UltraDNS attack targeted G and L root servers (1st Update)

Tech News

By Steve Ragan Feb 7, 2007, 21:40 GMT

Reports confirmed by the AP (Associated Press) and RIPE prove that two of the thirteen root domain servers were taken down during attack Tuesday. Servers G and L failed to respond to ninety percent of the requests made to them. The two servers are managed by ICANN (Internet Corporation for Assigned Names and Numbers) and the United States Department of Defense. There are reports, again confirmed by RIPE, that two other servers aside from G and L were slowed by the attack. These servers did not fail under the strain of the vast amounts of data sent to them. Information provided by RIPE can be located here.The denial of service was carried out by Botnets, zombie like computers, to spread the load of the attack across all thirteen of the root servers. What is known is that the attack centered on ‘.org’ domains and UltraDNS. UltraDNS is the company who manages many of the ‘.org’ domains.The attacks, the largest since 2002, lasted over twelve hours. The Department of Homeland Security said in a statement, “There is no credible intelligence to suggest an imminent threat to the homeland or our computing systems at this time.” No one said there was a risk. What shocked and confused many researchers is the fact it happened at all. Many wonder if this was a trial run. If that is so and this is a ramp up to a larger attack, the ability to shutdown the entire web, by attacking the root servers is unlikely.The use of Botnets also poses a new problem that contradicts early reports. Tracking the exact location of the original source for the attack, reported to be South Korea, is almost impossible. Zully Ramzan, researcher for Symantec Security Response, pointed to South Korea as well as did many other security experts yesterday when this attack happened. There is still no solid proof with the latest reports from the investigation, that South Korea, or anyone from South Korea, started the attack.John Crain, CEO of ICANN said today that the attack was not as serious as the attacks in 2002, when the same thirteen servers fell target to the same type of denial of service attack. He attributes this to the advances in technology that allows the root servers to distribute the loads across the globe.

Talkback

Add your comment (no registration required)

page: 1

R. Scott PerryFeb 7th, 2007 - 22:21:08

There appears to be no evidence that UltraDNS servers were attacked.

There is evidence that at least 4 of the root servers were included in the attack. However, there seems to be no confirmation that UltraDNS servers (which handle .org domains) were involved, aside from some rumors in early DNS reports.

Report this comment

Jeff DahlgrenFeb 8th, 2007 - 16:09:50

It seems that as the 2002 attacks occurred around February also. The attack was interesting as well as obviously a trial run as it was for the particpant(s) of the 2002. Does that infer a larger attack is imminent? Impossible to know for sure but unlikely. The attackers will have allot of data to analyze. I would also speculate on the likelihood the attack was effected by a government entity, say 50-50, just which one? USA, China?...the list goes on as well as nefarious political groups etc.

Most likely the attack was a recon effort to look at the technical ''posture as it relates to improved load balancing of the DNS ROOT servers. Was it effective from an attack standpoint? Yes. Could it get much worse? The answer is so obvious as to seem stark. Will it happen again? Count on it. The inheirent vulnerablity of the entire internet to function timely, or at all, is there for all to see. I believe the analogy 'The Emperor has no clothes' is apropos here.

Jeff Dahlgren
http://www.networkwarriors.com
Phoenix, Arizona USA

Report this comment

FredFeb 9th, 2007 - 12:11:44

Is there any technical reason why the number of root servers can't be increased? It would seem that doubling the number of root servers from 13 to 26 would offer more resiliency.

Report this comment

JeffMay 21st, 2008 - 00:03:17

Increasing the number of root servers would seem to be more redundant, however, this isn't possible due to the DNS reply being only 512 bytes long. Even though theoretically there could be 15, this leaves some play for various sized DNS packets. That's why increasing the root servers from 13 to 26 wouldn't be too practical. Instead, they use multiple sites for a single server address. Google it and for sure you'll come up with some more info. :)

Report this comment

page: 1

Add your comment (no registration required)

Tech

UltraDNS attack targeted G and L root servers (1st Update)

Tech News

Talkback

Latest Headlines in Tech

Latest Articles on The Tech Herald

In Monsters and Critics

Corporate

The Fine Print