RealTime IT News

Internet 'Didn't Crumble' Under DNS Attacks

Internet users barely felt a ripple yesterday when hackers launched a concerted attack on several key Domain Name System (DNS) servers.

Experts say legions of everyday users were enlisted in the attack on 13 root DNS servers, which translate a site's numeric address to more familiar names, like internetnews.com.

For a couple of hours, beginning late Monday and stretching into Tuesday, three of the 13 DNS servers came under fire, as hackers tried to overload the computers sitting at the top of the Internet's chain of distribution. Users felt "maybe a fraction of a second delay," Johannes Ulrich, CTO of SANS Internet Storm Center, told internetnews.com.

DNS servers run by the U.S. Department of Defense, the Internet Corporation of Assigned Names and Numbers (ICANN) and UltraNet, which manages the .org domain, were affected by the attack, Ulrich said.

Although it may be days before investigators learn details of the attack, early reports point to China or Asia as the source.

Zully Ramzan, a researcher at Symantec Security Response, pointed to South Korea as a possibility and described the attack as a "brief nuisance."

"The Internet didn't crumble last night, which shows that the protection worked," Graham Cluley, senior technology consultant at Sophos, told internetnews.com.

Unlike a similar attack in 2002 that crippled nine of 13 DNS servers, the latest assault used many more zombie hosts, said Ulrich. Servers are more flexible now, and able to withstand much more strain.

Cluley, who likened a DNS attack to 20 hippos trying to get through a revolving door at the same time, also noted the irony the attack. The people who depend on the Web may have been the ones whose computers unknowingly tried to bring it down, he said.

While law enforcement will try to track the packets sent, maybe learn which systems were recruited for the attack, Ulrich gave little hope of a smoking gun, such as a computer connected to the Internet with malware still installed.

"It shows how powerful these denial of service attacks are," the SANS researcher said.

Cluley believed mischief -- not money -- was the reason for the attack. And although tracing this latest attack on the Internet may be difficult, Cluley argues that by assaulting a key part of the Internet, hackers are asking for trouble.

"I wouldn't want to be in their shoes."