February 6, 2007 5:53 PM PST

Internet backbone at center of suspected attack

There are signs that hackers attacked key parts of the backbone of the Internet on Tuesday, but no damage seems to have been done, experts said.

The attack appears to have focused on the Domain Name System, which maps text-based domain names, such as "News.com," to the actual numeric IP addresses of servers connected to the Internet, and vice versa. Several key DNS servers saw traffic spike in the early morning on Tuesday, several experts said--a sign of an attack.

"It is an unusual large amount of traffic that is hitting DNS servers," said John Crain, chief technical officer at the Internet Corporation for Assigned Names and Numbers, which operates one of the main so-called root DNS servers. "We see large attacks on a regular basis, but this hit quite a few servers, so it was fairly large."

Yet the DNS servers were able to withstand the onslaught, Crain added. "It was irritating. It ruined my night's sleep. It was extraordinary in the fact that it happened to multiple systems at once, but this is not affecting Internet users," he said.

DNS serves as the address books for the Internet. There are 13 official root DNS servers, which sit at the top of the DNS hierarchy. These root servers get queried only if other DNS servers, like those at an internet service provider, don't have the right IP address for a specific Web site.

If part of the DNS system goes down, Web sites could become unreachable and e-mail could become undeliverable. But DNS is built to be resilient, and attacks on the system are rare. In 2002, a similar denial-of-service attack also failed.

"The main thing is that there was very little impact on the general public, the servers were able to hold up against the attacks," said Zully Ramzan, a researcher at Symantec Security Response. "The Internet in general was designed to even withstand a nuclear attack."

The barrage of data being apparently targeted at the DNS system started around 2.30 a.m. Pacific Time on Tuesday. Multiple root servers saw a traffic spike, but the "G" server, run by the U.S. Department of Defense, and "L," run by ICANN, seem to have gotten the brunt of it, Ramzan said. ICANN's Crain confirmed that impression.

While ICANN and Symantec didn't see any effect on the Internet at large, Internet service provider Neustar did see slow downs on the Net. "We would call it a brownout instead of a blackout. It was significant, but it did not take anything down," a representative for the company said.

The true cause of the traffic surge still needs to be determined, both Ramzan and Crain said.

See more CNET content tagged:
DNS server, Internet-backbone, DNS, attack, domain name


Join the conversation!
Add your comment
DNS != backbone
DNS != backbone
Posted by Dachi (797 comments )
Reply Link Flag
It's darned useful!
Posted by djcaseley (85 comments )
Link Flag
Poor choice of words
The author didn't mean backbone as in "network backbone". He meant backbone as in "vital support structure".
Posted by Get_Bent (534 comments )
Link Flag
It doesn't take much...
The DNS servers may not be the literal backbone of the internet (for those of you who don't speak programming, != means "not equal to"), but they're still an integral part of the global internet. Without the DNS servers, we'd be having to remember IP addresses instead of websites.

An attack on the DNS servers may not be the end of the world, but it could have a severe impact on the global network if such an attack were sucessful. After all, it only takes one link in the chain to bring down the whole thing. Believe me, I know. Here in Vermont, we had an internet blackout across most of the state on Monday because someone tripped over a simple fiber optic cable. One tiny little cable took out half of the state's communications network.

Does that sound acceptable to you?
Posted by Launchpad_72 (14 comments )
Reply Link Flag
Why would anyone...
...want to take down the network that allows them so much joy?
Posted by nickelspit (7 comments )
Reply Link Flag
To cause panic.
To say I did it.
To create havoc.
To terrorise.
To see if it could be broken.
As a test to see how far they can actually get.
To disrupt service.
To search for/find a weakness to take the internet down.
To purposefully cripple the internet.
The list of possible reasons are basically endless...

Just because one doesn't understand the reasoning... doesn't make the threat any less!!!

Posted by wbenton (522 comments )
Link Flag
II'm sure Leo knows
Leo Laporte will have plenty to say about this I'm sure
Posted by HlLLARY CLTON (382 comments )
Reply Link Flag
Let us have a Alternative to domain and dns
It is high time the Internet shifts from a Server based system to a Peer based system.

The technology exists in the form of IPv6 which offers unique peer to peer address and communication and P2P technology has also taken leap ahead.

In the coming months and years, we at NetAlter visualize a secured domain-less and dns-less solutions.

For example, if I need to send an email to a friend, I can simply send it across from my computer to my friends computer without routing through mail servers.

NetAlter is under development and is supposed to offer an alternative network to internet users.
Posted by guyfrom2006 (33 comments )
Reply Link Flag
there is no evil that wouldn't come to internet ...

<a class="jive-link-external" href="http://iphone.emigrantas.com" target="_newWindow">http://iphone.emigrantas.com</a> - iPhone blog
Posted by darix2005 (31 comments )
Reply Link Flag
Root Server Time Map at DNSstuff
There's a cool page graphing root server response times at DNSstuff.

<a class="jive-link-external" href="http://www.dnsstuff.com/info/roottimes.htm" target="_newWindow">http://www.dnsstuff.com/info/roottimes.htm</a>
Posted by anwood (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.