Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
February 6, 2007:
Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic [root DNS servers] ... the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea ... The attacks appeared to target UltraDNS, the company that operates servers managing traffic for Web sites ending in "org" and some other suffixes
- root servers being attacked and 3 of the 13 names (there are far more than 13 servers) being virtually out of service.
The most affected servers seem to be single node servers. Servers with multiple nodes use a technique called anycast to allow the same IP used on multiple machines around the world.
- .org TLD name servers begin attacked (there are far fewer .org nameservers)
UltraDNS only handles the .org nameservers. There is public data indicating all of the .org nameservers had trouble during that day, but luckily not all at once.
- This incident: next to none.
- If all root nameservers would be unreachable, the impact would start to appear as recursive nameservers start to have expiring root information and therefore can't find TLD servers anymore. It's safe to assume popular recursive nameservers would start with cached information for the popular TLDs so such an attack would need some sustained time before it's effect starts to be felt around the globe.
Reactions of defending staff could help mitigate this.
- If all .org nameservers would have been out at once, the same as above applies, more or less, except that there are many .org domains and that the odds of them all being cached around the world on every recursive domainname server are much worse.
- no impact
- press feels this is senstional for some reason.
- it is (again) a wake up call for UltraDNS and ccTLDs to get their infrastructure up to speed with what is being done for .com and .net TLDs and beyond.
Anycasting all root nameservers (and major TLD nameservers) might be a way to stop global impact. Similarly, hidden servers used in addition to the public servers used by e.g. major recursive nameservers can significantly reduce impact.