nixCraft Linux / UNIX Newsletter

Link to [RSS/Feed] nixCraft: Linux Tips, Hacks, Tutorials, And Ideas In Blog Format

Dyn a cloud-based DNS service under DDoS attack and took down major sites such as Twitter/Reddit/Spotify/Paypal and others

Posted: 21 Oct 2016 07:31 AM PDT

DDoS on Dyn.COM

A massive DDoS (distributed denial-of-service) attack against a popular cloud-based DNS provider Dyn.COM took down major websites. The DYN.COM confirmed it on twitter:

Following sites are having issues due to DNS problems:

  1. Twitter
  2. SoundCloud
  3. Spotify
  4. Netflix
  5. Reddit
  6. Disqus
  7. PayPal
  8. Basecamp
  9. Business Insider
  10. CNN
  11. Esty
  12. Github
  13. Guardian.co.uk
  14. Imgur
  15. HBO Now
  16. Pinterest
  17. Recode
  18. The Verge
  19. Wired and more

You can verify NS with the following standard Unix command:
$ host -t ns twitter.com

twitter.com name server ns2.p34.dynect.net. twitter.com name server ns1.p34.dynect.net. twitter.com name server ns4.p34.dynect.net. twitter.com name server ns3.p34.dynect.net.

From the official announcement:

This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Services have been restored to normal as of 13:20 UTC on 21/Oct/2016. But, I’m still seeing problems.

This DDoS attack may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring. Our Engineers are continuing to work on mitigating this issue. — Oct 21, 2016 – 16:48 UTC

See the “DDoS Attack Against Dyn Managed DNS” update page for up to date information.

(Image credit)

How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ]

Posted: 21 Oct 2016 01:21 AM PDT

A very serious security problem has been found in the Linux kernel. A 0-day local privilege escalation vulnerability has existed for eleven years since 2005. This bug affects all sort of of Android or Linux kernel to escalate privileges. Any user can become root in less than 5 seconds. The bug has existed since Linux kernel version 2.6.22+. How do I fix this problem?