Apple DDOS? Nope, just the update coming down!

Published: 2013-09-18
Last Updated: 2013-09-19 17:14:37 UTC
by Rob VandenBrink (Version: 2)
6 comment(s)

The amount of press that Apples IOS 7 update has gotten today has had an unintended consequence - everyone seems to be pulling it down the instant they see that it's available.

This is triggering IPS Sensors and causing real DOS conditions due to the traffic involved - an unintended "apple - zooka"

<<updated content follows>>

Our readers are reporting up to a doubling of wireless traffic, and similar increases on overall internet bandwidth usage!  The chart below shows the impact on a wireless network in a education setting (thanks again to John and Eric for this!).  That's more Apple-y goodness than we bargained for today ! 

 

Swa, one of our handlers, indicates that this can be easily resolved for a corporate network by enabling the Apple Caching Service and/or Software Update Server  on a single OSX Server in the network, which serves as the update "broker" for all clients on the netowrk. (thanks for the screenshot Swa).  The Caching Server will serve up all Apple content (including updates), while the Update Server will only server up Updates.

I'm not sure how these services interact with the Service Discovery features in mDNS - if anyone has details on this we'd appreciate your insight in the comments field for this story!

The basics of setting up your Caching Server can be found in the "Mac Management Basics" guide, found here ==> http://training.apple.com/pdf/Mac_Management_Basics_10.8.pdf
Generally, just enabling the Caching Server is enough, but advanced settings for the caching server can be found here ==> http://support.apple.com/kb/HT5590

 

===============
Rob VandenBrink
Metafore

Keywords:
6 comment(s)

Comments

Unfortunately, the cache server has to compete with all the iThings until it gets a copy in cache...:-( We're working on it tho...
"Swa, one of our handlers, indicates that this can be easily resolved for a single broadcast domain by enabling the Apple Caching Service on a single OSX Server in the network. Clients find it with Bonjour, and a single download services all clients. (thanks for the screenshot Swa)"

Is that enterprise support? LMAO
Another option our org is considering is 'sinkholeing' the common DNS records i-devices use for software updates... at least for a few days with the expectation that most users will update via 'other' networks (like their home).

From what I've gathered around the web... these seem to be the relevant domains required to check for and download the update without impacting other legit iStore purchases, Siri, iMessaging, etc...

appldnld.apple.com
iphone-wu.apple.com
mesu.apple.com
phobos.apple.com
wu.apple.com

YMMV, we're still testing impact...

Also, not only iOS7, but we're noticing 15+ app updates as well listing "iOS7 bug fixes"... so add that to mix.

Would love to see feedback from other ISC readers who may have more specifics on these or other domains iOS devices depend on for iOS and app updates.
I am not sure you can say the Apple solution is not an enterprise solution.
It uses http://tools.ietf.org/html/rfc6763 based DNS based service discovery.

If Bonjour does not find the services using multicast (You can do multicast routing), then it falls back to unicast DNS lookup. So just add the relevant records to your DNS and things will work. You could put up a Bonjour Proxy as well, that responds on behalf of the actual server. It could be put on the Wireless, and respond on behalf of a server on another subnet.

Here is what Apple writes:
Bonjour uses Dynamic DNS Update (RFC 2316) and unicast DNS queries to enable wide-area service discovery.

If adding things to DNS is not an Enterprise solution, I don't know what is ?

Too many people don't see Apple products as the enterprise products they really are, as most of them are considered so dear to people that they want them as personal devices, and not enrolled too deep in the enterprise, because of fear that it might end up being too much like the slow and ugly Windows machine they had before. Maybe Apple needs to add a "Add to Domain" Application to convince everybody they are enterprise ready.
Probably related to the IOS release, though not the DOS condition -- I'm seeing several phishing emails with the subject "Your Apple Account has been put on-hold" containing the expected link to "activate your account".
thank you https://www.aksuyikim.com/bina-yikim-firmalari/

Diary Archives