February 6, 2007:
Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic [root DNS servers] ... the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea ... The attacks appeared to target UltraDNS, the company that operates servers managing traffic for Web sites ending in "org" and some other suffixes

Sounds like a valuable post to me.

That's dangerous - is some hackers can do it - just imagine what the FBI could do...

I can't tell what kind of attack this was - the description sounds like a DDOS attack, but there seem to be hints that it may have been something bigger and more ominous than that...

Yesterday I was surprised when I saw my site. My website have a heading mixed up with my other website. After 5 minutes I reloaded it again and it went back to normal. I thought I uploaded pages from my other website . But since it went back to normal than it was maybe this ultraDNS attack has something to do with it.

What would happen if all 13 servers was put out of function?

What would happen if all 13 servers was put out of function?

Probably chaos, depending on how much UltraDNS actually serves (I haven't done any research into them).

Most of the news reports were confusing two issues:

- root servers being attacked and 3 of the 13 names (there are far more than 13 servers) being virtually out of service.
The most affected servers seem to be single node servers. Servers with multiple nodes use a technique called anycast to allow the same IP used on multiple machines around the world.

- .org TLD name servers begin attacked (there are far fewer .org nameservers)

UltraDNS only handles the .org nameservers. There is public data indicating all of the .org nameservers had trouble during that day, but luckily not all at once.

Impact:
- This incident: next to none.
- If all root nameservers would be unreachable, the impact would start to appear as recursive nameservers start to have expiring root information and therefore can't find TLD servers anymore. It's safe to assume popular recursive nameservers would start with cached information for the popular TLDs so such an attack would need some sustained time before it's effect starts to be felt around the globe.
Reactions of defending staff could help mitigate this.
- If all .org nameservers would have been out at once, the same as above applies, more or less, except that there are many .org domains and that the odds of them all being cached around the world on every recursive domainname server are much worse.

Conclusions:
- no impact
- press feels this is senstional for some reason.
- it is (again) a wake up call for UltraDNS and ccTLDs to get their infrastructure up to speed with what is being done for .com and .net TLDs and beyond.

Anycasting all root nameservers (and major TLD nameservers) might be a way to stop global impact. Similarly, hidden servers used in addition to the public servers used by e.g. major recursive nameservers can significantly reduce impact.

I did a search and turned up this.
[tech.monstersandcritics.com...]

This refers to use of a botnet to overload the servers, rather than a direct attack from somewhere in South Korea.

The article links to this set of graphs
[dnsmon.ripe.net...]