To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://networks.silicon.com/webwatch/0,39024667,39165672,00.htm

Hackers strike at the heart of the internet
Massive DoS attack hits root servers...

By Joris Evers

Published: Wednesday 07 February 2007

There are signs hackers attacked key parts of the backbone of the internet yesterday but no damage seems to have been done, experts said.

The attack appears to have focused on the domain name system (DNS), which maps text-based domain names to the actual numeric IP addresses of servers connected to the internet, and vice versa. Several key DNS servers saw traffic spike in the early morning on Tuesday, several experts said - a sign of an attack.

John Crain, chief technical officer at the Internet Corporation for Assigned Names and Numbers (Icann), which operates one of the main so-called root DNS servers, said: "It is an unusual large amount of traffic that is hitting DNS servers. We see large attacks on a regular basis but this hit quite a few servers, so it was fairly large."

Yet the DNS servers were able to withstand the onslaught, Crain added. "It was irritating. It ruined my night's sleep. It was extraordinary in the fact that it happened to multiple systems at once but this is not affecting internet users," he said.

DNS serves as the address books for the internet. There are 13 official root DNS servers, which sit at the top of the DNS hierarchy. These root servers get queried only if other DNS servers, such as those at an ISP, don't have the right IP address for a specific website.

If part of the DNS system goes down, websites could become unreachable and email could become undeliverable. But DNS is built to be resilient, and attacks on the system are rare. In 2002, a similar denial of service attack also failed.

Zully Ramzan, a researcher at Symantec Security Response, said: "The main thing is that there was very little impact on the general public, the servers were able to hold up against the attacks. The internet in general was designed to even withstand a nuclear attack."

The barrage of data being apparently targeted at the DNS system started around 02:30(PT) on Tuesday. Multiple root servers saw a traffic spike but the "G" server, run by the US Department of Defense, and "L", run by Icann, seem to have bourn the brunt of it, Ramzan said. Icann's Crain confirmed that impression.

While Icann and Symantec didn't see any effect on the internet at large, ISP Neustar did see slow downs on the net. A representative for the company said: "We would call it a brownout instead of a blackout. It was significant but it did not take anything down."

The true cause of the traffic surge still needs to be determined, both Crain and Ramzan said.

Joris Evers writes for CNET News.com