Netflix and Twitter were amongst an array of websites and services taken down this morning by a DDoS attack. This list of sites and services also appears to have included SoundCloud, Disqus, PayPal, Spotify, and Reddit. Spotify reported issues to the public starting at 8AM Central time this morning, the 21st of October, 2016.
An attack of this size can only launch at a base host of data such as Amazon or Dyn. As it happens, Dyn reported this morning that an attack was in process at 6:00 AM Central Time. At that time, Dyn made note: “began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure.”
An update appeared at 7:45 Central Time by Dyn which read, “this attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.” Based on response we’ve gotten from SlashGear readers this morning, this outage impacted mainly the East Coast, but West Coast users have also reported downed services.
Another report from Amazon web services portal suggests the following. “Between 4:31 AM and 6:10 AM PDT, we experienced errors resolving the DNS hostnames used to access some AWS services in the US-EAST-1 Region.” Amazon continued, “This issue has been resolved and the service is operating normally.”
UPDATE: While Dyn’s original attack status seems to have been resolved, a new one has appeared. At DynStatus the newest message reads as follows. “As of 15:52 UTC, we have begun monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Our Engineers are continuing to work on mitigating this issue.”
A post this morning at YCombinator suggests that Etsy, Github, Pagerduty, and Heroku were also down this morning. At 4:49 AM Central Time Github Status said, “We’re monitoring an incident with our upstream DNS provider”, then at 9:14 AM, Github added, “The upstream DNS incident has been resolved. We continue to monitor our systems while they deliver a backlog of webhook events.”