QUESTION & ANSWER

Attack on DNS servers marks trend of more Internet threats

By Edward Hurley, News Writer 24 Oct 2002 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Can you give me an overview of what Monday's attacks entailed?
Julian: It was a distributed denial-of-service attack on all 13 root DNS servers. While damage wasn't done, it does represent an escalation. Traditionally, such attacks are on individual Web sites. Monday's attack was on Internet infrastructure itself. The impact goes from being local to global.

Ted Julian, Arbor Networks

FOR MORE INFORMATION: Best Web Links on denial-of-services attacks SearchSecurity.com news exclusive: "DoS flaw discovered in ISC BIND-based DNS servers" Ask a SearchSecurity.com expert Feedback on this story? Send your comments to News Writer Edward Hurley

DNS servers are often described as the Internet's Achilles' heel. Is this point germane or is it overblown?
Julian: There are two sides to that issue. On the one hand, there are limitations to attacks on DNS servers, as they are very distributed. It would take an eight- or nine-hour attack [Monday's lasted only an hour] for Internet users to see noticeable impacts.

But on the other hand, attacks on DNS servers aren't a pretty scenario. If a more sophisticated attack [than Monday's] were run for a day, then we'd have a big problem on our hands.

Why wouldn't DNS servers being down affect Internet users right away?
Julian: When you type in a Web site, your request has to go to the root DNS server if you haven't been to the site for a while. But it is also cached in all the servers in-between. Because of this caching effect, it would take a period of time before requests start to time out and have to go back to the root DNS server. In other words, if DNS servers are down, then the Internet won't crash right away.

Traditionally, such attacks are on individual Web sites. Monday's attack was on Internet infrastructure itself. The impact goes from being local to global. - Ted Julian, chief strategist, Arbor Networks

It seems like DDoS attacks are quite a threat. What can enterprises do to prevent them?
Julian: Denial-of-service attacks aren't enterprise problems but are service provider problems. There isn't much that companies can do to protect themselves except talk with their service providers.

Such attacks really are the No. 1 cybersecurity problem out there today. The U.S. government realizes this. Richard Clarke [the U.S. National Coordinator for Security, Infrastructure Protection, and Counterterrorism] has been talking about this stuff for two years.

Besides attacks on DNS, what other aspects of the Internet's infrastructure are potential targets of DDoS attacks?
Julian: A big flood of packets at a critical piece of the infrastructure can happen. Thanks to Code Red and Nimda, there are no short supplies of zombies. There are literally millions of them out there. Flooding routers at May East, May West or points owned by UUNet (major points on the Internet's back bone routing much of the traffic in their areas) could cause a catastrophic event. While it wouldn't shut the Internet down, it would produce enough of an effect in certain areas that people would call it a catastrophe.

Tags: Web Application Security,  Denial of Service (DoS) Attack Prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Black box and white box testing: Which is best? InZero Systems launches hardware-based security gateway Web application vulnerability assessment shows patching progress Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats Denial of Service (DoS) Attack Prevention VeriSign extends DDoS attack protection service Conficker authors prepping for next stage, researcher says Latest DDoS attacks extremely unsophisticated, experts say DDoS attacks hit U.S., South Korean government websites How to prevent a denial-of-service (DoS) attack I'll be watching you: Wireless IPS How to prevent DDoS attacks on websites How to prevent network denial-of-service attacks What are 'phlashing' attacks? Could someone place a rootkit on an internal network through a router? Denial of Service (DoS) Attack Prevention Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary