[ISN] Domain Registrar Joker Hit by DDoS

InfoSec News isn at c4i.org
Mon Mar 27 04:18:55 EST 2006


By Rich Miller
March 26, 2006 

Domain registrar Joker.com says its nameservers are under attack,
causing outages for customers. More than 550,000 domains are
registered with Joker, which is based in Germany. Any of those domains
that use Joker's DNS servers are likely to be affected.

"Joker.com currently experiences massive distributed denial of service
attacks against nameservers," the registrar says in an advisory on its
home page. "This affects DNS resolution of Joker.com itself, and also
domains which make use of Joker.com nameservers. We are very sorry for
this issue, but we are working hard for a permanent solution."

Nameservers, which store the records that connect domain names with
specific IP addresses, are attractive targets for hackers because they
control the availability of large numbers of web sites. In 2002 the
Internet's root nameserver system came under attack, with the DDoS
causing network congestion but only minor performance problems for the
DNS system, which a subsequent analysis noted is "massively
overprovisioned to make it robust against attacks or network

In the wake of that attack, most major registrars have robust
infrasturcture to defend against DDoS attacks. It's not immediately
clear whether the problems at Joker.com are related to the specifics
of its DDoS defenses or the sheer volume of the attack. In recent
weeks some Internet security groups have warned of the dangers posed
by DNS recursion attacks, which can use the nameserver system to
amplify a DDoS launched by a bot network.

More information about the ISN mailing list