[87061] in North American Network Operators' Group
Re: GoDaddy DDoS
daemon@ATHENA.MIT.EDU (Kim Onnel)
Thu Dec 1 03:13:21 2005
Date: Thu, 1 Dec 2005 10:12:48 +0200
From: Kim Onnel <karim.adel@gmail.com>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Sam Crooks <scrooks@ebocom.net>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0512010502290.20032@marvin.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
------=_Part_12459_14310217.1133424768739
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
It could be a DoS that used a software vulnerability though.
On 12/1/05, Christopher L. Morrow <christopher.morrow@mci.com> wrote:
>
>
>
> On Wed, 30 Nov 2005, Sam Crooks wrote:
>
> > the source I have seen so far is:
> >
> >
> > http://news.com.com/GoDaddy.com+suffers
> > +outage/2110-7349_3-5977187.html?tag=3Dnefd.hed
> >
>
> stuck through tinyurl for those that care:
> http://tinyurl.com/83hxp
>
> >
> > So I was looking for more details....
> >
>
> apparently it affected web and mail, so I'd assume someone targetted thei=
r
> DNS hosts :( bummer for them... if they were a customer we could have
> helped. They seem to be ATT customers, Tim could probably have helped the=
m
> as well... perhaps calling their ISP's for assitance would have made the
> affect less than 65 mins? and thus less press-worthy :(
>
> >
> >
> > On Wed, 2005-11-30 at 23:11 +0000, Christopher L. Morrow wrote:
> > > On Wed, 30 Nov 2005, Sam Crooks wrote:
> > >
> > > > Does anybody have information regarding to size and scale of the
> DDoS
> > > > attack purported to have happened against GoDaddy today?
> > >
> > > nope... but against their:
> > > 1) dns servers?
> > > 2) web servers?
> > > 3) mail servers?
> > > 4) networking equipment?
> > > 5) none of the above?
> > >
> > >
> > >
> >
> >
> > CONFIDENTIALITY NOTICE:
> > This message, and any attachments, are intended only for the lawful and
> specified use of the individual or entity to which it is addressed and ma=
y
> contain information that is privileged, confidential or exempt from
> disclosure under applicable law. If the reader of this message is not the
> intended recipient or the employee or agent responsible for delivering th=
e
> message to the intended recipient, you are hereby notified that you are
> STRICTLY PROHIBITED from disclosing, printing, storing, disseminating,
> distributing or copying this communication, or admitting to take any acti=
on
> relying thereon, and doing so may be unlawful. It should be noted that an=
y
> use of this communication outside of the intended and specified use as
> designated by the sender, may be unlawful. If you have received this in
> error, please immediately notify us by return e-mail, fax and/or telephon=
e,
> and destroy this original transmission and its attachments without readin=
g
> or saving in any manner.
> >
> >
>
------=_Part_12459_14310217.1133424768739
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
It could be a DoS that used a software vulnerability though.<br><br><div><s=
pan class=3D"gmail_quote">On 12/1/05, <b class=3D"gmail_sendername">Christo=
pher L. Morrow</b> <<a href=3D"mailto:christopher.morrow@mci.com">christ=
opher.morrow@mci.com
</a>> wrote:</span><blockquote class=3D"gmail_quote" style=3D"border-lef=
t: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1=
ex;"><br><br>On Wed, 30 Nov 2005, Sam Crooks wrote:<br><br>> the source =
I have seen so far is:
<br>><br>><br>> <a href=3D"http://news.com.com/GoDaddy.com+suffers=
">http://news.com.com/GoDaddy.com+suffers</a><br>> +outage/2110-7349_3-5=
977187.html?tag=3Dnefd.hed<br>><br><br>stuck through tinyurl for those t=
hat care:
<br><a href=3D"http://tinyurl.com/83hxp">http://tinyurl.com/83hxp</a><br><b=
r>><br>> So I was looking for more details....<br>><br><br>apparen=
tly it affected web and mail, so I'd assume someone targetted their<br>DNS =
hosts :( bummer for them... if they were a customer we could have
<br>helped. They seem to be ATT customers, Tim could probably have helped t=
hem<br>as well... perhaps calling their ISP's for assitance would have made=
the<br>affect less than 65 mins? and thus less press-worthy :(<=
br><br>
><br>><br>> On Wed, 2005-11-30 at 23:11 +0000, Christopher L. Morr=
ow wrote:<br>> > On Wed, 30 Nov 2005, Sam Crooks wrote:<br>> ><=
br>> > > Does anybody have information regarding to size and scale=
of the DDoS
<br>> > > attack purported to have happened against GoDaddy today?=
<br>> ><br>> > nope... but against their:<br>> > 1) dns s=
ervers?<br>> > 2) web servers?<br>> > 3) mail servers?<br>> =
> 4) networking equipment?
<br>> > 5) none of the above?<br>> ><br>> ><br>> ><=
br>><br>><br>> CONFIDENTIALITY NOTICE:<br>>
This message, and any attachments, are intended only for the lawful and
specified use of the individual or entity to which it is addressed and
may contain information that is privileged, confidential or exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient or the employee or agent responsible for
delivering the message to the intended recipient, you are hereby
notified that you are STRICTLY PROHIBITED from disclosing, printing,
storing, disseminating, distributing or copying this communication, or
admitting to take any action relying thereon, and doing so may be
unlawful. It should be noted that any use of this communication outside
of the intended and specified use as designated by the sender, may be
unlawful. If you have received this in error, please
immediately notify us by return e-mail, fax and/or telephone, and
destroy this original transmission and its attachments without reading
or saving in any manner.<br>><br>><br></blockquote></div><br>
------=_Part_12459_14310217.1133424768739--
