Net backbone withstands major attack

IDG News Service - The Internet withstood what appears to have been a major assault on its core infrastructure late Monday when all 13 of its root servers were attacked, according to a spokesman for VeriSign Inc., which operates two of the servers.
The distributed denial-of-service (DDOS) attack started at about 5 p.m. Eastern Daylight Saving Time and lasted for about an hour, said Brian O'Shaughnessy, a spokesman for Mountain View, Calif.-based VeriSign, the largest Internet domain name registrar.
The FBI's National Infrastructure Protection Center "is aware of the matter" and is "addressing" it, said Steven Berry, a supervisory special agent with the FBI's press office.
Root servers are used by the Internet's Domain Name System (DNS), which takes easy-to-remember domain names used by people, such as www.computerworld.com, and converts them into the numerical IP addresses used by computers.
Four or five of the Internet's 13 root servers kept working during the attack, allowing Internet traffic to keep moving. The DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to a report Tuesday in the online edition of The Washington Post, which was among the first to report the incident.
No major outages occurred as a result of the attack, according to the Post, meaning Internet users were unaware of what had happened. Nevertheless, one anonymous source at an organization responsible for the system told the Post, "This was the largest and most complex DDOS attack ever against the root server system."
Matrix NetSystems Inc., which tracks the status of Internet traffic, said yesterday that the DDOS actually lasted for as long as six hours and may have slowed down Web traffic and the delivery of e-mail for some users late Monday night.
"What happened was dramatic," said Tom Ohlsson, vice president of marketing at Matrix NetSystems, which compiles reports that detail how much traffic goes through the Internet backbone at any given time. "In terms of damage, the worst is probably behind us as of [yesterday]."
DDOS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic. They are typically very simple to carry out, Ohlsson said.
Officials at organizations that operate the Internet backbone told the Post that they don't know who is responsible for the attack.
Matrix NetSystems traced the attacks to a number of U.S. Internet hosting service providers, as well as one in Europe, which likely acted as "unwitting hosts" to the perpetrators, Ohlsson said. He said the attack could have originated anywhere.
A spokeswoman for Microsoft Corp.'s MSN Internet service yesterday said it hadn't noticed any slowdown in traffic.
VeriSign said its two root servers kept working during the incident. "VeriSign expects that these sorts of attacks will happen, and VeriSign was prepared," O'Shaughnessy said.
Other root server operators include the NASA Ames Research Center, the U.S. Army Research Lab, the Internet Corporation for Assigned Names and Numbers and the Internet Software Consortium.