It is not as bad as it sounds as the attackers did really not achieve
anything (apart from creating a media frenzy and making hosts of root
servers improve their security).
WEN
From today's Infocon:
_________________________________________________________________
News
_________________________________________________________________
(It is very difficult to attack such systems as there are too many
redundancies. Such an attack would only have a chance of success if it
lasted for a long time as other DNS servers would then be unable to
update their lists. What I am interested in is to know what would happen
if the US decided to cut off some countries and removed their domains
from the root DNS, would there be an impact? Does anyone know? WEN)
'... Still, the results were not severe. According to Matrix NetSystems,
the peak of the attack saw the average reachability for the entire DNS
network dropped only to 94 percent from its normal levels near 100
percent. ...'
[1] Attack on Net servers fails
By Robert Lemos
Staff Writer, CNET News.com
October 22, 2002, 7:40 PM PT
An attempt to cripple the computers that serve as the address books for
the Internet failed Monday.
The so-called distributed denial-of-service attack leveled a barrage of
data at the 13 domain-name service root servers beginning around 1 p.m.
PDT Monday and apparently is ongoing, according to Internet performance
measurement company Matrix NetSystems. Traffic from several Internet
service providers have been slightly delayed, but because the domain
name system is spread out and because the 13 root servers are the last
resort for address searches, the attack had almost no effect on the
Internet itself.
http://news.com.com/2100-1001-963005.html
Net backbone comes under cyberattack
http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_
cyberattack+.shtml
Key Internet servers hit by attack
http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm
l
Hackers' bid to cripple Internet fails
http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm
Root server DoS attack slows net
http://www.theregister.co.uk/content/6/27731.html
------------------------------------------------------------------------
‘Information is the currency of victory on the battlefield.’
GEN Gordon Sullivan, CSA (1993)
------------------------------------------------------------------------
Wanja Eric Naef
Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk
------------------------------------------------------------------------
Join the IWS Infocon Mailing List @
http://www.iwar.org.uk/general/mailinglist.htm
------------------------------------------------------------------------
-----Original Message-----
From: owner-crime@private [mailto:owner-crime@private] On Behalf
Of Jere Retzer
Sent: 23 October 2002 16:41
To: crime@private
Subject: CRIME Attack on the Internet Core
Apologies if this from SANS has gone out on the list already. It seems
very significant:
--22 October 2002 DDoS Attack Targets The Core of The Internet
The thirteen root name servers, effectively the master directory
for the Internet, were subjected to a large-scale distributed
denial of service attack on Monday evening. According to Internet
Software Consortium Inc. Chairman Paul Vixie, only four withstood the
attack. Redundancy designed into the Internet in the system allowed
most traffic to get to its intended destination without delay.
http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html
[Editor's Note (Paller): The only way to stop such attacks is to fix
the vulnerabilities on the machines that would ultimately get taken
over and used to launch the attacks. There's no defense once the
machines are under the attacker's control. If organizations have not
established vulnerability identification and remediation program for
all their systems - even the "unimportant" ones - it won't be long
before their foot dragging will subject them to economic liability
and community contempt for their negligence.]
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 10:31:34 PDT