Key Internet server moved for security
Published: 08 Nov 2002 08:42 GMT
One of the 13 key servers that let people reach addresses on the Internet was moved this week due to security concerns, said VeriSign, the company that runs the machine.
The move comes just weeks after hackers bombarded the "root" servers with a flood of data designed to overwhelm them and shut them down, an attack that raised the spectre of an all-out Internet collapse.
But VeriSign, which runs two of the Net's 13 domain name service (DNS) root servers, said Thursday that the timing of the move was coincidental and that the measure was part of a general program to reduce security risks.
The company said that as part of the program, it had moved one machine to a new, undisclosed physical and virtual location. The computer, known as the J root server, was previously located in the same building, and connected to the Internet through the same subnet, as its companion, the A root server.
Root servers store information that lets Net users get around by way of easy-to-remember domain names, such as Amazon.com, and spares them from having to deal with the numeric addresses, such as 66.201.69.207, that computers understand. The servers translate the domain names into their numeric equivalents, or Internet Protocol (IP) addresses. The 13 DNS root servers are spread out around the world and are overseen by various bodies, including the US Department of Defense.
A representative of domain name registrar VeriSign said the recent attack had little to do with the move. The company had approached the Net address system's primary oversight body in August with a request to make the security changes implemented this week, the representative said. That group, the Internet Corporation for Assigned Names and Numbers (ICANN), had recommended moving the J root server a year ago following terrorist attacks that destroyed the World Trade Center and damaged the Pentagon.
The problem of the root
ICANN general counsel Louis Tuton credited the 11 September attacks with renewed emphasis on securing the Net's infrastructure, including the recent cybersecurity initiative sponsored by the White House. But he effectively ruled out the threat of a catastrophic collapse stemming from a failure in the root servers.
"The root servers have gained a cult status that's probably undeserved," Tuton said.
Many of the tasks performed by the root servers are duplicated elsewhere, meaning that even if a successful attack took down all 13 servers at once, the Net would probably not be shut down, Tuton said.
The October attack took the form of a data flood, or a "denial of service attack", which sent a deluge of Internet control message protocol (ICMP) data packets to the root servers.
ICMP packets carry network data used for reporting errors or checking network connectivity, as in the case of the common "ping" packet. A flood of such data can block access to servers by clogging bottlenecks in the network infrastructure, thus preventing legitimate data from reaching its destination.
However, ICMP data is not essential to network administration, and many servers, and the routers that direct data to its destination, tend to block the protocol. That's precisely what administrators did during the recent attack to stop the flood of data from reaching the DNS root servers.
Indeed, October's attack may not have been as serious as previously claimed.
A death exaggerated
Originally, Matrix NetSystems, a company that measures network performance, had reported that both of VeriSign's root servers had been severely affected by the attacks. Later, though, the company recanted its claims, explaining that its method of measuring server uptime used ICMP packets, the same sort of data the attackers had used to flood the DNS root servers. VeriSign pointed out that it had filtered out such data, a move that stopped the attack but that had also made it appear to Matrix NetSystems that the servers were down.
Other servers that were thought to have been downed by the attack may also have been operating reliably, Matrix NetSystems explained on its Web site.
"Other DNS root-server operators, such as the Department of Defense, which operates the G server, also took steps to maintain reliable connections," the company said in its latest advisory, dated 23 October. "According to DOD sources, they immediately began rate-limiting requests and switched to stealth servers to thwart the attack."
Regardless of the success of the attack, bringing down the root servers would not result in a shutdown of the Net as we know it, according to Fred Cohn, a research professor at the University of New Haven who studies computer security systems.
Cohn said that the software that runs the root servers likely has flaws that could be exploited by attackers. But "the sky is not falling".
"The importance of the root servers has been overstated," Cohn said, arguing that their core functions could be rebuilt within hours. "This attack shows that it's possible to wreak havoc among a few hundred technical people who have to batten down the hatches... But there have been no serious negative consequences."
News.com's Rob Lemos contributed to this report.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
15 out of 60 people found this useful
- Share this article:
