Attack on DNS servers marks trend of more Internet threats

Monday's denial-of-service attacks on the infrastructure of the Internet is a sign of things to come, experts said. Attackers flooded the 13 root DNS (domain name system) servers with packets to knock them down. DNS servers are a critical piece of the Internet, as they convert domain names (such as "www.searchsecurity.com") into IP addresses. Recently Edward Hurley, SearchSecurity.com's news writer, spoke with Ted Julian, co-founder and chief strategist for Arbor Networks, about the attacks and what they represent.

FOR MORE INFORMATION:
Best Web Links on denial-of-services attacks

SearchSecurity.com news exclusive: "DoS flaw discovered in ISC BIND-based DNS servers"

Ask a SearchSecurity.com expert


Feedback on this story? Send your comments to News Writer Edward Hurley
DNS servers are often described as the Internet's Achilles' heel. Is this point germane or is it overblown?
There are two sides to that issue. On the one hand, there are limitations to attacks on DNS servers, as they are very distributed. It would take an eight- or nine-hour attack [Monday's lasted only an hour] for Internet users to see noticeable impacts.

But on the other hand, attacks on DNS servers aren't a pretty scenario. If a more sophisticated attack [than Monday's] were run for a day, then we'd have a big problem on our hands. Why wouldn't DNS servers being down affect Internet users right away?
When you type in a Web site, your request has to go to the root DNS server if you haven't been to the site for a while. But it is also cached in all the servers in-between. Because of this caching effect, it would take a period of time before requests start to time out and have to go back to the root DNS server. In other words, if DNS servers are down, then the Internet won't crash right away. It seems like DDoS attacks are quite a threat. What can enterprises do to prevent them?
Denial-of-service attacks aren't enterprise problems but are service provider problems. There isn't much that companies can do to protect themselves except talk with their service providers.

Such attacks really are the No. 1 cybersecurity problem out there today. The U.S. government realizes this. Richard Clarke [the U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism] has been talking about this stuff for two years. Can you give me an overview of what Monday's attacks entailed?
It was a distributed denial-of-service attack on all 13 root DNS servers. While damage wasn't done, it does represent an escalation. Traditionally, such attacks are on individual Web sites. Monday's attack was on Internet infrastructure itself. The impact goes from being local to global. Besides attacks on DNS, what other aspects of the Internet's infrastructure are potential targets of DDoS attacks?
A big flood of packets at a critical piece of the infrastructure can happen. Thanks to Code Red and Nimda, there are no short supplies of zombies. There are literally millions of them out there. Flooding routers at May East, May West or points owned by UUNet (major points on the Internet's back bone routing much of the traffic in their areas) could cause a catastrophic event. While it wouldn't shut the Internet down, it would produce enough of an effect in certain areas that people would call it a catastrophe.

Dig deeper on Web Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close