Massive DNS root server attack [Update]

Looks like someone is flexing the muscles to see how many the DNS root servers can take. This screenshot is from the ripe status page of the root servers:

DNS Root Server Attack - Overview

As you can see only two root servers, G (US department of defense) and L (ICANN) are really hit by this attack, here is a screenshot of L:

DNS Root Server Attack - Server L

The others do not seem to have any problems.

I wonder what the attackers want, why they are launching these attacks. Some people said that could be a test run,l but for what? Blackmailing?

Update
Wired News also has a cover of that story, reporting that the attack may be aimed at UltraDNS, a company that manages server loads on .org servers. We’ll see if they get a grip on some real suspect. Slashdot read my submission and has the story also. Quite some funny comments there.🙂

2 thoughts on “Massive DNS root server attack [Update]”

  1. I got a mail from ISC mailing list giving a more information. ISC runs the F root server (which is not composed of only one server as you will see).

    ———–

    This communication is intended for anyone interested in more information
    on the DDoS attack of last week.

    As you are probably aware, there was an attack on several of the root
    nameservers early Tuesday morning of last week. ISC operates
    f.root.servers.net (F-root), one of the 13 root nameservers that was
    targeted. The attack was a ‘distributed denial of service’ (DDoS)
    attack, in which attackers tried to disable root DNS service by
    overwhelming the network paths to the root servers with malicious
    packets meant to pass as legitimate DNS traffic. Overall, root name
    service as provided by F-root was not compromised. The distributed
    F-root architecture includes a mix of global and local anycast nodes.
    The global nodes and the local Asian nodes showed some degradation
    during the first two hours, but others were unaffected. David Knight, of
    ISC’s Operations group, made a brief presentation at the North American
    Network Operators’ Group (NANOG) conference the next morning. The
    slides, which include some technical detail on the attack, can be found
    at: http://www.nanog.org/mtg-0702/presentations/knight.pdf

    ISC began using anycast in a single location in 1998. Wider deployment
    began in Madrid in 2002. We’re pleased to report that anycast worked
    just as expected. Anycast deployment helped counter this attack by
    fragmenting it into smaller pieces that were easier to deal with, as
    well as isolating the effects into the area of greatest concentration of
    sources of the attack. This left other regions far from the sources with
    a completely unaltered service. Overall, the increase in aggregated
    network bandwidth, CPU power and service capacity helped make this
    attack non-disruptive for the Internet at large.

    (…)
    ——-
    I cut the message here as the rest is mostly commercial stuff

Comments are closed.