Talk:DDoS attacks on Dyn

In the news nomination
In_the_news/Candidates --  Zanimum (talk) 21:58, 21 October 2016 (UTC)

Structure
Anyone interested in a big overhaul of the structure of the article? Right now the Investigation section is a bit of a mess, I suggest we create three distinct sections: one providing some background on IoT-based attacks and Mirai; one with an analysis of the actual Dyn attack, its impact and size; one on further investigations on the perpetrators.--DarTar (talk) 02:41, 22 October 2016 (UTC)

Related? DNS problems in Singapore, a few hours later
http://www.channelnewsasia.com/news/singapore/starhub-fibre-broadband-service-outage-sparks-customers-ire/3227690.html A ISP in Singapore (Starhub) is also suffering similar DNS issues to the ones that had issues in DynDNS. There is no source for the DNS problems currently, but as I'm currently being affected by this issue, I am sure it is a DNS issue and sources will likely be published when the news hits the press in a few hours. Thus, I'd like to ask for this issue to be watched.

Edit: another source: https://www.facebook.com/StarHub/posts/10154723132242472 — Preceding unsigned comment added by Mount2010 (talk • contribs) 16:29, 22 October 2016 (UTC) -- Confirmed DDOS on DNS servers that may be related to the DynDNS DDOS, anyone knows if this is related? http://www.straitstimes.com/tech/starhub-broadband-disruption-due-to-spike-in-traffic-that-jammed-its-domain-name-servers Mount2010 (talk) 15:14, 25 October 2016 (UTC)

New World Hackers
User:Doc Strange - there's a redirect (two in fact) for the group which targets this article. It was formerly to the section "Perpetrators" but now to the top of the article. MOS says to either bold or italicise per least astonishment. In the lead always seems a better location for bold, but I've left as italics for now. It's a R with possibilities. Widefox ; talk 21:02, 22 October 2016 (UTC)


 * Okay. Didn't know that. Doc StrangeMailbox Logbook 21:12, 22 October 2016 (UTC)


 * User:Brandmeister per MOS:BOLD "To follow the "principle of least astonishment" after following a redirect...", WP:R "article or section to which the redirect goes. It will often be appropriate to bold" Widefox ; talk 12:14, 30 October 2016 (UTC)
 * I've removed the boldface and the invisible comment. Using boldface where a section is dedicated to a subtopic is fine with me, but having the redirect be bolded in the target in this situation is unhelpful. The group is only mentioned once, not the topic of the section, and halfway through the sentence alongside names of other orgs. I don't think it was an aid to readers. MOS:BOLDREDIRECT doesn't explicitly say that what was done here is discouraged, buuut it seems like it would be. SWinxy (talk) 06:24, 14 April 2023 (UTC)

Level 3 map and impacts
The three-part structure suggested above makes sense: botnet and techniques used - impacts - follow-up. The section on impacts is not currently well described, and in particular I'd question the use of a map relating to Level 3 (following its use on a couple of websites). Level 3 is just one Tier 1 network, so I'm not sure of its actual relevance - is it integral to Dyn's multicast network in some way? I noticed 99.7% packet loss to Dyn's servers from Europe and at one point the vast majority of ISPs servers all over the world had no cached records for twitter.com. So although it was stated in some news reports as mostly affecting eastern USA, this is doubtful. In other words, we need more expert reliable sources to explain if and why some regions were more affected. --Cedderstk 21:48, 24 October 2016 (UTC)

Containment
Dear all, The article does not explain, how/why the attack ended. Did the attackers stop it? Why? Or was it eventually fended off? How? Thank you in advance for adding this information. Yours, Ciciban (talk) 12:57, 15 November 2016 (UTC)

Education Quality and Accountability Office
A reader contact the Wikimedia ( ticket:2017042310000168 ) to note that the incident associated with Education Quality and Accountability Office occurred on 20 October not 21 October. Unfortunately, the reference discussing the incident is dated 24 October and does not definitively identify the date of the attack (unless I missed it). The article does not mention Dyn. Unless someone can add corroborating evidence that it was associated with the Dyn attack, this may be a mere coincidence (or perhaps a trial run?). I plan to remove this entry on the sourcing can be found which clearly identifies this as a Dyn attack.-- S Philbrick (Talk)  13:52, 29 April 2017 (UTC)
 * This site supports the claim that it occurred 20 October not 21 October, so I plan to remove it from the article.-- S Philbrick (Talk)  16:47, 1 May 2017 (UTC)