UltraDNS attack targeted G and L root servers (1st Update)
By Steve Ragan Feb 7, 2007, 21:40 GMT
Reports confirmed by the AP (Associated Press) and RIPE prove that two of the thirteen root domain servers were taken down during attack Tuesday. Servers G and L failed to respond to ninety percent of the requests made to them. The two servers are managed by ICANN (Internet Corporation for Assigned Names and Numbers) and the United States Department of Defense. There are reports, again confirmed by RIPE, that two other servers aside from G and L were slowed by the attack. These servers did not fail under the strain of the vast amounts of data sent to them. Information provided by RIPE can be located here.
The denial of service was carried out by Botnets, zombie like computers, to spread the load of the attack across all thirteen of the root servers. What is known is that the attack centered on ‘.org’ domains and UltraDNS. UltraDNS is the company who manages many of the ‘.org’ domains.
The attacks, the largest since 2002, lasted over twelve hours. The Department of Homeland Security said in a statement, “There is no credible intelligence to suggest an imminent threat to the homeland or our computing systems at this time.” No one said there was a risk. What shocked and confused many researchers is the fact it happened at all. Many wonder if this was a trial run. If that is so and this is a ramp up to a larger attack, the ability to shutdown the entire web, by attacking the root servers is unlikely.
The use of Botnets also poses a new problem that contradicts early reports. Tracking the exact location of the original source for the attack, reported to be South Korea, is almost impossible. Zully Ramzan, researcher for Symantec Security Response, pointed to South Korea as well as did many other security experts yesterday when this attack happened. There is still no solid proof with the latest reports from the investigation, that South Korea, or anyone from South Korea, started the attack.
John Crain, CEO of ICANN said today that the attack was not as serious as the attacks in 2002, when the same thirteen servers fell target to the same type of denial of service attack. He attributes this to the advances in technology that allows the root servers to distribute the loads across the globe.