Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Attack against Dyn from Free (France)
% check-soa -i twitter.com
ns1.p34.dynect.net.
	208.78.70.34: OK: 2007130853 (22 ms)
	2001:500:90:1::34: ERROR: read udp [2001:500:90:1::34]:53: i/o timeout
ns2.p34.dynect.net.
	204.13.250.34: ERROR: read udp 204.13.250.34:53: i/o timeout
ns3.p34.dynect.net.
	208.78.71.34: OK: 2007130853 (28 ms)
	2001:500:94:1::34: ERROR: read udp [2001:500:94:1::34]:53: i/o timeout
ns4.p34.dynect.net.
	204.13.251.34: ERROR: read udp 204.13.251.34:53: i/o timeout

% date -u
Fri Oct 21 17:36:21 UTC 2016

% check-soa -i github.com 
ns1.p16.dynect.net.
	208.78.70.16: OK: 1474079943 (22 ms)
	2001:500:90:1::16: ERROR: read udp [2001:500:90:1::16]:53: i/o timeout
ns2.p16.dynect.net.
	204.13.250.16: ERROR: read udp 204.13.250.16:53: i/o timeout
ns3.p16.dynect.net.
	208.78.71.16: OK: 1474079943 (22 ms)
	2001:500:94:1::16: ERROR: read udp [2001:500:94:1::16]:53: i/o timeout
ns4.p16.dynect.net.
	204.13.251.16: ERROR: read udp 204.13.251.16:53: i/o timeout
@bortzmeyer

This comment has been minimized.

Copy link
Owner Author

@bortzmeyer bortzmeyer commented Oct 21, 2016

And with the RIPE Atlas probes:

~ % atlas-resolve -r 100 -c FR twitter.com
[104.244.42.129 104.244.42.193] : 7 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.38 199.16.156.6 199.16.156.70 199.59.148.10 199.59.148.82 199.59.149.198 199.59.149.230 199.59.150.39 199.59.150.7] : 7 occurrences 
[104.244.42.1 104.244.42.65] : 5 occurrences 
[104.244.42.129 104.244.42.65] : 8 occurrences 
[TIMEOUT(S)] : 9 occurrences 
[104.244.42.1 104.244.42.193] : 1 occurrences 
[104.244.42.193 104.244.42.65] : 5 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 26 occurrences 
[ERROR: SERVFAIL] : 30 occurrences 
[104.244.42.1 104.244.42.129] : 2 occurrences 
Test #6891394 done at 2016-10-21T17:43:34Z

% atlas-resolve -r 100 -c FR github.com
[ERROR: SERVFAIL] : 38 occurrences 
[TIMEOUT(S)] : 21 occurrences 
[192.30.253.113] : 19 occurrences 
[192.30.253.112] : 22 occurrences 
Test #6891399 done at 2016-10-21T17:44:20Z

~ % atlas-resolve -r 100 -c FR paypal.fr 
[64.4.250.13 64.4.250.14 64.4.250.19 64.4.250.20] : 38 occurrences 
[ERROR: SERVFAIL] : 41 occurrences 
[TIMEOUT(S)] : 21 occurrences 
Test #6891426 done at 2016-10-21T17:52:06Z

% atlas-resolve -r 100 -c FR paypal.com
[64.4.250.23 64.4.250.24] : 38 occurrences 
[ERROR: SERVFAIL] : 48 occurrences 
[TIMEOUT(S)] : 14 occurrences 
Test #6891439 done at 2016-10-21T17:55:37Z

% atlas-resolve -r 100 -c FR twitter.com 
[104.244.42.129 104.244.42.193] : 6 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.38 199.16.156.6 199.16.156.70 199.59.148.10 199.59.148.82 199.59.149.198 199.59.149.230 199.59.150.39 199.59.150.7] : 1 occurrences 
[104.244.42.1 104.244.42.65] : 9 occurrences 
[104.244.42.129 104.244.42.65] : 4 occurrences 
[TIMEOUT(S)] : 14 occurrences 
[104.244.42.1 104.244.42.193] : 4 occurrences 
[104.244.42.193 104.244.42.65] : 4 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 2 occurrences 
[ERROR: SERVFAIL] : 47 occurrences 
[104.244.42.1 104.244.42.129] : 9 occurrences 
Test #6891592 done at 2016-10-21T18:46:37Z

% atlas-resolve -r 100 -c US twitter.com 
[ERROR: SERVFAIL] : 29 occurrences 
[199.59.148.10 199.59.148.82 199.59.149.198 199.59.150.7] : 23 occurrences 
[TIMEOUT(S)] : 23 occurrences 
[104.244.42.129 104.244.42.65] : 1 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 22 occurrences 
Test #6891618 done at 2016-10-21T18:57:29Z

% atlas-resolve -r 100 -c FR twitter.com
[104.244.42.129 104.244.42.193] : 4 occurrences 
[104.244.42.1 104.244.42.65] : 5 occurrences 
[104.244.42.129 104.244.42.65] : 10 occurrences 
[TIMEOUT(S)] : 25 occurrences 
[104.244.42.1 104.244.42.193] : 4 occurrences 
[104.244.42.193 104.244.42.65] : 5 occurrences 
[199.16.156.102 199.16.156.198 199.16.156.230 199.16.156.70] : 1 occurrences 
[ERROR: SERVFAIL] : 38 occurrences 
[104.244.42.1 104.244.42.129] : 8 occurrences 
Test #6891733 done at 2016-10-21T19:26:20Z
@bortzmeyer

This comment has been minimized.

Copy link
Owner Author

@bortzmeyer bortzmeyer commented Oct 21, 2016

This was for the second attack, which started around 1555 UTC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment