Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Root Servers Attacked

Posted by kdawson on from the flexing-muscles dept.

liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.

23 of 311 comments (clear)

  1. And...??? by Anonymous Coward · · Score: 4, Insightful

    Um, so how many times a day do the root servers get attacked? No, wait, an hour, a minute... Like a ba-gillion? These things happen everyday, so what's new? It's not like they haven't figured out the whole failover/fault tolerance thing. You'd have to nuke 'em to get them to stop running.

  2. and? by ReTay · · Score: 2, Insightful

    Is it just me or is going after servers that people expect up to 3 business days to update not the best way to go? You would have to sustain the attack for a long time for the average joe to notice.
    Not that I am complaining, one less bot net to worry about.
    Good thing that they apparently never heard of routers though.

    1. Re:and? by NerveGas · · Score: 4, Insightful

      While it's not exactly an entirely effective attack - resolving caches will, for the most part, insulate end-users from the effects for anywhere from a few hours to a few days - it could be simply an experiment. If you suppose that this was perpetrated by someone who is intent on causing mayhem, they could have been testing how well their attack would work, in order to plan a much larger one which would bring down *all* of the root name servers, and for long enough to really make people feel the squeeze.

      It's a dumb, brute-force type of approach. A much, MUCH more effective way would be to simply find an appropriate flaw in IOS to exploit...

      steve

      --
      Oh, you're not stuck, you're just unable to let go of the onion rings.
  3. Re:so a lot of it was from South Korea.... by NerveGas · · Score: 4, Insightful

    They don't go into a lot of detail, but it's entirely possible that the bots in South Korea were, in fact, being controlled from somewhere else. I'd say that it's even *likely*.

    --
    Oh, you're not stuck, you're just unable to let go of the onion rings.
  4. Re:so a lot of it was from South Korea.... by Anonymous Coward · · Score: 3, Insightful
    OK you South Korean Hackers...

    All that means is the Botnet was mostly infected computers from South Korea, given the penetration of broadband in that nation its not that surprising. And if it leads to the rest of the intrnet cutting off South Korea, that benefits the North.

    Stupid little freaks.

    You would think Slashdotters would at least understand this basic fact. *sigh*

  5. Re:so a lot of it was from South Korea.... by erbmjw · · Score: 4, Insightful
    Perhaps you and I are reading the article differently, is this the passage you are refering to?

    Experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.
    That doesn't say to me that the attack originated in South Korea, but rather that many computers in South Korea were being used as botnet zombies.
  6. Re:Spam by TheRaven64 · · Score: 2, Insightful

    Spam would only cause it if the addresses didn't end with commonly cached TLDs. On the other hand, I keep logging in to phishing sites with the email address yeah@nice.try, so maybe a lot of other people had similar ideas and someone tried to spam the list of harvested address without any sanity checking...

    --
    I am TheRaven on Soylent News
  7. Re:Why am I not surprised that Defense did poorly. by timeOday · · Score: 4, Insightful

    Don't make the assumption that all DNS servers were attacked equally though.

  8. Re:so a lot of it was from South Korea.... by WhyDoYouWantToKnow · · Score: 3, Insightful
    Not to mention that South Korea is shackled to Windows http://it.slashdot.org/article.pl?sid=07/01/26/145 5224.

    And we all know how secure that is.

    --
    "Oh drat these computers, they're so naughty and so complex. I could pinch them."
    Marvin the Martian
  9. Re:so a lot of it was from South Korea.... by Rithiur · · Score: 2, Insightful

    With the country's software locked to Windows and Internet explorer, is this honestly a big surprise?

  10. That's a pretty bold accusation by Flavio · · Score: 5, Insightful

    You suggest that the Department of Defense's nameserver is badly managed, making an argument by analogy concerning "large governmental organizations". Since you haven't provided a technical argument, your accusation has no merit. Your "distinct impression" is pure speculation.

    But congratulations on getting everyone riled up.

  11. More root servers? by TooMuchToDo · · Score: 4, Insightful

    Silly question. Why aren't there more root servers put into operation? (Honest question! I seriously don't know. Is it a technical limitation?)

  12. Ban all Microsoft Users from the Internet... by Marcion · · Score: 2, Insightful

    ...Botnet disabled, job done!

    --
    My little Linux and tech blog
    1. Re:Ban all Microsoft Users from the Internet... by NerveGas · · Score: 4, Insightful

      It's nice to think that, but I don't *entirely* agree with it.

      Microsoft is an easy target, given the insanely large user-base. However, if those users suddenly switched to Linux, it's doubtful that their practices would stop - they'd still install whichever distribution looked the best, installed 134 unneeded services and enabled them all by default, open unsafe attachments, and never update their computer.

