DoS Attack persists.


Also See:

Mini-FAQ about the Jan 07 DDoS Attack


[UPDATE: 12:54AM Jan 08] The attack traffic is still coming in fairly heavily. We are working on a couple of avenues of adjusting our defenses.


[UPDATE: 2:33AM EST Jan 08] DNS1 is back online. dns2 has been mostly online througout most of this. We are now working on dns3. ]

[UPDATE: 3:17AM Jan 08] We have rerouted dns3.easydns.CA and dns3.easydns.ORG to for now. We will be bringing the main DNS3 anycasts back up Sunday during the day.



We think the worst is over for today’s DOS attack which hit us on, and (and anycast constellations.

The attack was a multi-faceted multi-gig combination of SYN, ICMP and DNS Flood.

DNS1 and DNS3 totally imploded. DNS1 is coming back in pieces, DNS3 is still down hard.

DNS2 went down when the attack first hit, but Prolexic was able to bring enough of it back up after 30 minutes or so to restore partial service.

We are working on bringing the rest of DNS1 up, and a workaround to route DNS3 traffic elsewhere until the attack traffic abates.

On that note, the target of the attack has been identified and has removed its nameserver delegation from us. Until about an hour ago there were still nameservers reporting our nameservers as the delegation for the target domain. Now that those are gone, we expect the attack traffic to drop.

I also by accident pulled our previous post on this subject back into draft mode, making it invisible on the blog, because I meant to revoke my (now, seemingly idiotic “Save the Elephants” post), which I hit publish on almost the exact moment the attack started. Because it’s been that kind of a day.

This isn’t the post-mortem. I will post that later. Just wanted to update everybody with where we’re at.

There will be serious, structural changes here as a result of today. The worst DOS attack impact we’ve suffered since 2005.

7 thoughts on “DoS Attack persists.”

  1. mark fogarty says:

    my domains still aren’t resolving

  2. Tony Uccello says:

    Our site was down since around 6pm Saturday Jan 7, 2012.

    I find this incident totally unacceptable.

    There should be failsafes in place so this type of situation doesn’t occur.

    This outage has cost us severely.

  3. Stephen Swan says:

    Coudl you be more clear about what DNS servers (including FQDN) we should be pointing to in order for us to resume operation?

  4. BTaylor says:

    what I appreciate about easydns is their total transparency. So many would try to hide problems, issues and point fingers. You are authentic. I hope you find ways to kick these attackers in the ass!

Leave a Reply

Your email address will not be published. Required fields are marked *