Attack on DNS servers marks trend of more Internet threats
DNS servers are often described as the Internet's Achilles' heel. Is this point germane or is it overblown?
There are two sides to that issue. On the one hand, there are limitations to attacks on DNS servers, as they are very distributed. It would take an eight- or nine-hour attack [Monday's lasted only an hour] for Internet users to see noticeable impacts.
But on the other hand, attacks on DNS servers aren't a pretty scenario. If a more sophisticated attack [than Monday's] were run for a day, then we'd have a big problem on our hands.
Why wouldn't DNS servers being down affect Internet users right away?
When you type in a Web site, your request has to go to the root DNS server if you haven't been to the site for a while. But it is also cached in all the servers in-between. Because of this caching effect, it would take a period of time before requests start to time out and have to go back to the root DNS server. In other words, if DNS servers are down, then the Internet won't crash right away. It seems like DDoS attacks are quite a threat. What can enterprises do to prevent them?
Denial-of-service attacks aren't enterprise problems but are service provider problems. There isn't much that companies can do to protect themselves except talk with their service providers.
Such attacks really are the No. 1 cybersecurity problem out there today. The U.S. government realizes this. Richard Clarke [the U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism] has been talking about this stuff for two years.
Can you give me an overview of what Monday's attacks entailed?
It was a distributed denial-of-service attack on all 13 root DNS servers. While damage wasn't done, it does represent an escalation. Traditionally, such attacks are on individual Web sites. Monday's attack was on Internet infrastructure itself. The impact goes from being local to global. Besides attacks on DNS, what other aspects of the Internet's infrastructure are potential targets of DDoS attacks?
A big flood of packets at a critical piece of the infrastructure can happen. Thanks to Code Red and Nimda, there are no short supplies of zombies. There are literally millions of them out there. Flooding routers at May East, May West or points owned by UUNet (major points on the Internet's back bone routing much of the traffic in their areas) could cause a catastrophic event. While it wouldn't shut the Internet down, it would produce enough of an effect in certain areas that people would call it a catastrophe.