Online business Toolkit

Attack targets .info domain system

Tags:
Dns Server,
.info,
.org,
Attack

Published: 26 Nov 2002 09:54 GMT

An Internet attack flooded domain name manager UltraDNS with a deluge of data late last week, causing administrators to scramble to keep up and running the servers that host .info and other domains.

The assault sent nearly two million requests per second to each device connecting the network to the Internet -- many times greater than normal -- during the four hours of peak activity that hit the company early on Thursday morning, said Ben Petro, chief executive of UltraDNS.

"This is the largest attack that we've seen," Petro said. He stressed that it didn't affect the company's core domain name system (DNS) services, but administrators had to work fast to get the attack blocked by the backbone Internet companies from which UltraDNS gets its connectivity. "From a network management perspective, it certainly kept us on our toes," he said.

The attack came almost exactly a month after a similar attack targeted the DNS root servers, the databases that hold the critical information computers need to maintain top-level domains. Such domains act as the white pages of the Internet, matching domain names -- such as www.cnet.com -- with numerical Internet addresses.

Petro said that an investigation is most likely under way. However, the FBI and UltraDNS' own service providers, Verio and WorldCom's UUNet, were not immediately available for comment.

Investigators may have an extremely tough time locating the attackers, however. The flooding of networks, in what are known as distributed denial-of-service attacks, is typically done using forged source addresses sent from servers compromised by the attackers before the actual assault, a double level of indirectness that is hard to crack.

But the need to find the attackers has grown in importance, Petro said, given that the recent trend of attacks has shifted from targeting company networks to targeting the infrastructure of the Internet itself.

"When you take down Amazon.com, it hurts Amazon," he said. "When you take down .com, .org and .net, you are affecting the gross domestic product -- you are hurting the country."

UltraDNS, a member of the Internet Society, serves as the primary DNS provider for the .org domain. In addition, UltraDNS acts as the primary provider for .info and for the top-level domains of Ireland, Luxembourg, Norway and nine other domains.

"The reality is that the attacks keep getting bigger, stronger and faster," Petro said. "Like terrorism, you don't know when they are going to strike and how they are going to strike. Until we are able to dedicate attention to these attacks, until we can follow these attacks to their end, we are all vulnerable."

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.