[ISN] Experts make changes to defend against Internet attacks

From: InfoSec News (isnat_private)
Date: Thu Nov 07 2002 - 02:51:54 PST

  • Next message: InfoSec News: "[ISN] Notre Dame math whiz cracks Certicom code contest"

    By TED BRIDIS, Associated Press 
    WASHINGTON (November 6, 2002 4:39 p.m. EST) - Experts have made an
    important change to the 13 computer servers that manage global
    Internet traffic, separating two of them to help better defend against
    the type of attack that occurred last month.
    Verisign Inc., which operates two of the root servers, moved one
    computer overnight Tuesday to a different building in an unspecified
    location in northern Virginia and onto a different part of its
    network, company spokeswoman Cheryl Regan said Wednesday.
    Verisign said the change was designed to ensure that a hardware outage
    or focused attack targeting part of its network could not disrupt both
    The last such move to any of the 13 servers occurred in 1997.
    The FBI is investigating an unusual electronic attack Oct. 21 that
    briefly crippled nine of the 13 servers, located throughout the United
    States and in three other countries. Seven failed to respond to
    legitimate network traffic and two others failed intermittently during
    the attack, which lasted about one hour.
    Service was restored after experts enacted defensive measures and the
    attack suddenly stopped. Verisign maintains that both root servers it
    operates were not among those overwhelmed during the attack, even
    though they were on the same part of its network.
    Most Internet users did not notice the attacks because the Internet's
    architecture was designed to tolerate such short-term disruptions, but
    many experts were surprised at the coordination and brief success of
    the attackers.
    In "denial of service" attacks, hackers traditionally seize control of
    third-party computers owned by universities, corporations and even
    home users and direct them to send floods of data at predetermined
    FBI Director Robert Mueller said last week that investigators traced
    most of the attack traffic back to hacked computers in South Korea and
    the United States.
    This week's change was approved by the Commerce Department, said Louis
    Touton, an official with the Internet Corporation for Assigned Names
    and Numbers, the nonprofit organization that manages technical changes
    for the Internet under authority from the U.S. government.
    Verisign moved the server after it received approval for the change
    Monday, Regan said. The company first sought permission this summer.
    Microsoft Corp. discovered and fixed a similar architectural flaw on
    its own corporate network after attacks in January 2001 prevented
    millions of customers over two days from visiting the company's main
    Web sites.
    In that case, Microsoft discovered that all four of its key
    traffic-directing computers were on the same section of its network,
    allowing hackers to overwhelm them easily by sending floods of
    spurious data to that part of the network.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 05:00:16 PST