Q&A: Internet pioneer Stephen Crocker on this week's DDOS attack
Computerworld - This week's distributed denial-of-service (DDOS) attack on the Domain Name System (DNS) root server system (see story) got the attention of the Internet Corporation for Assigned Names and Numbers (ICANN), the U.S.-created private group that is charged with ensuring the stability and security of the DNS.
ICANN, which has been increasing its focus on security issues since the Sept. 11 terrorist attacks, formed a security committee to examine what can be done to improve DNS system security.
Internet pioneer Stephen Crocker, who helped develop protocols for Arpanet, the original network that became the basis for the Internet, chairs that committee. Crocker will be discussing the DDOS attacks at ICANN's annual meeting in Shanghai next week, and in an interview with Computerworld reporter Patrick Thibodeau, he assessed the impact of the recent attack and outlined some of the options for improving DNS security.
Q: What's your assessment of the DOS attack?
Internet pioneer Stephen Crocker
In a sense, one can say, the defenses were tested and it turns out that the system is pretty good. The impact on the community was pretty modest.
Q: What's the bad news?
A: Does that mean we should all sleep soundly? Not really; suppose the attack was bigger or lasted longer?
I think the result there is somewhat nuanced. It's the nature of the DNS service that because there is a lot of caching [in other DNS servers], most of the world would go on pretty well for a long time, for a day or so, before there would be much degradation -- if all the servers went down.
If an attack went on for a day, vastly more resources would be brought to bear. It would be expensive, but I still think the impact on the community would have been relatively modest.
Q: How was the attack conducted?
A: There are two elements to an attack like this. The amount of traffic sent, and how long it goes on for. At the level of traffic that was generated, which was quite substantial, it effectively stopped some of servers from responding because they were overwhelmed with noise and not real traffic.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!