February 6, 2007 5:53 PM PST
Internet backbone at center of suspected attack
- Related Stories
Security adviser: Cyberthreats keep growingNovember 22, 2006
Neither safe nor secure on the InternetOctober 4, 2006
Vista Views: Stalling the Net by default?September 8, 2006
Will Vista stall Net traffic?September 6, 2006
DNS could slow broadband serviceAugust 17, 2006
DNS service promises safer, faster browsingJuly 11, 2006
DNS servers do hackers' dirty workMarch 24, 2006
VeriSign to put more backbone into the NetMay 19, 2005
Internet's 'white pages' allow data attacksJuly 31, 2004
Assault on Net servers failsOctober 22, 2002
The attack appears to have focused on the Domain Name System, which maps text-based domain names, such as "News.com," to the actual numeric IP addresses of servers connected to the Internet, and vice versa. Several key DNS servers saw traffic spike in the early morning on Tuesday, several experts said--a sign of an attack.
"It is an unusual large amount of traffic that is hitting DNS servers," said John Crain, chief technical officer at the Internet Corporation for Assigned Names and Numbers, which operates one of the main so-called root DNS servers. "We see large attacks on a regular basis, but this hit quite a few servers, so it was fairly large."
Yet the DNS servers were able to withstand the onslaught, Crain added. "It was irritating. It ruined my night's sleep. It was extraordinary in the fact that it happened to multiple systems at once, but this is not affecting Internet users," he said.
DNS serves as the address books for the Internet. There are 13 official root DNS servers, which sit at the top of the DNS hierarchy. These root servers get queried only if other DNS servers, like those at an internet service provider, don't have the right IP address for a specific Web site.
If part of the DNS system goes down, Web sites could become unreachable and e-mail could become undeliverable. But DNS is built to be resilient, and attacks on the system are rare. In 2002, a similar denial-of-service attack also failed.
"The main thing is that there was very little impact on the general public, the servers were able to hold up against the attacks," said Zully Ramzan, a researcher at Symantec Security Response. "The Internet in general was designed to even withstand a nuclear attack."
The barrage of data being apparently targeted at the DNS system started around 2.30 a.m. Pacific Time on Tuesday. Multiple root servers saw a traffic spike, but the "G" server, run by the U.S. Department of Defense, and "L," run by ICANN, seem to have gotten the brunt of it, Ramzan said. ICANN's Crain confirmed that impression.
While ICANN and Symantec didn't see any effect on the Internet at large, Internet service provider Neustar did see slow downs on the Net. "We would call it a brownout instead of a blackout. It was significant, but it did not take anything down," a representative for the company said.
The true cause of the traffic surge still needs to be determined, both Ramzan and Crain said.
10 commentsJoin the conversation! Add your comment