Attacks against the Injternet

Robert E. Seastrom rs at seastrom.com
Tue Feb 13 21:13:36 CST 2007


I was at the NANOG conference in Toronto while this was happening.

It was considered a "big yawn" by most people present, and "a bit of a
pain in the butt, but tenable" by the folks directly in the line of
fire.  Lightning talk presented on Wednesday by Dave Knight of ISC is
here:  http://www.nanog.org/mtg-0702/presentations/knight.pdf

                                        ---rob


Andre Kesteloot <andre.kesteloot at verizon.net> writes:

> Extract from the AFIO Bulletin dated 12 Feb
> [[MAJOR INTERNET ATTACK OCCURS ON 4TH ANNIVERSARY OF "SAFER INTERNET DAY"]]
> Although you may not have noticed- which is a testament to the resiliency of
> the Internet- there was a major attack last Tuesday on 13 of the "root
> servers" that drive the Information Superhighway. While the rest of the world
> was celebrating the 4th anniversary of "Safer Internet Day" (okay, maybe not),
> the technologist responsible for securing the infrastructure of the Internet
> were battling one of the worst attacks since a similar occurrence in
> 2002. Details of the attack haven't been released yet. What is known is that
> at approximately 7 PM EST, 13 of the Internet's "root servers"- the computers
> that provide the primary roadmap for nearly all Internet communications- came
> under "sustained and heavy attack" by a network work of remote controlled
> zombie computers. You may recall that an earlier issue of WINs [[[WINs
> #01-07]]] warned of the dangers from cyber attackers enslaving personal
> computers to become zombies in a "botnet" that the attacker can then
> control. The massive botnet in this case was programmed to try to overwhelm
> the root servers with huge amounts of data. One of the servers targeted was
> controlled by the Department of Defense Network Information Center, and there
> is also evidence that the servers that manage the .org and .uk top level
> domains were hit. Although the perpetrators of the attack are still unknown,
> the majority of the computers used in the attack were located in South Korea,
> China and the United States. Thirteen percent of the botnet was located in San
> Francisco where the annual RSA Security Conference was being held. Paul
> Levins, vice president of the Internet Corporation for Assigned Names and
> Numbers (ICANN) -- the entity charged with, among other tasks, coordinating
> responses among root server providers in such attacks - said it would be a
> week or more before meaning details of the attack were known. This attack
> highlights two points about the Internet- first, personal computers are far
> too unsecured and easily commandeered, and second, the Internet is extremely
> resilient- so much so that nary a person noticed a major attack on its
> infrastructure.  [[[WashPost]] 8Feb07/Krebs]
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> http://www.amrad.org/mailman/listinfo/tacos


More information about the Tacos mailing list