[outages] Godaddy / Premium DNS outage?

Patrick W. Gilmore patrick at ianai.net
Tue Sep 11 20:08:40 EDT 2012 

On Sep 11, 2012, at 18:01 , Darius Jahandarie <djahandarie at gmail.com> wrote:
> On Tue, Sep 11, 2012 at 5:35 PM, francis.daigneault at bell.ca <francis.daigneault at bell.ca> wrote:
>> Your right! perhaps DDOS does not mean any data have been compromise, it simply mean someone decide to piss you off.., and personally I prefer honesty, or more detail answer then "corrupted data" which is too easy.. let see what they going to say on that one..
>> 
>> http://pastebin.com/WMb4Qg7H
>> 
>> I guess it's a internal leak.. I'm not good enough in programation to say if this is fake or real or publicly available, clearly there missing stuff.. like the DB :) perhaps for me it appear a bit more serious and making sense then the godaddy story about yesterday failure.
> 
> What a bunch of FUD. Everything is pointing to the fact that it was
> probably exactly what GoDaddy says it was, and a random bunch of
> python scripts that are full of Chinese don't point things in any
> other direction.

I'm afraid I must agree with Darius here, although I would not have put it exactly like that.

First, I do not know any network who would rather admit they made an error and denied service to customers than say they were being attacked by someone else.  There is no network on the planet which is immune to DoS.  (Well, almost no network <wink-wink>. =)

I'm confused why anyone would think that "DDoS" == "customer data breech".  I'm even more confused why anyone would be worried about someone getting access to records which are intentionally published as publicly and as widely as possible.

There is no evidence of a DDoS, there is multiple admissions of internal error, and other anecdotal evidence points at same.

Absent other data, I think we should put this thread to rest and wait for GoDaddy to have time to put together a proper RFO.  (And please no comments about the time they are taking.  If you have ever had a major outage and needed to write up an official RFO, you would understand it is not a 12 hour process.)

-- 
TTFN,
patrick


> More specifically: there was ICMP packet loss on the DNS servers, and
> it was partial, at about 90%-95%. This suggests saturated ports. Like
> Patrick has said, there are no flows anywhere that suggest it was a
> volumetric DDoS attack on their servers. This means it was either some
> sophisticated zero-day layer 7 attack on DNS servers (doesn't sound
> very likely to me... why would GoDaddy be the target of something like
> that?), or there was just an internal technical issue.
> 
> 
> There will always be people who wildly speculate and then grasp onto
> those theories regardless of any evidence that suggests otherwise, but
> I hope that on a list of network professionals we can put that sort of
> speculation to rest.
> 
> -- 
> Darius Jahandarie
> 
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>

More information about the Outages mailing list