SAN FRANCISCO -- It was the biggest attack against the Internet's backbone in five years, but government security...
officials at RSA Conference 2007 said Wednesday that the targeted Domain Name System (DNS) servers stood up well to the onslaught.
Jerry Dixon Jr., deputy director for the United States Computer Emergency Readiness Team (US-CERT) operations with the Department of Homeland Security's National Cyber Security Division, said IT security officials from various organizations in the public and private sectors worked closely Tuesday and Wednesday to figure out where the attack came from and whether there was any damage.
The attacks don't seem to have affected anyone from an operational standpoint, said Mike Witt, a deputy director with US-CERT.
"The root servers kept doing their job and there was no degradation of [Department of Defense] systems," he said. "We worked with operators of the DNS servers and with other organizations to minimize the impact."
Tuesday's onslaught briefly bogged down at least three of the 13 computers that help manage global Web traffic; some experts believe was one of the biggest attacks against the Internet's backbone since 2002.
Computer researchers scrambled to push back massive amounts of data that threatened to overwhelm the DNS servers, which are used to locate Internet domain names and translate them into Internet Protocol (IP) addresses.
The attack appears to have been traced back to South Korea, though the hackers apparently tried to cover their tracks. The attack took aim at a company called UltraDNS, which operates servers that process traffic for Web sites ending in .org and some other suffixes, experts said.
"There was what appears to be some form of attack during the night hours here in California and into the morning," John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers, told The Associated Press (AP). He said an investigation is underway.
"I don't think anybody has the full picture," Crain said. "We're looking at the data."
Crain told the AP that Tuesday's attack was less serious than attacks against the same 13 "root" servers in October 2002 because technology innovations in recent years have increasingly distributed their workloads to other computers around the globe.
Events like this underscore the need for government agencies to work together and with partners in the private sector and agencies around the globe, officials said during a panel discussion at RSA Wednesday. That, they said, is why the NCRCG was founded.
"Despite pretty good communication, the different agencies handle things from a different perspective," said Christopher Painter, NCRCG co-chairman and principal deputy chief of the Department of Justice's computer crime division. "Our goal is to come together with those different perspectives and be able to handle a major attack."