RSA Conference: Officials say DNS servers stood up well to attack

By Bill Brenner, Senior News Writer 07 Feb 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Jerry Dixon Jr., deputy director for the United States Computer Emergency Readiness Team (US-CERT) operations with the Department of Homeland Security's National Cyber Security Division, said IT security officials from various organizations in the public and private sectors worked closely Tuesday and Wednesday to figure out where the attack came from and whether there was any damage.

RSA Conference 2007 Can't make it to the show? SearchSecurity.com staff members are on the RSA floor, on hand to deliver the latest RSA Conference 2007 news and updates.

"We've been doing a constant assessment of DNS activity and we've been reaching out to all partners to get a fix on how bad it is," said Dixon, a co-chairman of the National Cyber Response Coordination Group (NCRCG), an alliance of 13 agencies that coordinate intra-governmental and public-private preparedness operations in the event of large-scale attacks. "In a situation like this, we talk to managed security providers, our partners in Canada and other countries, with security vendors and the private sector."

The attacks don't seem to have affected anyone from an operational standpoint, said Mike Witt, a deputy director with US-CERT.

"The root servers kept doing their job and there was no degradation of [Department of Defense] systems," he said. "We worked with operators of the DNS servers and with other organizations to minimize the impact."

Tuesday's onslaught briefly bogged down at least three of the 13 computers that help manage global Web traffic; some experts believe was one of the biggest attacks against the Internet's backbone since 2002.

Computer researchers scrambled to push back massive amounts of data that threatened to overwhelm the DNS servers, which are used to locate Internet domain names and translate them into Internet Protocol (IP) addresses.

The attack appears to have been traced back to South Korea, though the hackers apparently tried to cover their tracks. The attack took aim at a company called UltraDNS, which operates servers that process traffic for Web sites ending in .org and some other suffixes, experts said.

"There was what appears to be some form of attack during the night hours here in California and into the morning," John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers, told The Associated Press (AP). He said an investigation is underway.

"I don't think anybody has the full picture," Crain said. "We're looking at the data."

Crain told the AP that Tuesday's attack was less serious than attacks against the same 13 "root" servers in October 2002 because technology innovations in recent years have increasingly distributed their workloads to other computers around the globe.

Events like this underscore the need for government agencies to work together and with partners in the private sector and agencies around the globe, officials said during a panel discussion at RSA Wednesday. That, they said, is why the NCRCG was founded.

"Despite pretty good communication, the different agencies handle things from a different perspective," said Christopher Painter, NCRCG co-chairman and principal deputy chief of the Department of Justice's computer crime division. "Our goal is to come together with those different perspectives and be able to handle a major attack."

<< Return to our special coverage of RSA Conference 2007

Tags: Information Security Laws, Investigations and Ethics,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Federal efforts to secure cyberinfrastrucure Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe ColdFusion websites being compromised PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) cypherpunk  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary