Attacks/Breaches
7/22/2013
12:52 PM
Connect Directly
RSS
E-Mail
50%
50%

Network Solutions Recovers After DDoS Attack

Customers still report ongoing outages in wake of last week's attacks.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Network Solutions said it's fully mitigated a distributed denial of service (DDoS) attack that compromised some services last week, and that attack volumes against the company had returned to normal.

"We experience DDoS attacks almost daily, but our automatic mitigation protocols usually handle the attacks without any impact to our customers," said John Herbkersman, a spokesman for Network Solutions' parent company, Web.com, via email. Network Solutions manages more than more than 6.6 million domains, provides hosting services, registers domain names and also sells SSL certificates, among other services.

But Monday, some customers reported still experiencing domain name server (DNS) and website updating difficulties that dated to the start of the DDoS attacks. The company, however, disputed those claims. "Some customers may be experiencing issues, but they are not related to last week's DDoS attack," said Herbkersman.

[ Are distributed denial of service -- DDOS -- attacks increasing? Read DDoS Attack Bandwidth Jumps 718%. ]

The DDoS attacks began last week, with Network Solutions at first reporting that "some Network Solutions hosting customers are reporting latency issues," according to a "notice to customers who are experiencing hosting issues" posted to the company's website on Tuesday, July 16. "Our technology team is aware of the problem, and they're working to resolve it as quickly as possible. Thank you for your patience," it said.

As the week continued, the company posted updates via Twitter and to its Facebook page. By Wednesday, it said that the outages were due to a DDoS attack "that is impacting our customers as well as the Network Solutions site." It said that the company's technology staff were "working to mitigate the situation."

Later on Wednesday the company declared via Twitter: "The recent DDOS attack affecting customers has now been mitigated. Customer websites should be resolving normally. Thanks for your patience."

The Network Solutions website wasn't available or updateable for the duration of the attacks. But that wasn't apparent to all customers, who might not have turned to Facebook and Twitter seeking updates about the company's service availability. One InformationWeek reader, who emailed Friday, accused Network Solutions of being less than forthcoming about the fact that the outages were being caused by a DDoS attack, "which they acknowledged only when calling them," after he found only the "notice to customers who are experiencing hosting issues" post on the company's site. "They have been trying to bury it," he alleged. "Some sites were down for the entire day."

Herbkersman brushed off the criticism. "In addition to Facebook, we communicated via the Network Solutions' website and via Twitter," he said. "We also responded directly to customers who called our customer service team and those who contacted us via social media channels."

Friday, the company did publish a fuller accounting of the outage to its website. "Earlier this week, Network Solutions experienced a distributed denial of service (DDoS) attack on its servers that affected our customers. The Network Solutions technology team quickly identified the issue and implemented measures to mitigate the attack," read a statement posted to the company's site and cross-referenced on its Facebook page. "We apologize to our customers who were impacted."

"Are we getting refunded some money because of your 99.99% uptime guarantee?" responded one member via Facebook. "Feel free to call our support team and they will be happy to discuss," came a reply from Network Solutions.

Customers might have had to contend with more than just the DDoS attack. A Tuesday Facebook post -- since deleted, which the company said it made to help direct customers to more recent information about the DDoS-driven outages -- drew comments from customers reporting DNS issues. "There were multiple reports on the July 16, 2013 Facebook thread that appear to indicate customer DNS records were corrupted before the DDoS induced outage," Craig Williams, a technical leader in the Cisco Systems threat research group, said in a blog post.

The one-two punch of domain name resolution difficulties and a DDoS attack could have left numerous sites inaccessible not just during the attack, but in subsequent days, as the company attempted to identify the extent of the damage and make repairs in subsequent days.

Last week's DDoS attack was the second such attack for Network Solutions customers in less than a month. "In [the] previous outage, domain name servers were redirected away from their proper IP addresses," said Williams. In that case, however, at least some of the DNS issues appeared to be "a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack." Herbkersman, the Web.com spokesman, said last week's outages were entirely driven by the DDoS attacks, rather than the company's response to those attacks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
squingynaut
50%
50%
squingynaut,
User Rank: Apprentice
7/24/2013 | 8:02:34 PM
re: Network Solutions Recovers After DDoS Attack
As a customer of Network Solutions or another company, is there anything we can do to mitigate the effects of DDoS attacks like these? Or are we at the mercy of the systems put in place by our domain registrars?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

CVE-2014-0762
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

CVE-2014-2380
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

CVE-2014-2381
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

CVE-2014-3344
Published: 2014-08-27
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq3...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.