 |
Root Name Servers Attacked in Possible Test RunBotnet Used to Overload Internet DNS Infrastructure and Disrupt TrafficFebruary 6, 2007 - Cyber vandals recently launched a huge Distributed Denial of Service (DDoS) attack against the Internet's root name servers. This was the second major attempt on the Internet infrastructure. The first attack came in 2002. The targeted DNS servers received so many requests it was like being hit with a brick wall of data. The recent attack originated from the Asia Pacific and affected six out of thirteen root name servers. The root name servers function as the Internet backbone and are responsible for directing all Internet traffic. Two servers were temporarily crippled. The crippled root name servers were g and l -- g-root is operated by the U.S. Department of Defense in Ohio, and l-root is operated by Internet Corporation for Assigned Names and Numbers (ICANN). During the attack g-root and l-root were unable to respond to 90% of DNS queries. The attack strategy was to flood the bandwidth of the root name servers with rogue or false data packets generated by thousands of zombie systems (personal computers and possibly other web or DNS servers that have been taken over by criminal hackers). The hacker's motive is still unknown. Often, such attacks will target an individual website and are used for extortion. An attack on the root name servers would be used for general disruption or to advertise the power of the botnet to other hackers that might want to hire the botnet for their own purposes. Some think these attacks were a test run for more disruptive attacks to come. Although this attack was less problematic than the one that occurred five years ago, advanced security for DNS should be considered. Mitigation of DDoS attacks require enhanced bandwidth (server response capacity and speeds) as well as an increase in number of servers directing traffic along the backbone of the Internet. Source: InformationWeek About Secure64 Software Corporation
|
|
|