Cisco Blogs


Cisco Blog > Security

Network Solutions Customer Site Compromises and DDoS

July 17, 2013
at 10:03 am PST

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.

According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.

response_time

Response time in ms (GMT -8:00)

Initially, Network Solutions reported that:

network_solutions_1

Posted July 16, 2013

However, in the comments it was made clear that Network Solutions decided to temporarily remove this thread from their Facebook page so that customers affected by the DDoS could more easily find relevant information. There were multiple reports on the July 16, 2013 Facebook thread that appear to indicate customer DNS records were corrupted before the DDoS induced outage. As a result of the DDoS attack, any customers that were compromised previously may not be able to repair their domain name infrastructure until the DDoS is mitigated.

network_solutions_2

The Cisco TRAC team is continuing to monitor the situation for further developments.

Special thanks to Jaeson Schultz for his help with this post.

Tags: , , , , , ,

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

20 Comments.


  1. Ahh…real facts. This is actually the best summary of all the info on the attack I’ve found.

       7 likes

  2. Finally someone with some answers. Apparently Network Solutions doesn’t understand that we (IT PRofessionals) need to keep our customers up to date. Without any information you make us look like idiots when in fact its Network Solutions with their head up their a….

       10 likes

  3. Wonder if their stock will go down too :~

    http://www.nasdaq.com/symbol/lyns

       1 like

    • Wrong stock symbol. Web.com owns Network Solutions and their symbol is wwww.

         0 likes

  4. Do we know if it’s been resolved?

       0 likes

    • It seems to have been at around 11ish EST. But many of my domains dns servers are not resolving again. Started about 3:30p EST

         1 like

  5. If your site’s DNS servers are down, there is an easy workaround (assuming you know the IP addresses and host names of your web, e-mail, etc. servers and you have login info for your domain registrar). Sign up for another DNS host, add your DNS records, and configure your domain name with your registrar to use the new DNS servers. Ideally, you should host your DNS records with multiple providers to begin with, which would have prevented problems like this from occurring.

       3 likes

    • So one of the problems we are having is that Network Solutions IS the registrar. So this isn’t possible. ;(

         1 like

    • I’m pretty sure you can’t use Network Solution’s own DNS servers for a domain/zone unless they’re also your registrar. So what if you’re unable to login to your registrar to change the name servers? Or let’s say you can change them, or they already do point to different providers for primary and secondary DNS, this wouldn’t do any good if the registrar itself is either not giving that information out to begin with, or worse giving the wrong servers because they’ve been hijacked. Name server pointer changes at the registrar also take the longest to propagate in my experience, at least 24 hours. It’s not something you do in response to a problem.

         0 likes

  6. We are affected by this off and on this morning, and as of right now we are still having DNS issues. thank you cisco blogging for the coverage as NS has not given any update and their phones are dropping off the hook now.

       0 likes

  7. We are seeing instances where the root servers are pointing to NSI Name Servers instead of ours. They seem to be assuming that they host DNS for the domains but seem to be proxying the results from our name servers to the outside world because the host.domains are still resolving. By following the trail in DNSStuff.com it’s going to I.ROOT-SERVERS.NET. [192.36.148.17](117ms) > f.gtld-servers.net. [192.35.51.30](50ms) > ns89.worldnic.com. [205.178.190.45](46ms)
    where the last hop for the domain should be our own name servers, not ns89.worldnic.com.

       0 likes

  8. Things seem to have smoothed out. Any updates if this is a temporary reprieve or if the problems are resolved?

       0 likes

  9. Hi
    this network issue just put a big trouble

       0 likes

  10. I had a large customer that had several complaints of DNS issues around 4:30p.m. to 6:30pm central. There domain is registered via NS…do you have any more information on this?

       0 likes

  11. have a few sites with them..hope the issue is resolved before the weekend..

       0 likes

  12. How did everyone survive the aftermath? After my site was back up, I didn’t see any major problems from about 11am cst onwards.

       0 likes

  13. Was this resolved? Such a big company has a big problem when it goes about DDOS

       0 likes

  14. July 22, 2013 at 7:51 am

    You can view the current and past response times for the main site here – http://www.isitdownrightnow.com/networksolutions.com.html

       0 likes

  15. this is so bad i think.

       0 likes

  16. So what recourse do we have? This is killing us today. NetSol has absolved themselves of all responsibility and instructed us to call Registrar.com.

       0 likes