Computerworld - This week's distributed denial-of-service (DDOS) attack on the Domain Name System (DNS) root server system (see story) got the attention of the Internet Corporation for Assigned Names and Numbers (ICANN), the U.S.-created private group that is charged with ensuring the stability and security of the DNS.
ICANN, which has been increasing its focus on security issues since the Sept. 11 terrorist attacks, formed a security committee to examine what can be done to improve DNS system security.
Internet pioneer Stephen Crocker, who helped develop protocols for Arpanet, the original network that became the basis for the Internet, chairs that committee. Crocker will be discussing the DDOS attacks at ICANN's annual meeting in Shanghai next week, and in an interview with Computerworld reporter Patrick Thibodeau, he assessed the impact of the recent attack and outlined some of the options for improving DNS security.
Q: What's your assessment of the DOS attack?
Internet pioneer Stephen Crocker
In a sense, one can say, the defenses were tested and it turns out that the system is pretty good. The impact on the community was pretty modest.
Q: What's the bad news?
A: Does that mean we should all sleep soundly? Not really; suppose the attack was bigger or lasted longer?
I think the result there is somewhat nuanced. It's the nature of the DNS service that because there is a lot of caching [in other DNS servers], most of the world would go on pretty well for a long time, for a day or so, before there would be much degradation -- if all the servers went down.
If an attack went on for a day, vastly more resources would be brought to bear. It would be expensive, but I still think the impact on the community would have been relatively modest.
Q: How was the attack conducted?
A: There are two elements to an attack like this. The amount of traffic sent, and how long it goes on for. At the level of traffic that was generated, which was quite substantial, it effectively stopped some of servers from
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
