Major Net backbone attack could be first of many

The distributed denial of service (DDOS) attack launched Monday against all 13 of the Internet domain name system (DNS) root servers failed to bring down the Internet, but that doesn't mean that more attacks won't follow and succeed where this week's attack failed, according to experts, some of whom feel that the federal government needs to step in to secure the Net infrastructure.

Monday's attack was targeted at 13 key servers that translate easy-to-remember URLs (uniform resource locators) into the numeric IP (Internet Protocol) addresses used by computers to communicate.

Attackers flooded the DNS servers with Internet traffic using ICMP (Internet Control Message Protocol) at more than 10 times the normal rate of traffic, according to Brian O'Shaughnessy, a spokesman at VeriSign, which manages the "A" and "J" root servers.

Such events are nothing new, with high-profile attacks in past years against Internet service providers and companies such as Microsoft Corp. and eBay Inc. But experts say that Monday's incident opens a new chapter in the history of Internet-based attacks.

"Monday's attack was an example of people not targeting enterprises, but going against the Internet itself by attacking the architecture and protocols on which the Internet was built," said Ted Julian, chief strategist at Arbor Networks Inc. of Lexington, Massachusetts.

Factors contributing to such attacks are well known, according to experts. Worms such as Code Red, Nimda and Slapper have left hundreds -- if not thousands -- of compromised computers on the Internet, Julian said. Such systems can be used as "zombies" in a DDOS attack. Zombies are machines controlled remotely and used to launch an attack.

Reports from Matrix NetSystems Inc. Tuesday traced the attacks to Internet hosting service providers in the U.S. and Europe.

Gerry Brady, chief technology officer for Guardent Inc. said that sophisticated software programs make leveraging those compromised machines a simple matter, even for novice attackers.

"With automated attack tools, even inexperienced people can get control of a large number of hosts. The IP addresses and access passwords for those systems are traded on the Internet like you or I used to trade baseball cards," Brady said.

While the Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC) is investigating the attacks, Brady pointed out that some of the most frequent sources of such attacks are teenagers, not terrorists.

"The big drivers we're seeing (in DDOS attacks) are juvenile rivalries -- revenge for incidents that might have happened during online gaming. These attacks are not professional or financial in nature. They're random and non-directed," Brady said.

Fortunately, Monday's attacks were not sophisticated, relying on a simple "packet flood" approach in which information packets are sent in high volumes to a server, and using a protocol -- ICMP -- that is typically not seen in very high volumes, Brady and Julian said.

Future attacks could be much more sophisticated, they said.

Instead of sending a flood of packets all using the same protocol, attackers might disguise a DDOS attack as normal traffic -- what Julian referred to as a "bandwidth anomaly." In such an attack, nothing about the protocols used or packets sent would appear unusual, but the volume of traffic would be enough to overwhelm the targeted server.

Even more pernicious, Brady and Julian agreed, would be attacks that target the routing infrastructure, as opposed to the DNS infrastructure of the Internet. That infrastructure of roadways over which Internet traffic passes is more "brittle" than the flexible architecture of DNS, Brady said.

"When one backbone goes down, the traffic has to go somewhere," said Brady, recalling that the recent outage on the UUNet Internet backbone operated by WorldCom Inc. was felt instantly worldwide.

More federal management of key components of the Internet infrastructure is needed, Julian and Brady agreed. That could include tax incentives or direct federal funding for private companies and public organizations managing key DNS servers to secure their systems, all of which are currently operated as a free service by companies, government entities and non-profit organizations.

"This showcases a specific vulnerability that requires the government to get involved," Julian said. "If you run a DNS server what is your monetary incentive to secure it? There is none. This is the number one area of focus that the government should have."

As for the backbone providers, Brady said that because of the dire financial condition of most companies that manage the Internet backbone, there is little private money available to ensure the extra capacity should one or more parts of the backbone be attacked. Federal investment could help create and secure a more robust infrastructure.

"If this were voice communications (that were attacked) can you imagine (U.S. Secretary of Defense Donald) Rumsfeld's reaction?" Brady said. "That would be a national security issue. We must acknowledge that this is critical infrastructure and we have to find remediation."

"This is rich territory for Mr. Clarke and his people," said Julian, referring to Richard Clarke, President Bush's special adviser for cyberspace security.

In the meantime, Brady said that the pattern of past DDOS attacks make more of them likely in the near future.

"I would be worried that we're in a short-term countdown to more infrastructure attacks because they're just so easy to do," Brady said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?