-bounces at outages.org<mailto:outages-bounces at outages.org> [mailto:outages-bounces at outages.org] On Behalf Of Frank Bulk
> Sent: Wednesday, July 11, 2012 2:48 PM
> To: 'Randy Johnson'; outages at outages.org<mailto:outages at outages.org>
> Subject: Re: [outages] NeuStar UltraDNS ?
> 
> Is the issue with DNS, accessing their site, or something else?  Can you share some more details?
> 
> Frank
> 
> From: outages-bounces at outages.org<mailto:outages-bounces at outages.org> [mailto:outages-bounces at outages.org] On Behalf Of Randy Johnson
> Sent: Wednesday, July 11, 2012 1:36 PM
> To: outages at outages.org<mailto:outages at outages.org>
> Subject: [outages] NeuStar UltraDNS ?
> 
> Anyone using Ultra DNS ?
> Are you seeing issues ?
> 
> >From our side, Ultra appears to be up/down/up since about 0900 PDT today.
> 
> This communication, including attachments, is confidential and may contain proprietary information intended only for the proposed recipient. Please notify the sender and delete this message if you believe that you have received this message in error or if you are not the proposed recipient. Unauthorized disclosure, copying, or distribution of the information is strictly prohibited. Please also be aware Avalara does not provide client-specific tax management advice. Recipients seeking advice on specific tax matters should conduct their own due diligence and seek advice from a qualified tax practitioner before relying on any information contained herein.

> _______________________________________________
> Outages-discussion mailing list
> Outages-discussion at outages.org
> https://puck.nether.net/mailman/listinfo/outages-discussion