Attack against Dyn from Free (France)

attack-dyn-free.md

% check-soa -i twitter.com
ns1.p34.dynect.net.
	208.78.70.34: OK: 2007130853 (22 ms)
	2001:500:90:1::34: ERROR: read udp [2001:500:90:1::34]:53: i/o timeout
ns2.p34.dynect.net.
	204.13.250.34: ERROR: read udp 204.13.250.34:53: i/o timeout
ns3.p34.dynect.net.
	208.78.71.34: OK: 2007130853 (28 ms)
	2001:500:94:1::34: ERROR: read udp [2001:500:94:1::34]:53: i/o timeout
ns4.p34.dynect.net.
	204.13.251.34: ERROR: read udp 204.13.251.34:53: i/o timeout

% date -u
Fri Oct 21 17:36:21 UTC 2016

% check-soa -i github.com 
ns1.p16.dynect.net.
	208.78.70.16: OK: 1474079943 (22 ms)
	2001:500:90:1::16: ERROR: read udp [2001:500:90:1::16]:53: i/o timeout
ns2.p16.dynect.net.
	204.13.250.16: ERROR: read udp 204.13.250.16:53: i/o timeout
ns3.p16.dynect.net.
	208.78.71.16: OK: 1474079943 (22 ms)
	2001:500:94:1::16: ERROR: read udp [2001:500:94:1::16]:53: i/o timeout
ns4.p16.dynect.net.
	204.13.251.16: ERROR: read udp 204.13.251.16:53: i/o timeout

And with the RIPE Atlas probes:

~ % atlas-resolve -r 100 -c FR twitter.com
[104.244.42.129 104.244.42.193] : 7 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.38 199.16.156.6 199.16.156.70 199.59.148.10 199.59.148.82 199.59.149.198 199.59.149.230 199.59.150.39 199.59.150.7] : 7 occurrences 
[104.244.42.1 104.244.42.65] : 5 occurrences 
[104.244.42.129 104.244.42.65] : 8 occurrences 
[TIMEOUT(S)] : 9 occurrences 
[104.244.42.1 104.244.42.193] : 1 occurrences 
[104.244.42.193 104.244.42.65] : 5 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 26 occurrences 
[ERROR: SERVFAIL] : 30 occurrences 
[104.244.42.1 104.244.42.129] : 2 occurrences 
Test #6891394 done at 2016-10-21T17:43:34Z

% atlas-resolve -r 100 -c FR github.com
[ERROR: SERVFAIL] : 38 occurrences 
[TIMEOUT(S)] : 21 occurrences 
[192.30.253.113] : 19 occurrences 
[192.30.253.112] : 22 occurrences 
Test #6891399 done at 2016-10-21T17:44:20Z

~ % atlas-resolve -r 100 -c FR paypal.fr 
[64.4.250.13 64.4.250.14 64.4.250.19 64.4.250.20] : 38 occurrences 
[ERROR: SERVFAIL] : 41 occurrences 
[TIMEOUT(S)] : 21 occurrences 
Test #6891426 done at 2016-10-21T17:52:06Z

% atlas-resolve -r 100 -c FR paypal.com
[64.4.250.23 64.4.250.24] : 38 occurrences 
[ERROR: SERVFAIL] : 48 occurrences 
[TIMEOUT(S)] : 14 occurrences 
Test #6891439 done at 2016-10-21T17:55:37Z

% atlas-resolve -r 100 -c FR twitter.com 
[104.244.42.129 104.244.42.193] : 6 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.38 199.16.156.6 199.16.156.70 199.59.148.10 199.59.148.82 199.59.149.198 199.59.149.230 199.59.150.39 199.59.150.7] : 1 occurrences 
[104.244.42.1 104.244.42.65] : 9 occurrences 
[104.244.42.129 104.244.42.65] : 4 occurrences 
[TIMEOUT(S)] : 14 occurrences 
[104.244.42.1 104.244.42.193] : 4 occurrences 
[104.244.42.193 104.244.42.65] : 4 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 2 occurrences 
[ERROR: SERVFAIL] : 47 occurrences 
[104.244.42.1 104.244.42.129] : 9 occurrences 
Test #6891592 done at 2016-10-21T18:46:37Z

% atlas-resolve -r 100 -c US twitter.com 
[ERROR: SERVFAIL] : 29 occurrences 
[199.59.148.10 199.59.148.82 199.59.149.198 199.59.150.7] : 23 occurrences 
[TIMEOUT(S)] : 23 occurrences 
[104.244.42.129 104.244.42.65] : 1 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 22 occurrences 
Test #6891618 done at 2016-10-21T18:57:29Z

% atlas-resolve -r 100 -c FR twitter.com
[104.244.42.129 104.244.42.193] : 4 occurrences 
[104.244.42.1 104.244.42.65] : 5 occurrences 
[104.244.42.129 104.244.42.65] : 10 occurrences 
[TIMEOUT(S)] : 25 occurrences 
[104.244.42.1 104.244.42.193] : 4 occurrences 
[104.244.42.193 104.244.42.65] : 5 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 1 occurrences 
[ERROR: SERVFAIL] : 38 occurrences 
[104.244.42.1 104.244.42.129] : 8 occurrences 
Test #6891733 done at 2016-10-21T19:26:20Z

This was for the second attack, which started around 1555 UTC.