http://www.internettrafficreport.com/7day.htm fun location that seems to confirm that fact -----Original Message----- From: Wanja Eric Naef [IWS] [mailto:w.naef@private] Sent: Wednesday, October 23, 2002 9:35 AM To: crime@private Subject: RE: CRIME Attack on the Internet Core It is not as bad as it sounds as the attackers did really not achieve anything (apart from creating a media frenzy and making hosts of root servers improve their security). WEN From today's Infocon: _________________________________________________________________ News _________________________________________________________________ (It is very difficult to attack such systems as there are too many redundancies. Such an attack would only have a chance of success if it lasted for a long time as other DNS servers would then be unable to update their lists. What I am interested in is to know what would happen if the US decided to cut off some countries and removed their domains from the root DNS, would there be an impact? Does anyone know? WEN) '... Still, the results were not severe. According to Matrix NetSystems, the peak of the attack saw the average reachability for the entire DNS network dropped only to 94 percent from its normal levels near 100 percent. ...' [1] Attack on Net servers fails By Robert Lemos Staff Writer, CNET News.com October 22, 2002, 7:40 PM PT An attempt to cripple the computers that serve as the address books for the Internet failed Monday. The so-called distributed denial-of-service attack leveled a barrage of data at the 13 domain-name service root servers beginning around 1 p.m. PDT Monday and apparently is ongoing, according to Internet performance measurement company Matrix NetSystems. Traffic from several Internet service providers have been slightly delayed, but because the domain name system is spread out and because the 13 root servers are the last resort for address searches, the attack had almost no effect on the Internet itself. http://news.com.com/2100-1001-963005.html Net backbone comes under cyberattack http://www.boston.com/dailyglobe2/296/business/Net_backbone_comes_under_ cyberattack+.shtml Key Internet servers hit by attack http://www.cnn.com/2002/TECH/internet/10/23/internet.attack.ap/index.htm l Hackers' bid to cripple Internet fails http://www.abc.net.au/news/scitech/2002/10/item20021023130601_1.htm Root server DoS attack slows net http://www.theregister.co.uk/content/6/27731.html ------------------------------------------------------------------------ 'Information is the currency of victory on the battlefield.' GEN Gordon Sullivan, CSA (1993) ------------------------------------------------------------------------ Wanja Eric Naef Principal Researcher IWS - The Information Warfare Site http://www.iwar.org.uk ------------------------------------------------------------------------ Join the IWS Infocon Mailing List @ http://www.iwar.org.uk/general/mailinglist.htm ------------------------------------------------------------------------ -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Jere Retzer Sent: 23 October 2002 16:41 To: crime@private Subject: CRIME Attack on the Internet Core Apologies if this from SANS has gone out on the list already. It seems very significant: --22 October 2002 DDoS Attack Targets The Core of The Internet The thirteen root name servers, effectively the master directory for the Internet, were subjected to a large-scale distributed denial of service attack on Monday evening. According to Internet Software Consortium Inc. Chairman Paul Vixie, only four withstood the attack. Redundancy designed into the Internet in the system allowed most traffic to get to its intended destination without delay. http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html [Editor's Note (Paller): The only way to stop such attacks is to fix the vulnerabilities on the machines that would ultimately get taken over and used to launch the attacks. There's no defense once the machines are under the attacker's control. If organizations have not established vulnerability identification and remediation program for all their systems - even the "unimportant" ones - it won't be long before their foot dragging will subject them to economic liability and community contempt for their negligence.]
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 11:10:15 PDT