Attacks Target DNS Servers in U.S., Germany

Computerworld - In similar incidents separated by only a few days, Domain Name System (DNS) servers at Network Solutions Inc. and a domain name registrar in Germany were hit by denial-of-service attacks that temporarily disrupted their systems.

Network Solutions was attacked last Tuesday and suffered degraded performance on its WorldNIC name servers for about 25 minutes before normal operations were restored, said a spokeswoman for the Herndon, Va.-based company. She declined to disclose the measures Network Solutions took to mitigate the attack.

Prior to the attack against Network Solutions, the DNS servers at CSL Computer Service Langenbach GmbH, a Dusseldorf, Germany-based company that operates a domain-name registration business called Joker.com, were targeted by what the company described as a "massive" series of denial- of-service attacks.

In an updated advisory that was posted on the Joker.com Web site last Tuesday, CSL and its business partner, EIS AG in Zug, Switzerland, said the attacks were "another order of magnitude than [we] experienced ever before." They began on March 20 and continued to cause interruptions through March 26, the companies said.

Quick Action

DNS services were completely interrupted for a short time after the attacks began, according to CSL and EIS. CSL responded by adding more domain-name servers, some of them hosted in external data centers. It also reserved more network bandwidth for Joker.com and set up automated procedures for reacting to unspecified incidents.

The various measures "seem to have helped, since the later attacks did not affect our systems as much as the first one," CSL and EIS said. They added that to provide further protection, they will "significantly increase and spread" the number of Joker.com name servers and take other undisclosed steps.

CSL and EIS said that about 15% of the Joker.com domains were affected by the attacks. According to Netcraft Ltd., an Internet performance monitoring company in Bath, England, more than 550,000 domains are registered with Joker.com.

Attacks against DNS servers have been rare until now but are viewed as being dangerous because they can bring down large numbers of Web sites.

Earlier last month, VeriSign Inc. said that about 1,500 organizations worldwide had been hit this year by unknown hackers who used botnets and DNS servers to launch denial-of-service attacks. In those cases, though, the DNS servers were used to amplify the effects of the attacks and weren't really targets themselves.