Limited to Northern California, earlier this evening, late last night for some of you, UltraDNS was hit with a Denial-of-Service attack that lasted for about an hour, which was felt by thousands of last minute shoppers online.The reach of the one hour outage is unknown as to its scale, but Amazon, as well as sites using Amazon’s EC2 and S3 services, experienced slowdowns or outright outages. While there was no real statement, Jeff Barr, the Lead Web Services Evangelist at, noted during the attack that, “tons of sites are offline.”Other sites impacted include,, Second Life (Linden Labs),,, and
The trouble started at about 4:45 p.m. PST (7:45 p.m. EST) according to NeuStar, which offers DNS services under the UltraDNS brand. Allen Goldberg, VP of Corporate Communications for NeuStar, in a telephone chat with The Tech Herald commented that, “The alarms went off within our systems immediately.”Once the alarms sounded, there was a gap of only a few minutes before mitigations were put into place. “We needed to understand the pattern and signatures of the attacks. It was not a straight forward attack.” Once the patterns emerged, the malicious traffic was filtered and things started to return to normal. The DDoS lasted about an hour, but mitigations knocked the total outage time down to about half of that based on Amazon’s updates.

During the incident, Goldberg told us that NeuStar was in constant contact with customers, offering updates and explanations as to what happened and what mitigations were being deployed.In addition, the UltraDNS Support Team sent the following to us, shortly after we talked with Goldberg. “On December 24, 2009 at 00:45 GMT, UltraDNS incurred a denial of service attack targeting our San Jose, CA and Palo Alto, CA node locations. This attack may have resulted in increased latency for your DNS queries directed to these node locations. The additional node locations within the UltraDNS infrastructure did not incur the same attack symptoms,” the statement said.
“The denial of service attack was recognized and quickly engaged by our Network Engineering teams who were able to apply filters and mitigate the malicious attack at 01:30 GMT. After the filters were applied, attack traffic significantly decreased in excess of 75%. The overall attack traffic ceased at 01:45 GMT. We are no longer seeing the attack traffic and our Network Engineering teams are continuing to investigate the source of the malicious attack to our network.” The statement also noted that the seven other major node locations within the UltraDNS network were not interrupted during the DoS attack, and were successfully answering queries.

Goldberg mirrored the statement from the UltraDNS Support Team, telling us that there is currently an investigation into the attack and its source. He had no further comments on the status of this investigation, and could not comment when it comes to customers.

Leave a Reply

Your email address will not be published. Required fields are marked *