Massive DDoS Attack On DNS Provider Dyn Slows Twitter, Amazon, Github To A Crawl

level 3 outage
If the internet was incredibly slow for you this morning when browsing certain websites, or if you were having trouble posting your “wakeup” tweet to Twitter, we now know the root cause. A massive distributed denial of service (DDoS) attack was carried out against Dyn, which provides DNS service to a number of big name sites including Amazon, Twitter, reddit, Spotify, The New York Times, and Airbnb (among others).

The outages seemed to mainly be concentrated around the northeastern United States, with another “hot pocket” of activity centered in Texas. Dyn posted a note to its website earlier this morning, writing:

Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

Within two hours, Dyn was back with an update:

This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.

Another hour later, Dyn had completely restored service for all of its customers, both big and small. Again, the widespread slowdowns and outages was pretty localized, and Americans in the U.S. mid-section and west coast were largely spared.


Mikko Hypponen, Chief Research Officer for security research firm F-Secure, tweeted about the scope of the DDoS attack, writing:

He also rather astutely pointed out that certain industries have plenty of redundancies built-in to mitigate this type of service interruptus:

At this time, there are no leads as to where the attacks originated or why they were carried out in the first place. However, we're certain that we'll hear more as Dyn begins the investigative process into attack.

Tags:  DDoS, DNS, dyn