As we detailed on our blog last week, the largest DDoS attack reported in history took place on October 21. The attack employed the Mirai botnet, a botnet of IoT-connected devices, to take down sites hosted by the Dyn DNS provider. During this time we saw an influx of users on the VyprVPN network. We wanted to share more about how VPNs can provide a valuable service during DDoS attacks, and why people turned to VyprVPN during the incident.
During the DDoS attack, we saw an increase of users connecting through VyprVPN. Many of these users were from countries affected by the DDoS attack, and were looking for an alternate path to take online to retain access the sites being hit. While we sometimes think of VPNs as a tool to safeguard against DDoS attacks during activities like gaming, a lesser-known fact is they can also help users access downed sites during DDoS attacks. A VPN allows a user to change their IP address, so they may circumvent outages.
The DDoS attack targeted Dyn, a DNS provider, and as a result sites hosted by Dyn were inaccessible. When a DDoS attack is targeted at a DNS, the browser is unable to convert the domain name into the numeric IP address where the web servers reside. Since the DNS provider was targeted instead of the actual sites, the web servers for the websites remained functional – meaning if a user could reach these servers, they could view the website. Further, since DNS is a huge distributed system, DDoS attacks on DNS providers don’t necessarily affect websites around the entire world.
Some savvy VPN users found a workaround, explaining the increased VPN connections on our network. As DNS is a distributed system, some users were able to switch to a different provider with a still-functional DNS. Since the attack on Dyn was primarily centered on the United States (east coast first, then west coast), some VPN users who changed their IP addresses to other worldwide locations were able to access affected sites. Dyn reported they “did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast [during the initial attack on east coast systems] would have been successful.”
Sources: Cloudmark Blog