14 DAY TRIAL // NeuStar's UltraDNS service, used by many important businesses and organizations worldwide, has been the target of a distributed denial of service (DDoS) attack on Tuesday, making several popular websites hard to reach or completely inaccessible. The company has contained the attack and operations have returned to normal after several hours.
NeuStar is one of the leading global communications and Internet service providers. The company offers a wide array of solutions to some of the world's biggest retailers and IT companies. It's UltraDNS service provides a managed DNS infrastructure to the likes of Juniper, Oracle, Forbes, or Diamond.
The problems with the UltraDNS servers have been noticed and initially reported by the team at Dynamic Network Services Inc., provider of the DynDNS service. "This morning, our Dynect Platform monitoring system noticed a problem, a big one. From our global perspective, it appears that many online services, including amazon.com (the store, AWS, and S3), salesforce.com, advertisting.com, and petco.com, had some serious DNS troubles," the company announced.
The team has quickly pinpointed the source of trouble as being some UltraDNS' PDNS-class servers that have been dropping as much as 50% to 70% of the DNS queries. "When we were able to successfully query UltraDNS servers, responses were slow to come back, or largely timed out," their advisory read.
According to Dyn, Amazon has taken quick action and has started switching to UltraDNS UDNS-class nodes that seemed unaffected. "[...] The source of the problem may have been a large scale Denial of Service attack against UltraDNS, or an internal operations problem," the Dynect Team speculated at the time.
NeuStar has later confirmed the problems and, indeed, has attributed them to a DoS attack. "Early this morning, our monitoring systems detected a significant denial of service attack, which affected a small subset of our customers, in some cases for as long as a few hours," NeuStar representatives told Network World.
According to the company, operations have returned to normal by 10am EST on Monday. "While we continue to investigate the cause, the extent, and the duration of the attack, service was completely restored by 10am EST," its statement explained. This is consistent with Dynamic Network Services' claim that, "The problem began to clear itself up around 10:00 am Eastern, when we saw DNS responses returning quickly again, and our favorite sites coming back online."
There is yet no information as to who may have been behind the attack or whether the whole UltraDNS service or one particular customer has been the intended target. However, it does put some things into perspective – if even Internet giants like Amazon can be affected by such an attack, what chances do average companies stand when their online business is targeted?