[outages] Godaddy / Premium DNS outage?

Darius Jahandarie djahandarie at gmail.com
Tue Sep 11 18:01:44 EDT 2012


On Tue, Sep 11, 2012 at 5:35 PM, francis.daigneault at bell.ca
<francis.daigneault at bell.ca> wrote:
> Your right! perhaps DDOS does not mean any data have been compromise, it simply mean someone decide to piss you off.., and personally I prefer honesty, or more detail answer then "corrupted data" which is too easy.. let see what they going to say on that one..
>
> http://pastebin.com/WMb4Qg7H
>
> I guess it's a internal leak.. I'm not good enough in programation to say if this is fake or real or publicly available, clearly there missing stuff.. like the DB :) perhaps for me it appear a bit more serious and making sense then the godaddy story about yesterday failure.

What a bunch of FUD. Everything is pointing to the fact that it was
probably exactly what GoDaddy says it was, and a random bunch of
python scripts that are full of Chinese don't point things in any
other direction.

More specifically: there was ICMP packet loss on the DNS servers, and
it was partial, at about 90%-95%. This suggests saturated ports. Like
Patrick has said, there are no flows anywhere that suggest it was a
volumetric DDoS attack on their servers. This means it was either some
sophisticated zero-day layer 7 attack on DNS servers (doesn't sound
very likely to me... why would GoDaddy be the target of something like
that?), or there was just an internal technical issue.


There will always be people who wildly speculate and then grasp onto
those theories regardless of any evidence that suggests otherwise, but
I hope that on a list of network professionals we can put that sort of
speculation to rest.

-- 
Darius Jahandarie




More information about the Outages mailing list