Internet users barely felt a
ripple yesterday when hackers launched a concerted attack on several key Domain
Name System (DNS) servers.
Experts say legions of
everyday users were enlisted in the attack on 13 root DNS
translate a site’s numeric address to more familiar names, like
internetnews.com.
For a couple of hours, beginning late Monday and stretching into
Tuesday, three of the 13 DNS servers came under fire, as hackers tried to overload
the computers sitting at the top of the Internet’s chain of
distribution. Users felt “maybe a fraction of a second delay,”
Johannes Ulrich, CTO of SANS Internet Storm
Center, told internetnews.com.
DNS servers run by the U.S. Department of Defense, the Internet
Corporation of Assigned Names and Numbers (ICANN) and UltraNet, which
manages the .org domain, were affected by the attack, Ulrich said.
Although it may be days before investigators learn details of the
attack, early reports point to China or Asia as the source.
Zully Ramzan, a researcher at Symantec Security Response, pointed to South Korea as a possibility and described the attack as a “brief nuisance.”
“The Internet didn’t crumble last night, which shows that the
protection worked,” Graham Cluley, senior technology consultant at
Sophos, told internetnews.com.
Unlike a similar attack in 2002 that crippled nine of 13 DNS servers, the latest assault used many more zombie hosts,
said Ulrich. Servers are more flexible now, and able to withstand much
more strain.
Cluley, who likened a DNS attack to 20 hippos trying to get through a revolving door at the same time, also noted the irony the attack. The people
who depend on the Web may have been the ones whose computers
unknowingly tried to bring it down, he said.
While law enforcement will try to track the packets sent, maybe learn
which systems were recruited for the attack, Ulrich gave little hope
of a smoking gun, such as a computer connected to the Internet with
malware still installed.
“It shows how powerful these denial of service attacks are,” the SANS
researcher said.
Cluley believed mischief — not money — was the reason for the attack. And although tracing this latest attack on the Internet may be difficult,
Cluley argues that by assaulting a key part of the Internet, hackers are
asking for trouble.
“I wouldn’t want to be in their shoes.”