Thu Oct 27, 2016, 09:52 AM

How many Internet of S**t devices knocked out Dyn? Fewer than you may expect

Oct 2016 at 01:30, Richard Chirgwin
With more time to analyse its logs, DNS provider Dyn reckons about 100,000 Mirai-infected home web-connected gadgets knocked it out last Friday.

In its latest analysis, product executive veep Scott Hilton writes: “We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints. We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets.”

Dyn earlier said gizmos hiding behind “tens of millions” of IP addresses were responsible, although stressed the actual number of hijacked webcams, routers and other gear that overwhelmed its servers would be much less. Now we know it's about 100 large, leaving us wondering: “How did the attack succeed?”

One reason, Hilton says, is that DNS itself can tend to amplify requests from legitimate sources: “For example, the impact of the attack generated a storm of legitimate retry activity as recursive servers attempted to refresh their caches, creating 10-20X normal traffic volume across a large number of IP addresses. When DNS traffic congestion occurs, legitimate retries can further contribute to traffic volume.”

Internet of S**t things claims another scalp: DNS DDoS smashes StarHub

0 replies, 283 views

Reply to this thread

Back to top Alert abuse