      In every operating system I've seen yet, security is an inconvenience. While you and I think that the tradeoff is worth it, we will always be outnumbered by people who think that it isn't. People who log in as "Administrator" would just as quickly read their email and browse porn sites as "root". Sad, but true.

      --
      Oh, you're not stuck, you're just unable to let go of the onion rings.
    2. Re:Ban all Microsoft Users from the Internet... by jamesh · · Score: 4, Insightful

      In every operating system I've seen yet, security is an inconvenience.
      It's nice to read something occasionally not written by a zealot :)

      One of Vista's features is the way that even if you log in with admin privileges, you don't actually have them until you jump through an extra hoop, and even then I think you only have them only as long as necessary. I'm sure that if it has been implemented correctly, it will certainly shorten the amount of self-hanging rope available to the average user.

      I'm also sure that there are lots of people working on a hack to disable this right now. (I've not used Vista so I may be misinformed - there may be a way to disable it easily anyway?)

      And even without that, enough people are gullible enough that if a web site says that to use the available features correctly you need to "follow these simple instructions", it will be done.
    3. Re:Ban all Microsoft Users from the Internet... by Falladir · · Score: 2, Insightful

      Giving users "sudo" instead of "su" will help quite a lot, but you're right. It's tough to find a happy medium between too much notification (Vista) and not enough (XP).

    4. Re:Ban all Microsoft Users from the Internet... by skinfitz · · Score: 2, Insightful

      Ramen.

  13. Re:so a lot of it was from South Korea.... by Anonymous Coward · · Score: 5, Insightful
    South Korea has :
    1. Almost a 100% windows monoculture (really), because they standardised on an ActiveX control for secure banking etc before SSL was standardised, and everything still needs it
    2. Dirt cheap, fast broadband
    3. Fairly rampant piracy, hence many unpatched machines
    Put it together and you get botnet paradise.
  14. Re:130+ root servers by Thundersnatch · · Score: 2, Insightful

    Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.

    Wow, you have that entirely backwards. The last few thousand years have tought us that institutions generally suck at fulfilling the needs of the people. Monarchies, Feudalism, the Inquisition-era Catholic church, and Soviet Russia were all the biggest, most far-reaching institutions of their day.

    Thomas Jefferson and his cronies decided there was a better way. I agree with him, so I'll take a handful of determined, skilled, like-minded individuals over an "institution" a any day. I can guarantee you if all the root servers were in the control of an "institution", that institution would still be doing feasibility studies on anycast routing and crying for more money from the UN as they only way to prevent DDoS attacks.

  15. Re:130+ root servers by Rufus211 · · Score: 5, Insightful

    Sorry to burst your conspiracy theory, but data mining the root name servers would be next to useless. These are the Root name servers and as such all they know about are TLD (top level domains). You ask one of the roots "who is in charge of .com" or .edu or .uk, and they respond. The only data you could ever get from them is distribution among TLDs. Now add caching name servers into the equation (99.999999% of boxes on the internet are behind one) and the statistics becomes even more useless. The records returned by the roots have a lifetime of 2 days. This means it doesn't matter if there's 1 client or 1 million clients behind a particular caching name server, it's only going to ask about .com every 2 days.

    >We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
    And who's going to run that formalized structure? Hrm, maybe some "good individuals and organizations" would be willing to do it?

  16. Re:Visual Studio requires admin rights to run (OT) by saderax · · Score: 2, Insightful

    Come to think of it, I wouldn't even know how you'd write a program to access the registers or memory of a process, even a child process. Did read an article on how debug.com worked, but that was a long time ago... I'd imagine it has something to do with a software interrupt forcing a context switch. The newly running application (read debugger) could poll the kernel memory for the schedulers queue, and look for the copy of register data. I assume from the esp register you could probably recurse to the bottom of the stack and generate your call stack as well...

    Sounds like an interesting bit of code to write if you ask me...
  17. "Many of them" IS the redundancy. by Ungrounded+Lightning · · Score: 2, Insightful

    Several of the root servers do not have any redundancy.

    Having multiple root servers IS the redundancy - originally, and to some extent even now. Big-time redundancy within each one is just (really strong) suspenders to supplement the belt.

    A non-redundant root server is still useful - even if perhaps not always up and/or not capable of drinking as large a firehose of requests as some giant, geographically-diverse, multiple-cluster. All it takes is one response from one server to get your nameserver's search started.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  18. Re:Vandals and criminals by Anonymous Coward · · Score: 1, Insightful

    Nobody blames a homeowner when a thief kicks down their flimsy door and robs them, or a vandal rips up their mail and knocks down the letterbox.
    Nobody cares if your entire harddrive is erased by some nude-britney-spears .img.exe. People _would_ start blaming you if a group of criminals was entering your home, stayed there for months making loud music and trashing the neighbourhood, all because you refused to close and lock your doors.