π
(twitter.com)
Comments (49)
sorted by:
This is not a typical intern oopsie.
I'm going to hijack your top post to explain something. I'm a unix admin. I've been working on servers connected to the internet back before it was even called the internet. Most people don't realize how important DNS is to your security. If DNS becomes compromised your entire security plan can go to complete shit and your servers can be easily accessed. It would take too long to explain all the details but I can't stress enough that if someone even for a few hours compromised the DNS for Facebook etc then they very easily could have compromised Facebooks servers.
Simple version... imagine you have your database for an internal network shared across the whole building. You have multiple IPs and they might change so the security for that share is set to allow "blahblahblah.facebook.com" access. UNLIMITED ACCESS. You compromise the DNS and you tell it that your IP on a freaking DSL/Cable Modem in VA is blahblahblah.facebook.com. All the real people that should be accessing the data now can't cause they are just some rando IP with no name matched up in the DNS(because you deleted all the real records) but you match. So you go right through the firewall because it things you are a real Facebook IP and access the server.
The best part is as everything stops working all the traffic dies down so you have 80% of the bandwidth on a 10 zillion megabit line so your DL flies as such an insane speed that you're done downloading a multi-terabyte database in like an hour.
It also creates a lot of confusion because DNS is cached at different places at different times so the failures would happen randomly.
Bottom line if you know a little bit about how their security is setup and have a way to compromise DNS then you can walk right past even the best security setups like they are nothing. The only way to prevent this is to only us IP addresses which some people do but it can be a HUGE pain in the ass. Using names is often easier. You change to IP in the DNS and it changes EVERYTHING else for you. Problem is if a bad actor can change that DNS database they can own everything for a short while.
Thanks, that was very clear. Interesting.
Non techie here what does that mean?
Imagine your phone forgetting all your contacts. And you don't have their phone numbers memorized.
I am old enough to remember when we did memorize our friends phone numbers. And had a little physical real world thing called an address book.
You just reminded me to print out a copy of my current contacts list!
Let's say you just finished writing a letter to grandma.
You put the letter in the mailbox and the little flag up.
The mailman comes to your house and picks up the letter.
The letter makes its way to the post office where suddenly, the post office finds someone deleted grandma's address from their records so they don't know how to get it to her.
The post office doesn't deliver your letter.
Basically that, but with people sending letters to facebook.com and instagram.com
Interesting analogy except for the part where you forgot that the post office can read the address of your grandma on the envelope. Or is this about the laziness of the postal service?
In my analogy, the post office (router) lost the address and doesn't know where to send it.
If you understood how network packets (envelope) work, you would know the address is there to be read but the piece of hardware that's supposed to read it and route it doesn't know how because it doesn't have the right address to send it to anymore.
I hope that helps you better understand my analogy.
Got it, thanks... I was just joking , sorry.
DNS is kind of like how GPS gives you friendly directions. It gives you human readable directions to your destination. Can you imagine if you had to enter GPS coordinates when you just want to find 1234 Great Rd.
However with DNS there is no one mega server under a volcano that controls the internet, rather its a network of systems that all collaborate with eachother. "hey I know where those coordinates go to, heres how I know and also tell every one you know that we know"
Some one or some thing decided to just forget how to get to a certain destination and somehow that forgetfulness got passed on and no one caught it. Or the forgetfulness hit all the systems at the same time before they could update eachother with the real directions.
I guess that's the great discussion. Regardless of what officially happened, things like this have happened before and will continue to happen.
One server going down, blown up, pulled into a blackhole, or whatever would not bring the entirey of DNS down. There is no one ring to rule them all in DNS so a change in one would not affect the rest. But there is a main group (I forgot how many) of authoritative DNS servers that all the other DNS servers look to. And they are spread out geographically all over the world. So that's why when you see things happen like this sometimes a site it down in Europe but everything is fine in the USA.
So something happened to those main DNS servers. I don't know where disclose.tv got their information from regarding the entry being removed.
Malicious? Hell of a feat to pull off on a global scale.
Intentional? Good conspiracy route. Maybe theres something to be disrupted on purpose. Maybe an agenda is being played out. WEF said a global cyber attack was going to be the next big thing.
