homepage Welcome to WebmasterWorld Guest from 54.196.225.45
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Hackers hit computers that manage Internet traffic
thought you might be interested...
dailypress




msg:3244847
 5:07 am on Feb 7, 2007 (gmt 0)

Hackers hit computers that manage Internet traffic
• Vast amounts of rogue data traced to South Korea
• Attacks passed largely unnoticed by most computer users

[cnn.com...]

 

AlexK




msg:3244862
 5:23 am on Feb 7, 2007 (gmt 0)

February 6, 2007:
Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic [root DNS servers] ... the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea ... The attacks appeared to target UltraDNS, the company that operates servers managing traffic for Web sites ending in "org" and some other suffixes

Sounds like a valuable post to me.

vincevincevince




msg:3244978
 9:50 am on Feb 7, 2007 (gmt 0)

That's dangerous - is some hackers can do it - just imagine what the FBI could do...

MatthewHSE




msg:3245202
 2:07 pm on Feb 7, 2007 (gmt 0)

I can't tell what kind of attack this was - the description sounds like a DDOS attack, but there seem to be hints that it may have been something bigger and more ominous than that...

mmontala




msg:3246019
 4:59 am on Feb 8, 2007 (gmt 0)

Yesterday I was surprised when I saw my site. My website have a heading mixed up with my other website. After 5 minutes I reloaded it again and it went back to normal. I thought I uploaded pages from my other website . But since it went back to normal than it was maybe this ultraDNS attack has something to do with it.

brandboerge




msg:3246106
 8:27 am on Feb 8, 2007 (gmt 0)

What would happen if all 13 servers was put out of function?

mattglet




msg:3246651
 6:29 pm on Feb 8, 2007 (gmt 0)

What would happen if all 13 servers was put out of function?

Probably chaos, depending on how much UltraDNS actually serves (I haven't done any research into them).

swa66




msg:3246963
 11:41 pm on Feb 8, 2007 (gmt 0)

Most of the news reports were confusing two issues:

- root servers being attacked and 3 of the 13 names (there are far more than 13 servers) being virtually out of service.
The most affected servers seem to be single node servers. Servers with multiple nodes use a technique called anycast to allow the same IP used on multiple machines around the world.

- .org TLD name servers begin attacked (there are far fewer .org nameservers)

UltraDNS only handles the .org nameservers. There is public data indicating all of the .org nameservers had trouble during that day, but luckily not all at once.

Impact:
- This incident: next to none.
- If all root nameservers would be unreachable, the impact would start to appear as recursive nameservers start to have expiring root information and therefore can't find TLD servers anymore. It's safe to assume popular recursive nameservers would start with cached information for the popular TLDs so such an attack would need some sustained time before it's effect starts to be felt around the globe.
Reactions of defending staff could help mitigate this.
- If all .org nameservers would have been out at once, the same as above applies, more or less, except that there are many .org domains and that the odds of them all being cached around the world on every recursive domainname server are much worse.

Conclusions:
- no impact
- press feels this is senstional for some reason.
- it is (again) a wake up call for UltraDNS and ccTLDs to get their infrastructure up to speed with what is being done for .com and .net TLDs and beyond.

Anycasting all root nameservers (and major TLD nameservers) might be a way to stop global impact. Similarly, hidden servers used in addition to the public servers used by e.g. major recursive nameservers can significantly reduce impact.

fabricator




msg:3248489
 2:37 pm on Feb 10, 2007 (gmt 0)

I did a search and turned up this.
[tech.monstersandcritics.com...]

This refers to use of a botnet to overload the servers, rather than a direct attack from somewhere in South Korea.

The article links to this set of graphs
[dnsmon.ripe.net...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved