Article

RSA Conference: Officials say DNS servers stood up well to attack

Bill Brenner
SAN FRANCISCO -- It was the biggest attack against the Internet's backbone in five years, but government security officials at RSA Conference 2007 said Wednesday that the targeted Domain Name System (DNS) servers stood up well to the onslaught.

Jerry Dixon Jr., deputy director for the United States Computer Emergency Readiness Team (US-CERT) operations with the Department of Homeland Security's National Cyber Security Division, said IT security officials from various organizations in the public and private sectors worked closely Tuesday and Wednesday to figure out where the attack came from and whether there was any damage.

    Requires Free Membership to View

RSA Conference 2007

Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.
"We've been doing a constant assessment of DNS activity and we've been reaching out to all partners to get a fix on how bad it is," said Dixon, a co-chairman of the National Cyber Response Coordination Group (NCRCG), an alliance of 13 agencies that coordinate intra-governmental and public-private preparedness operations in the event of large-scale attacks. "In a situation like this, we talk to managed security providers, our partners in Canada and other countries, with security vendors and the private sector."

The attacks don't seem to have affected anyone from an operational standpoint, said Mike Witt, a deputy director with US-CERT.

"The root servers kept doing their job and there was no degradation of [Department of Defense] systems," he said. "We worked with operators of the DNS servers and with other organizations to minimize the impact."

Tuesday's onslaught briefly bogged down at least three of the 13 computers that help manage global Web traffic; some experts believe was one of the biggest attacks against the Internet's backbone since 2002.

Computer researchers scrambled to push back massive amounts of data that threatened to overwhelm the DNS servers, which are used to locate Internet domain names and translate them into Internet Protocol (IP) addresses.

The attack appears to have been traced back to South Korea, though the hackers apparently tried to cover their tracks. The attack took aim at a company called UltraDNS, which operates servers that process traffic for Web sites ending in .org and some other suffixes, experts said.

"There was what appears to be some form of attack during the night hours here in California and into the morning," John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers, told The Associated Press (AP). He said an investigation is underway.

"I don't think anybody has the full picture," Crain said. "We're looking at the data."

Crain told the AP that Tuesday's attack was less serious than attacks against the same 13 "root" servers in October 2002 because technology innovations in recent years have increasingly distributed their workloads to other computers around the globe.

Events like this underscore the need for government agencies to work together and with partners in the private sector and agencies around the globe, officials said during a panel discussion at RSA Wednesday. That, they said, is why the NCRCG was founded.

"Despite pretty good communication, the different agencies handle things from a different perspective," said Christopher Painter, NCRCG co-chairman and principal deputy chief of the Department of Justice's computer crime division. "Our goal is to come together with those different perspectives and be able to handle a major attack."

<< Return to our special coverage of RSA Conference 2007


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: