Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Root Server Attack Fizzles



 By: Matt Hines
2007-02-07
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
An attack, apparently intended to get the attention of the security community, failed in its attempt to bring down the Internet, analysts say.

An attack, apparently intended to get the attention of the security community, failed in its attempt to bring down, or even slow down, the Internet, analysts say.

According to the ICANN (Internet Corporation for Assigned Names and Numbers), the attack was aimed at one of its root servers—the top-level servers that translate requests for names into IP addresses so computers can retrieve the data on the Internet that users need.

The attack, which took place early the morning of Feb. 6, was described as a distributed denial of service attack, and was apparently intended to so overwhelm the target servers that Internet users would be unable to resolve names, and therefore not be able to reach some Web sites.

Unfortunately for the perpetrators, their efforts went largely unnoticed. In fact, at Verizon, which operates metropolitan area networks including MAE East and MAE West, was unaffected.

A spokesperson said that the operators of those networks were unaware that the attacks had taken place until theyd read about them in the news.

"It was a concerted attack," said Paul Levins, vice president of corporate affairs for ICANN, speaking to eWEEK from Brussels, Belgium. "What it demonstrated was that the distributed nature of the Internet withstood it, and the average users would have barely noticed," he said.

Levins said that while there are a number of theories about where the attack came from or who might be responsible, he stressed that nothing is certain.

"Were still analyzing the attack itself," Levins said. He said that ICANN was analyzing the root server that it manages, but he also noted that the Internet community as a whole was diligent in its approach to handling the attack.

Resource Library:
"Theyre analyzing it based on fact rather than making early statements about what the motivations were or the targets were," he said.

Levins said that a few of the root servers were affected heavily, although he said that theres no indication yet that any were actually taken offline as a result of the attack.

He said that because the root servers, as well as the staffs that run them, are highly distributed, the operators could work to mitigate the effects of the attack. "We learn from those experiences, which is a good thing," Levins said.

However, security experts said they were puzzled by the nature of the attack, and they had some ideas of their own as to the motivations, and origin of the attack.

"I think that its quite strange that the bad guys used botnets to attack the Internet," said Eugene Kaspersky, founder of The Kaspersky Lab in Moscow, Russia. "To develop such a botnet takes time and resources. Usually theyre developed to steal money. In this case the botnet was used to attack the Internet. I dont see the reason."

However, Kaspersky noted that despite the best efforts of the attackers, not much actually happened.

"Its kind of Internet fireworks," he said. "Its just a joke." Kaspersky said that more details are needed, however, before the attack is really understood.

Other analysts agree. Randy Abrams, director of technical education at anti-virus software company ESET said in a prepared statement that the impact on the Internet was minimal.

"While the motivation for the attack is unknown, there are several plausible explanations," he said.

Abrams said they included mischief, diversion (so that something else can be attacked while the analysts are focusing on the root server attack), or for testing, so a bigger or better attack could be developed.

However, David Moll, co-chairman of Webroot Software, said he thinks he knows whats up, and that he thinks its no coincidence that the attack happened when it did.

"Its very clearly a coordinated and sophisticated attack on the largest infrastructure in the United States and globally," Moll said. "We believe its a coordinated muscle-flex while the industry is meeting this week at RSA."

Click here to read more about security products expected at the RSA conference.

Webroot CTO Gehard Eschelbeck expanded on the companys findings. "Theres been a clearly visible rise in botnets over the last couple of weeks," he said. "We believe that was a clear sign of preparation for this attack."

Moll said that the company also thinks the location from which the attacks were launched has been found, based on what theyre finding from their human researchers and their automated threat detection network. He said it was a multi-pronged attack originating in South Korea.

Webroot CEO Peter Watkins says he thinks this experience will help security researchers prepare for the next try.

"We believe we can begin to establish predictive patterns in the use of botnets," Watkins said, "and better predict these types of attacks when we see a malicious uptick in activity of the nature leading up to this type of attack."

"We should be able to throw up warning signs," he said, but added, "We should also be better at coordinating with the government to share this kind of information."

Kaspersky said that while the attack on the root servers could have been serious, the Internet has other, more serious, pressures already.

"There are bigger problems. There are more fresh worm attacks. There are better distributed attacks," he said.

"There is a low risk that the Internet can be damaged by such an attack," he said, adding that it would be much worse if such an attack were aimed at a single provider.

Kaspersky said that the Internet is designed to survive attacks that are vastly worse than a denial of service attack against a few servers. He noted that even huge natural disasters havent managed to bring down the Internet.

"This demonstrates how well the Internet is built," Levins said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Root Server Attack Fizzles
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r۸j5N6ŋvlɱVlR╩S(H"Hʗ̙/Oo<xӅ|I2{ǩ6ЍFhDgg/DN}dr%3g4D;;?6ЇP|ki=*rdx#sJԲ|W7RGn3P/?a(Q[Y|1P:xtDzf@daQӸ/*! lpa#j)y'Cܻ ۱ȭB¿{k׳߀Cݸx퓹gE-"'l,Rۄ@ظtJazH#j8Esؗ}YG3ͰL:o@6M-jZUQ bk;mִGέoĩq3{wmW~*eUv;\HQPw@ږVj0gn{'Oӷq@N{A~$Fj}& D%\.fI&0h56ttr:~Xsx\㍒~nNV4E; KHr ])21,ԐY;~K~2ˋNMNl,OaR422V,]鬘ȏ7Aժutq9ouz{IZOvY3 h+?fV'_ZUCp='^=:$,rC=jiTj{K{|&޺xx9"9I GȿNg۾Bd}#7ReQ oG(ǚ %{9"3NE [- ujfPko4f!`Fܼ玀R49Vϡ蟩$Wm4@rݳذ 1"%̛ _kJqOe $}ВEtBAͨ0 .)J!"xF3F BD4?CzC0&pt/\~_5G\֛esJVt];yaZTpx=i]t{]t0*>cq4Y`A-. 8Ź:on:jr-6wRA^Tjr{ h-dj`qaeJ}D ޽AgU|FG|V궝x>:AGAticŦh4N@7&h`C:}ҍ:L w|hx: Ca`ΨsZ LP#AтMx>tw&>ld$4o(sukLnLσJCˋ0P= 2/?>axsܧP}MrAݙ39ݴiǀxt47(w.%Ϸ2J`n.G))(H'hI#r Bг!,`@o!`{`[Xk ab .<ҦBI]vn<){TKh!+K@fsfh(4{^j1!UG,D`v9J,L.~X O6jԍebQ9дZ hқMÄ%=bi]y5"MX&# K8Y fzn8m'ȓcPr׃ +L+f9L)A\_XHLnlQ̴a85) 0|Ch#eBC`9N{Sg]2(O085vcy s3tNn~|FpIN3_iy:grGֶLo J% jJ=SsA|5 i!3L&Ze nO RNm'Xk5F>=c*O|IVtxOF ‘"=yj S}!T0|$ VD07pl)5tl*FuIx-!/?ˇI%$tX2=j=tǜ}h32 yEZ JL ajheU-UjR _{}|s??=edԌRp81< _w~~f Q9pY ׃~_m;Bgs|eLZմlxXa)Ry=F3Zman5[3Lᗬ۩6{0v? j􍹏58`w4 Ř)3%Jt( ֹB\U4UeԻ6ubH=#Cn`JEWFڬj{nM==K$*Xw]2>̌:k}]\WJZP kiyE‡1eD!S#2z oq[kh0h-f;Z;pLj'  k欩h+sJbOW2EߘiztqlFITy3is{,s-_L}zK>(Oq釛L+ S0SIl x@̬+Gj1m97a~006i-0P>\մR/ ؈9|6u8[?`gSJU08. LB!lܕ[2A^c_?J=[L4@V1-0]̞̙A mۨ5 L Vjea bȈCrfH|^%Zip\?lz*%\.Yid {2u9p\e};cG*z)OTʜYEo(QU-q'F.҄^ߵKbvvLʲH٭PSV82V6J\)aoA~fZTHU%}E࣏G?^nVɥڽv?fIG|)AU$UHU(V $zUrm4rOkXD+(++i-^2۹e mE9[ 4ʨKV-,sK"hʌg _|r[rn)tyĆ5(4CwFyp0 O+s4$َbVpDMc?ցh)031R#ٸUZS%봪I>NM= h˃QaߋCuRԣ{{kC4}3݀,;L)y3ḣ)usC\Դ"hw ĶRs?'Dpĵ) rN-ã,D(d0rYj+dP\xO+&=^a?up-<93=QhZavOT+ʬ2 cw.>Bﴪ 1@ E D@;n߱oUv٩G#;Dw%]OWVd4O}=Kͳ}<3su_t{~{ODyID߫%nϥ%<47sjkZ>~;mF+"$ _93ys.}=^xsޖs5ADH}䄬W!yNFSLo2XGZ[=ֈdȰ Z_ƥ{j_rfiZ ^Ok5W'27e8XFsvY_aݪ,d"|CL($T0r `$X)XAU:]6?GG:Ki6P^S(+RJ)"4FYO |Ze3_f3Rt<~Qr:Po1Mr!}K_cOߗf4~ P=8,rh%縵vRtO0?x>6z? i^3/p𽇻"TS8jLш&r֚SE[@ {t#1aTwd e~=m2결uC$ܟ1ON)tJȓÓ!G=)*ښIդ"8I5F4A2 uIH? Md4XPW Pق.'59۴8]9{u<<RpLCRCs< 'B}$XyC0Ť3DJ^KjpVKu^N4~x=Na.սLU''y/wuϏZEbݙmsmD;1uv;2x;zZ1?ݞpne9?jw`[teNx?HАߘ=p8#M[_:7ؓ9 Goc"Ǯf'ݻ~Zw[q*A=wE<-L>?Gdc:M"I^U֭UdU)I=YDG㳑)G8b/g`@L6COځ{-3(m#{F5^;0{KL׻Kx9*~OOw4]f+wuB%umJKz%nwQhr;D҂%i(qQ#{"F%{two FuUL&mvuOy 3'Kmx<^tY AAXy !Vsl8Grs&8<O$euw#S''Sc3HF#%c&ySϱmF @|Րg;as*|b \<e/&qFL||x8=$+' g|o#'_M_j S Mk!1 %S%O4y˭0L L ۡ'Vxe86[bw[057| ttfڰJ~vːu9\Lx'꣟f_V H˂,ay=GBn#z7#wbc 'P6bK:8R_t*7M7IlJiԛ>a 3㻴qЌ̲ غt@D"_F NѡD魿O@He iQ$AثhJ|-C3k/[`wUn5dER4II|ﰧ,N_ ?K̆(IcǓ4EU| ~0|L?z&]z!x*!xV QTUJ2DHy&"$–CgH^LB ,X3xۋ}1#iaKߞڦlU|v:R֌ґ3FR1q䒐ҞGc  NB\4rx_d )$4#X)kϚ"˴1[& {ݗ>XS K~CҴr8+XR">ID/_!bx#&R~.M^xqK6gJnI"?TЊr)C@dH[@ 3^~ZYHRck 4}%R'=`PCC}K(ERk>(gFrjYc@L5 >#llcÊir^2ǥ8ŋz0000_ևY30c5swFsV/]:C\^%7Z񢁅9b}N $v>3@i_yQml\uarHZ R &f  =ځgk۹hB_ ^ !aXS?*p>A~_1`r b0գCm#P$E"#s|KVxV$=ykCy~'dS:t7uT١I+_a>X~o3B6~J;FfCWz㾃#g%ŏtϻ@ xn ?{8[x /`QHx, r8D.^m& q Fy~JxTÇE_yW.Mftg^* [Bԁ !0G!gp!'MqmlZ=`/}V_>-cna?%Ζ0ht*X~zVF84%Ə{ P&x %y]h`?%דC-}Em I@tB\,GoncÊ/ [)$;L؉, O ycxdBMKb}G,Ԝ:S%< Iz4sER"hZ8wY١[b{Gc#2g%(i<ŗ˭dwI}ۓ D &Lla"|5Fu%ÆfZ@CњcBEݒ.ZT2}g߯F4AH$pHxmIJ 6ٞ춸7}cw.L6:LS;>O!΀x4`TJwZ) ltî6ZE φmD7qK 8u\ݲDHޕ%T#=y4MqкkP!Ai'f5N͎c6S7{M_ro&`ljV( S=~]Uֿe=:snR7Y,)eegbp, D˼y5Ճ=0I}G¡YKj|ubMZ$t86?wSXD2J3Lfh` n4/' z:.fSj΍c^+P5?}rg闶QvQ}uL`&2_Ӳ뿕$yh1%1Y~GjOOQ5M.&NF[!"L7kE_A- ϴjgϡ:K|+ST!7^H݅:")w?F* nO2X#g4S\0kL]긯 7q6F+:_%n%SuRJy'b\ t;8y'#&ФC>y|' [DxQ)W=.^ oN R=vxr٭?PX++F]Xsc[~tSQe^? D*Xӹ#)5|5XE :R]ĆKWc ʱ, <~މ!&ƘKjxVQjj~zz_ZbiE.c 2uuWHk̘xk4vlNz yԥ:BMDE7&TBh`>bTi  6G󴦘`Cy<VzZ3XZOkP;Xif yb+n'-浻sx"(ͪND`h*O| 1姢,Ht^vN;r"xlSaZ৿ ~r1sn96*1̦AB ?ZA)r]?3|US*Z <\GNqW̜遅I\1ڣvc0/bZNa=`~Wc4~3~ &txZڊBLkLн3Bsl^?busι\`{Ͱ|kEZ`3+nslKZIȶ8+ilwAYN%GS=9m6=a%=~RBl$:*=;s\1liow {rBǛh%=Q4 4&;wP3\TbЍB1˪M;InPpY?e=` '^z#nwZU}sAȚXwt J 3ݴX8Њ/=o›I XPpƒuA+WTD~>Nd>M{E t<.$:WD="7z~̥7f?= .M8 roEVIz# ,ŐŞ?ZED# I}n@~hvNywۗ= dȎ;s&a u..4{>(4> ML <8$EuE)d1wEy–2Vzh c>zSH%B|1[GB(W9Ĝ#ݵQo_}<)5 ԝ 8 `8.gj9lU%&P9 dU ?M=/nrn-i`I; ឰ 5" Ln#BFxL1fH'i͈֜ iuU {Qh\01Feŷ^(l;b21c|>O$Z`,KET&}aA=`Aa^%~eKL)awSa/xs ` 3 u|`EP00aLo?gAP̯nΆtyAff#p͒w\j:rtT(ʞ2|{C` > cyrcRC´vxX-><& .ycI ^yN4X+Ő 7LXzwj@h),f,TՊR &uU !2,=VR"{<>ŻAgu~^*·ӄ^I+\A] / PIZ W{uC=`fڟ,\yqqw/I_ۤwtٹw}ڽ“S֊_n՝nQq}q9Ǧ31F;6OM&E`<ejY)sC9,jO6W#\frxixɎ>+ah,.69tQwPJTٌ/!jbTũ`b_1oZ^O˦V\k!??@Vʼnt,3]r2[Zmzfx9j0]=W܄  @1@C|k{5Bx_m;fAoP~ (By794h3ʏh}18>3#\_~5N:;\(u2yF9\C/3^_~ O3l83,3{A3Y} π?2 ,?QF3?2O$P3(?(=s 9;..n~f /2޿23/(_3*>e )~WP~U{WUFWW$)cf5/pvJEsQ^53T}~)P5(ge3Vڍna{Ar!ge_/C@qsqm%R+ ]Q%>=Mk[I2n@Kȣ_xi +{J)OW4<< X1rnmŚ/JYy8qF t=}}Z0QǒGЬg]#=Dx?|k2x7i0@ۓ{\pmঠϻH^-AkOW,=<&7S-"ţ;ZʈPcvdmoCdy$ N݁σfţu.T+6:5,Q3[ LjC?s Hw?F·^V_q3lc}k}?W;}y<\4߷C{>'K*8uߜ:SO?}Y&@Y8's)7a4%DFzrt5pÅ̹H3aL ;J墦 V˕R;yG;D"ð{`ɪ"+Uw9 طV++R0X\^9Q(Fuo*K0>z!J1 -4c֭dKc(Op EУ Gu_ŗ1 {7/ ^"_v3:mc(2)R1 1@eN*q0*b>d%Q&\ʠaCao/XbKZ;c`\G;o=2gjy }dy0\9Khn@<@c d߻A!N/M<:^xw q^=Lw1 hJ/.ӡx}KQ,Vk 5t0=_4u–'*F'BN;6^X\$ǖ]`>s7R:=fՇ<0 ۏV./'"uRxY,0'zmf2-ԃ`q%?tLfLe~IOf@L V8,>/޺chd1ck +CP<ՍPKGJF= 94Id`?`8e ,OV@U}C 1,[ԟ1P EY/uY{N6 )4Mϫ΢P szlo%()%y+L9(نxa]*oOe[BI<-<>,;eCgI2T~{F=*P=fZP:] v"0%Yz+Io=G}c_VeńK!F>ׁ./#%##R.ܐOF{/)0XPy4m?'6}Bu+mCwj;;6˖;3G3F)f$NSxSEz?& G2[Oulם8E# P1қvn-:P1$+nvGD '7>6'كl2p~}́!XsCQ%W` =ݻ;ܨNAEVb0yMvSFߟ2"L) Ԣ3g(\*],1Ał?vLwVp!"CQ*Ԯ^x9`^|˼+AўYm0w>L/#]Z$C`WH؂{Xi[e1RpCV)tOč티AVtHEk,^zXٻ Ps:hՆG0ޏq[PRl@xS a ˶E=b농 ѨpSTVD^m7u ۊ|Va=vkscCΜ *φŀ{Ⱦ1 ^f#hűWExg)C2^#s!? Ln3m^^kti( aavXf0 'Ɣ ϰ"- sexDh\"@"[]2*'A-Z12Mo,gkV"K깘#yAs3=v=g4wvX0~v19&Y>6s3a=`>]x O!0(F"eS1C'@n0\|H d9[\O^مnuv3\j /YH~> \99.@OI"cXM1}aE|qiOR<'\B0,#ֿŠN|mt1Ny_:nuN?Jz#*`Ngo>!2D!6xvIEQ{ş׼yeyK +Z(K- Q{jA0}EꜿOVzv`ols gq7*Р~g樮jez'1l5mEg,3rYOjJZR۝ߺ"f/On6PU&s)# MWj\)M39Q2kEs+q>tgLp -ͱeRZ`l/Z6v?f*N(