UltraDNS Targetted

kinetic · Nov 25, 2002, 09:26 PM

Attack targets .info domain system

By Robert Lemos
Staff Writer, CNET News.com
November 25, 2002, 1:12 PM PT

An Internet attack flooded domain name system provider UltraDNS with a deluge of data late last week, causing administrators to scramble to keep the servers that host .info and other domains up and running.
The assault sent nearly 2 million requests per second to each device connecting the network to the Internet--many times greater than normal--during the four hours of peak activity that hit the company early Thursday morning, said Ben Petro, CEO of UltraDNS.

"This is the largest attack that we've seen," Petro said. He stressed that it didn't affect the company's core domain name system (DNS) services, but administrators had to work fast to get the attack blocked by the backbone Internet companies from which UltraDNS gets its connectivity. "From a network management perspective, it certainly kept us on our toes," he said.

The attack comes almost exactly a month after a similar attack targeted the DNS root servers, the databases that hold the critical information computers need to maintain top-level domains. Such domains act as the white pages of the Internet, matching domain names with numerical Internet addresses.

Petro said that an investigation is most likely under way. However, the FBI and UltraDNS' own service providers, Verio and WorldCom's UUNet, were not immediately available for comment.

Investigators may have an extremely tough time locating the attackers, however. The flooding of networks, known as distributed denial-of-service attacks, is typically done using forged source addresses sent from servers compromised by the attackers before the actual assault, a double level of indirectness that is hard to crack.

With the recent trend of attacks moving from targeting company networks to targeting the infrastructure of the Internet itself, finding the attackers has become very important, Petro said.

"When you take down Amazon.com, it hurts Amazon," he said. "When you take down .com, .org and .net, you are affecting the gross domestic product; you are hurting the country."

UltraDNS, a member of the Internet Society, has been chosen as the primary DNS provider for the .org domain. In addition, UltraDNS acts as the primary provider for .info and for the top-level domains of Ireland, Luxembourg, Norway and nine other domains.

"The reality is that the attacks keep getting bigger, stronger and faster," Petro said. "Like terrorism, you don't know when they are going to strike and how they are going to strike. Until we are able to dedicate attention to these attacks, until we can follow these attacks to their end, we are all vulnerable."

Nov 25, 2002, 09:26 PM	#1
kinetic DriverHeaven Senior Member Join Date: May 2002 Location: Manchester England Posts: 2,559 Rep Power: 0	UltraDNS Targetted Attack targets .info domain system By Robert Lemos Staff Writer, CNET News.com November 25, 2002, 1:12 PM PT An Internet attack flooded domain name system provider UltraDNS with a deluge of data late last week, causing administrators to scramble to keep the servers that host .info and other domains up and running. The assault sent nearly 2 million requests per second to each device connecting the network to the Internet--many times greater than normal--during the four hours of peak activity that hit the company early Thursday morning, said Ben Petro, CEO of UltraDNS. "This is the largest attack that we've seen," Petro said. He stressed that it didn't affect the company's core domain name system (DNS) services, but administrators had to work fast to get the attack blocked by the backbone Internet companies from which UltraDNS gets its connectivity. "From a network management perspective, it certainly kept us on our toes," he said. The attack comes almost exactly a month after a similar attack targeted the DNS root servers, the databases that hold the critical information computers need to maintain top-level domains. Such domains act as the white pages of the Internet, matching domain names with numerical Internet addresses. Petro said that an investigation is most likely under way. However, the FBI and UltraDNS' own service providers, Verio and WorldCom's UUNet, were not immediately available for comment. Investigators may have an extremely tough time locating the attackers, however. The flooding of networks, known as distributed denial-of-service attacks, is typically done using forged source addresses sent from servers compromised by the attackers before the actual assault, a double level of indirectness that is hard to crack. With the recent trend of attacks moving from targeting company networks to targeting the infrastructure of the Internet itself, finding the attackers has become very important, Petro said. "When you take down Amazon.com, it hurts Amazon," he said. "When you take down .com, .org and .net, you are affecting the gross domestic product; you are hurting the country." UltraDNS, a member of the Internet Society, has been chosen as the primary DNS provider for the .org domain. In addition, UltraDNS acts as the primary provider for .info and for the top-level domains of Ireland, Luxembourg, Norway and nine other domains. "The reality is that the attacks keep getting bigger, stronger and faster," Petro said. "Like terrorism, you don't know when they are going to strike and how they are going to strike. Until we are able to dedicate attention to these attacks, until we can follow these attacks to their end, we are all vulnerable."