Accidental is most logical, but it would need to be combined with stupid. So maybe a config was changed or an update performed on a main authoritative DNS server. And in that process something got corrupted or stepped on or changed, then no one noticed it and allowed the error to replicated.
It's not out of reason if there was a big update or patch in a piece of software or a firmware update on a piece of hardware then it would need to be performed on all of the affected software and/or hardware. So if a bunch of DNS servers all got patched at or around the same time and some "entries" got bumped then a bunch of DNSs at the same time are starting to replicate bad information. Again, stupidity here to patch all mission critical things at the same time and not simulate it before deploying the patch to a live environment. Unfortunately IT is one of the first things to be cut at businesses in the name of cost savings.
Very well written analysis fren
It means the problem isn't even in facebooks control. DNS servers resolve a web address (Facebook.com) with it's ip address. So if it's been removed then when you you're in the web address, it doesn't know where to send you
Every website has a numeric Internet Protocol (IP) address. That is actually how they are identified.
The DNS or Domain Name Server cross references the domain name to the IP address and directs you to the site. If the name is not in the DNS table then looking for a website by name will return an error. And the only way to find the site is with the IP address.
Lots Of Sites went down about the same time. Google Amazon etc https://downdetector.com/
Saw another pede saying FB is fine in tx for her. I checked Amazon and that was fine for me also in tx.
Still down in PA.
Still down in Jersey
Damn not runescape!
post from disclose.tv:
"UPDATE - DNS records that tell systems around the world how to find http://Facebook.com or http://Instagram.com got withdrawn from the global Internet routing tables."
The internet is based on IP addresses. to make life easier domain name servers translate something like "facebook.com" to the ip address your computer connects to.
If a DNS server is like "facebook.com? whats that, i have no IP for it", then it won't send you to where you need to go.
This could be a 2-48h outage, that's how long it takes updates in DNS to propagate around the world to all DNS servers.
Just like a mailing address, correct? The IP is the address (i.e., 123 Main St., Fuckville, IL) Whereas what we use (xxx.com) is "the yellow house on the corner of Main St." Not sure if that is correct.
in a basic way, yes it is. However these days the IP address is no longer enough, as you need the DNS for a lot of sites. an IP will send you to the load-balancer which will send you to a load-balanced server. If you try via IP it will give you nothing, DNS plays a big role in this.
This one, this time, is getting pretty interesting.. we've seen this shit countless times but this seems more significant.
Anyone remember all those DoD IP addressees ???
Get fucked
It actually sounds like their IP ranges were removed, not just dns
The fact that the techs' key cards would not work tells me that they had never anticipated something like this happening.
5xx server error on insta, whatβs app, and fb
I'm having trouble with telegram too, it opens but stuff isn't loading. I wonder if it's just a coincidence?
oh, interesting. Same on my end.
OK, so my question is, how did this happen?
This is not a "opps I fat fingered something", this is 100% deliberate. I hope these sites NEVER come back up.
Oopskie poopskie.
routing tables have nothing to do with DNS
The one thing that the internet is specifically designed to NOT have happen due to multiple decentralized redundancies, has happened with a few specific domains.
Facebooks IP is http://173.252.110.27/
and the other most common IPS's don't work either
And using those also results in a connection timeout so if it was just the DNS at least one of those IP's would work....
Someone is making this happen, it is not accidental and it is not facebook doing it...
Wasn't today supposed to be the day that those DoD IP addresses were supposed to go online?
Just a nugget some may or may not know: the military, along with DARPA, designed and implemented the internet. Gave it "free" for everyone worldwide [WW]. It is a primary method of the NSA to gather and monitor.
Now, connect the dots:who still "owns" the internet. Who know how to shut access, worldwide, to any domain?
Thoughts to chew on thru all this hilarity π
FB is still down here in communist Minneapolis.
Folks, I don't want to rain on anyone's parade but this outage may or may not be significant. I work for a large software company and yes, systems are more sophisticated and automated than ever. But they're still controlled by humans and humans make mistakes as well as deliberately destroy things.
Primary access to Facebook.com is literally two "A records" in a DNS zone.
And if a mistake is made in one of the root servers, that error is propagated to DNS servers world-wide.
Yes, this outage could be meaningful. But it could also be just a run of the mill (albeit a very high profile one) mistake or malicious act.
Testing, 1,2,3. Testing.
KEK KEK KEK π€£