Powerful Attack Cripples Net's Core

budge budge at el-pleasant.org
Wed Oct 23 08:24:45 PDT 2002


On Wed, 23 Oct 2002 at 7:03am Steven wrote:


> Budge,
>
> I understand that it was not so much the type of attack,
> Distributed Denial of Service (DDOS), that was the
> concern, but the targets themselves, as up to 9 of the
> 13 core name servers (DNS) were hit. I'm in the
> technology business, and I am not aware of a previous
> incident that targeted these DNS machines, let alone so
> many of them simultaneously.

Well, they are pretty stupid targets to attack, and what damage is done is likely to be done not to the root servers, but to intermidiary points of access/crossconnect. The root servers are big fat machines sitting on some of the fattest pipes in the core of the Internet -- how can you DOS 'em?


> If you've got more info on this please let me know.

Well here's an article from the mass media that is decidely better informed and less shrill. (Perhaps this is because the BBC operates a pretty substantial global backbone themselves.)

/h2g/sec/sysadm

<http://news.bbc.co.uk/2/hi/technology/2352667.stm>

Wednesday, 23 October, 2002, 11:02 GMT 12:02 UK

FBI probes attack on net

Attempts to flood key net servers have failed

The FBI has launched an investigation into a failed attempt to cripple the internet by attacking its central address books. Steven Berry, a supervisory special agent at the FBI's National Infrastructure Protection Center said it was "aware of the issue and was addressing it".

Experts said the net coped so well with the attack that the vast majority of users would be unaware it had taken place.

The attack happened at 2200 BST on Monday evening and attempted to cripple the key servers by deluging them with many times more data than they usually receive.

But the fact that the servers are spread around the world, have fast connections to the net and ordinarily cope with lots of requests for data stopped them succumbing to the flood of traffic.

Seven down

Although few users felt the effects of this barrage, known as a distributed denial-of-service attack (DDos), it did temporarily disable seven of the net's 13 root servers.

The servers were bombarded with 30-40 times the usual amount of traffic they receive from hundreds of different computers.

The Internet is sort of the cockroach of the modern age. It survives.

Paul Vixie Despite this statistics from Matrix Netsystems, which monitors average net response times, said the ability of net users to reach these servers only dropped to 94% of its usual 100% reachability.

As a result few people will have noticed anything unusual.

"As best we can tell, no user noticed and the attack was dealt with and life goes on," said Louis Touton, vice president for the Internet Corporation for Assigned Names and Numbers, which oversees the running of the root servers and the net's addressing system.

Although humans navigate the net with words, computers direct traffic with numbers known as IP addresses which broadly signify the location of a particular network, computer, domain or site.

When you type the name of a website into a web browser it looks up the location of that site by consulting a name server.

Popular and widely used domains, such as www.bbc.co.uk, are often held in a store, or cache, on a computer or network closely connected to the one looking up the address.

If these servers do not know where to find the site they pass the query upwards and ultimately will get information from one of the 13 root servers - the master address books.

Survivor

The fact that these servers are not regularly consulted by users could have been another reason that few people felt the effects of the attack.

"What we learned yesterday is ... it is hard to kill this system," said Paul Vixie of the Internet Software Consortium which makes software widely used to carry out domain queries.

"The Internet is sort of the cockroach of the modern age," he said, "It survives."

The Internet Software Consortium operates the 'F' root server which typically handles more than 272 million requests for information per day.

Sites such as Yahoo have suffered DDos attacks

The 'F' server uses 4 processors and has 8gigabytes of Ram, short-term memory, to cope with this number of requests. It was one of the root servers that survived the attack unscathed.

"It seems a strange target for attack because they have very fat pipes and are able to deal with a large number of requests per second in the normal course of business," said Gary Milo, founder and chairman of anti-DDos technology maker Webscreen Technology.

He said if the root attack was redirected to a company's server it could have been much more effective.

Mr Milo said Webscreen was seeing the numbers of DDos attacks growing by the month and now it believes that, on average, 4,000 take place every week.

"They can be started by anything from a bored teenager to a disgruntled employee," he said.



More information about the lbo-talk mailing list