RE: CRIME Attack on the Internet Core

From: Gunderson_Dane (dane.gunderson@private)
Date: Wed Oct 23 2002 - 10:13:31 PDT

  • Next message: Zot O'Connor: "RE: CRIME Driveby DOS"

    http://www.internettrafficreport.com/7day.htm  fun location that seems to
    confirm that fact
    
    -----Original Message-----
    From: Wanja Eric Naef [IWS] [mailto:w.naef@private]
    Sent: Wednesday, October 23, 2002 9:35 AM
    To: crime@private
    Subject: RE: CRIME Attack on the Internet Core
    
    
    It is not as bad as it sounds as the attackers did really not achieve
    anything (apart from creating a media frenzy and making hosts of root
    servers improve their security).
    
    WEN
    
    From today's Infocon:
    
        _________________________________________________________________
    
                                    News
        _________________________________________________________________
    
    (It is very difficult to attack such systems as there are too many
    redundancies. Such an attack would only have a chance of success if it
    lasted for a long time as other DNS servers would then be unable to
    update their lists. What I am interested in is to know what would happen
    if the US decided to cut off some countries and removed their domains
    from the root DNS, would there be an impact? Does anyone know? WEN)
    
    '... Still, the results were not severe. According to Matrix NetSystems,
    the peak of the attack saw the average reachability for the entire DNS
    network dropped only to 94 percent from its normal levels near 100
    percent.  ...'
    
    [1] Attack on Net servers fails 
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    October 22, 2002, 7:40 PM PT
    
    An attempt to cripple the computers that serve as the address books for
    the Internet failed Monday. 
    
    The so-called distributed denial-of-service attack leveled a barrage of
    data at the 13 domain-name service root servers beginning around 1 p.m.
    PDT Monday and apparently is ongoing, according to Internet performance
    measurement company Matrix NetSystems. Traffic from several Internet
    service providers have been slightly delayed, but because the domain
    name system is spread out and because the 13 root servers are the last
    resort for address searches, the attack had almost no effect on the
    Internet itself.
    
    http://news.com.com/2100-1001-963005.html 
    
    Net backbone comes under cyberattack
    http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_
    cyberattack+.shtml 
    
    Key Internet servers hit by attack
    http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm
    l
    
    Hackers' bid to cripple Internet fails 
    http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm 
    
    Root server DoS attack slows net
    http://www.theregister.co.uk/content/6/27731.html
    
    
    
    ------------------------------------------------------------------------
    'Information is the currency of victory on the battlefield.'
    GEN Gordon Sullivan, CSA (1993)
    ------------------------------------------------------------------------
    
    Wanja Eric Naef
    Principal Researcher
    IWS - The Information Warfare Site
    http://www.iwar.org.uk
    
    ------------------------------------------------------------------------
    Join the IWS Infocon Mailing List @
    http://www.iwar.org.uk/general/mailinglist.htm
    ------------------------------------------------------------------------
    
    
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private] On Behalf
    Of Jere Retzer
    Sent: 23 October 2002 16:41
    To: crime@private
    Subject: CRIME Attack on the Internet Core
    
    Apologies if this from SANS has gone out on the list already. It seems
    very significant:
     
    --22 October 2002  DDoS Attack Targets The Core of The Internet
    The thirteen root name servers, effectively the master directory
    for the Internet, were subjected to a large-scale distributed
    denial of service attack on Monday evening.  According to Internet
    Software Consortium Inc. Chairman Paul Vixie, only four withstood the
    attack. Redundancy designed into the Internet in the system allowed
    most traffic to get to its intended destination without delay.
    http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html
    [Editor's Note (Paller): The only way to stop such attacks is to fix
    the vulnerabilities on the machines that would ultimately get taken
    over and used to launch the attacks. There's no defense once the
    machines are under the attacker's control.  If organizations have not
    established vulnerability identification and remediation program for
    all their systems - even the "unimportant" ones - it won't be long
    before their foot dragging will subject them to economic liability
    and community contempt for their negligence.]
    



    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 11:10:15 PDT