More on defense: NYT attack and OpenDNS

Nice article about how a strong defense by OpenDNS prevented its users from being victimized by the recent name service attack against the New York Times.

When the Syrian Electronic Army (SEA) hijacked the website of The New York Times (NYT) earlier this week, causing its domain name system (DNS) records to be redirected, the nature of the attack was a direct example of why a defensive approach like the one taken by OpenDNS can be effective.

David Ulevitch, founder and CEO of the San Francisco-based OpenDNS, said his company was involved in helping the newspaper recover from the attack, but what he came away wanting to emphasize (perhaps not unexpectedly) was that OpenDNS users never got redirected in the way that other would-be readers of were. “As soon as the site got redirected to a new IP, we detected that a super-popular, super-stable, infrequently changing domain on the Internet was all of a sudden redirected to a suspicious IP address in another country, and we automatically flagged it to be blocked. None of our customers ever went to the redirected site.”

It turns out that OpenDNS’s engineers have a massive Hadoop cluster that keeps track of where infected and non-infected machines are spending their time on the Internet. Their Umbrella Security Graph had been rolled out earlier this year, but the linkage between it and the policies that automatically prevent malicious redirection of users had only been in place for a few weeks. There’s a post on the DNS service’s official blog that talks more about their solution.

This entry was posted in Security, System Administration, Systems Analysis on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).