The Premier Event for Interactive Advertising

Regional News: Boston | D.C.| New York | Silicon ValleyMore Tech News:Newslinx
you are in:
7 day summary

Be a Commerce Partner
Domain Registration
Register Domain Name
Business Search
Promotional Items
Cheap Hotels
Internet Marketing
Corporate Gifts
Cheap Auto Insurance
Auto Insurance

Newsletter Signup

Internet Daily

InternetNews Business Report

Boston News

DC News

NY News

SiliconValley News

select a newsletter above, type your email and click the arrow to sign up!

Newsletter Signup
DJ 30 10238.22 25.00
NASDAQ 1936.92 -9.41
S&P 500 1114.34 1.53
Market data delayed a minimum of 15 minutes

get quote
Internet Lists
Internet News
Internet Resources
Linux/Open Source
Small Business
Windows Technology
Wireless Internet
xSP Resources

Corporate Info
Tech Jobs
E-mail Offers

The premier DRM conference & expo
hot topics
Google's IPO
Mr. VoIP Goes to Washington
The Great Demand for On-demand
Microsoft: Loosening the Grip on Source
RFID - An Internet of Things
most popular
China Eases Taxes on U.S. Chipmakers
FCC Approves Spectrum Swap
.NET Framework 2.0 Boosts Web Services
Groove to Unveil Virtual Office 3.0
Experts Question UN's Anti-Spam Plan
Try the award-winning BEA WebLogic Workshop 8.1 and find out how easy it is to build and integrate enterprise applications. Click here for a FREE developer license!

October 23, 2002
Massive DDoS Attack Hit DNS Root Servers
By Ryan Naraine

A massive distributed denial-of-service (DDoS) attack (define) of unknown origin briefly interrupted Web traffic on nine of the 13 DNS "root" servers that control the Internet but experts on Wednesday dismissed the overall threat as "minimal."

Sources say the one-hour attack, which was hardly noticeable to the average end-user, was done via ICMP requests (ping-flooding) to the root servers. In a typical DDoS attack, hundreds of "drone" machines are used to remotely pound IP addresses. While the common ping program sends on 64-byte datagram per second, "ping flooding" attacks can emit ICMP echo requests at the highest possible frequency, experts explained.

Internet Software Consortium (ISC) chairman Paul Vixie confirmed the ICMP request source of the attack on the NANOG mailing list but maintained the DDos attack "was only visible to people who monitor root servers or whose backbones feed root servers."

"DDoS attacks often end up hurting intermediate links in the path more than the destination of the flow... The average person who just wanted to use DNS to get work done didn't seem to notice it at all," Vixie added.

The ISC, which manages one of the targeted root servers, reported 80Mbps of traffic to its box, more than ten times the normal load but sources say the attack merely slowed sections of the Web and did not completely block service. Other root servers managed by Verisign and ICANN saw more than three times the load they normally handle.

During the course of the ping-flood pounding, only four of 13 root servers remained up and running while seven were completely crippled. (See graphs here).

The 13 DNS root servers are the backbone that runs the domain names and IP addresses on the Web.

Despite the fact that the attack appeared to have minimal impact, the Federal Bureau of Investigation (FBI) and the U.S Government's new Department of Homeland Security are investigating and published reports say the early suspicion is that that attacks originated overseas.

A spokesman for the FBI's National Infrastructure Protection Center (NIPC), which tracks service attacks on the Internet, confirmed an investigation was underway.

While DNS server attacks aren't uncommon, the latest pounding to the 13 root servers stood out because it was orchestrated over a one-hour window and appeared to be the work of experts.

Coming on the heels of cyber-terrorism threats and the government's own warnings, security officials say the FBI must take this issue seriously. "Attacks orchestrated with this kind of complexity and power generally can't be executed by your run-of-the-mill "Script kid." It would take a lot of firepower, to amass the servers capable of that kind of bandwidth," said a freelance security consultant, who declined to be named.

A spokesman for UUNET, which is the service provider for two of the root servers, told it was the "largest, most targeted attack" ever seen. "This did not affect the end user but it was huge and concerted. It was rare because it was aimed at all 13 servers. It was an attack on the Internet itself and not a particular Web site or service provider," he explained.

While the ISC's Vixie noted that the only way to thwart an attack of this magnitude would be to over-provision, many believe that if the attack was sustained for a longer period, the effects could have been catastrophic.

Individual Web sites facing a Denial of Service (DoS) attack can find assistance here and here.

Developer Archives

recent headlines
Developer News
On2 Streaming Java Applets
Sun Rising on JDS
Start-up Forges Open Source BPEL Group
Microsoft Offers ISVs New Royalty Program
Novell's Latest: Professional Open Source
More News...
Top Stories
SAN Vendors Still Facing Pricing Pressures
Sun Rising on JDS
Report Chills Chip Futures
Technical Analysis: Chips Hang On
Investors Look To Intel
More News...

Contact staff

JupiterWeb networks:


Search JupiterWeb:

Jupitermedia Corporation has four divisions:
JupiterWeb, JupiterResearch, JupiterEvents and JupiterImages

Copyright 2004 Jupitermedia Corporation All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers