Nine of the 13 鈥渞oot鈥 internet servers that direct all web traffic around the globe were subjected to a serious attack late on Monday. Attacks on these servers have the potential to bring the net to a halt.
The FBI and the Whitehouse are now investigating the incident, which began at 2100 GMT and lasted for one hour. A spokesman for the FBI鈥檚 National Infrastructure Protection Centre said officials were 鈥渁ware of the denial of service attack and addressing this matter鈥. Another official described it as the most sophisticated attack ever mounted against critical internet infrastructure.
It is not clear who launched the attack, or why. The servers were bombarded with fake traffic from a host of 鈥渟lave鈥 machines that had been hijacked by hackers. This technique is known as a distributed denial of service attack (DDoS) and crashes or severely slows targeted machines.
Advertisement
Phil Huggins, an expert with US security consultancy firm @stake, says the attack was technically pretty simple. But he thinks it is odd that the attack lasted for only an hour.
鈥淓ither they didn鈥檛 know the time needed to knock out the root servers or they were up to something else,鈥 Huggins told New Scientist. 鈥淚t may be that they were testing out their DDoS network.鈥
Master copies
The 13 root domain names system (DNS) servers store master copies of files that match all domain names to the numerical addresses used to route internet traffic. For example, the system maps www.newscientist.com to its internet protocol (IP) address 194.201.29.81.
Without this system most internet traffic would never reach its destination, although the DNS system should in principle work if just one server remained functional.
Ten of the root DNS servers are located in the US and the other three are kept at secret locations outside the US. Richard Clarke, cyber-security advisor to President Bush recently warned that DNS servers could be a potential target for terrorists.
Numerous free software packages can be used to compromise computers for a DDoS attack. The software can be used by hackers to search automatically for vulnerable machines and install the necessary attack tools.
Data losses
During the attack, seven of the nine servers targeted were incapacitated. The other two were intermittently accessible. The servers were flooded with up to 40 times the amount of traffic they normally receive.
Huggins says it would take at least four hours of continuous attack for traffic to be slowed to a level that would concern most internet users. This is because most web traffic is directed by thousands of secondary domain name servers, not the 13 root servers.
The incident is not believed to have had a serious impact on internet traffic because of its brevity. The companies that operate the root DNS servers rapidly contacted the firms hosting the slave computers, which were then taken offline.
But Matrix NetSystems, a firm that monitors internet performance said data transmission losses reached about 10 per cent at the height of the attacks compared with a normal rate of one percent. 鈥淪everal internet service providers have seen an increase in latency coinciding with this attack,鈥 the company said.