Slashdot Mirror
DNS Root Servers Attacked
liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.
Um, so how many times a day do the root servers get attacked? No, wait, an hour, a minute... Like a ba-gillion? These things happen everyday, so what's new? It's not like they haven't figured out the whole failover/fault tolerance thing. You'd have to nuke 'em to get them to stop running.
They don't go into a lot of detail, but it's entirely possible that the bots in South Korea were, in fact, being controlled from somewhere else. I'd say that it's even *likely*.
Oh, you're not stuck, you're just unable to let go of the onion rings.
All that means is the Botnet was mostly infected computers from South Korea, given the penetration of broadband in that nation its not that surprising. And if it leads to the rest of the intrnet cutting off South Korea, that benefits the North.
Stupid little freaks.
You would think Slashdotters would at least understand this basic fact. *sigh*
While it's not exactly an entirely effective attack - resolving caches will, for the most part, insulate end-users from the effects for anywhere from a few hours to a few days - it could be simply an experiment. If you suppose that this was perpetrated by someone who is intent on causing mayhem, they could have been testing how well their attack would work, in order to plan a much larger one which would bring down *all* of the root name servers, and for long enough to really make people feel the squeeze.
It's a dumb, brute-force type of approach. A much, MUCH more effective way would be to simply find an appropriate flaw in IOS to exploit...
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Don't make the assumption that all DNS servers were attacked equally though.
And we all know how secure that is.
"Oh drat these computers, they're so naughty and so complex. I could pinch them."
Marvin the Martian
You suggest that the Department of Defense's nameserver is badly managed, making an argument by analogy concerning "large governmental organizations". Since you haven't provided a technical argument, your accusation has no merit. Your "distinct impression" is pure speculation.
But congratulations on getting everyone riled up.
Silly question. Why aren't there more root servers put into operation? (Honest question! I seriously don't know. Is it a technical limitation?)
- Almost a 100% windows monoculture (really), because they standardised on an ActiveX control for secure banking etc before SSL was standardised, and everything still needs it
- Dirt cheap, fast broadband
- Fairly rampant piracy, hence many unpatched machines
Put it together and you get botnet paradise.It's nice to think that, but I don't *entirely* agree with it.
Microsoft is an easy target, given the insanely large user-base. However, if those users suddenly switched to Linux, it's doubtful that their practices would stop - they'd still install whichever distribution looked the best, installed 134 unneeded services and enabled them all by default, open unsafe attachments, and never update their computer.
In every operating system I've seen yet, security is an inconvenience. While you and I think that the tradeoff is worth it, we will always be outnumbered by people who think that it isn't. People who log in as "Administrator" would just as quickly read their email and browse porn sites as "root". Sad, but true.
Oh, you're not stuck, you're just unable to let go of the onion rings.
One of Vista's features is the way that even if you log in with admin privileges, you don't actually have them until you jump through an extra hoop, and even then I think you only have them only as long as necessary. I'm sure that if it has been implemented correctly, it will certainly shorten the amount of self-hanging rope available to the average user.
I'm also sure that there are lots of people working on a hack to disable this right now. (I've not used Vista so I may be misinformed - there may be a way to disable it easily anyway?)
And even without that, enough people are gullible enough that if a web site says that to use the available features correctly you need to "follow these simple instructions", it will be done.
Sorry to burst your conspiracy theory, but data mining the root name servers would be next to useless. These are the Root name servers and as such all they know about are TLD (top level domains). You ask one of the roots "who is in charge of .com" or .edu or .uk, and they respond. The only data you could ever get from them is distribution among TLDs. Now add caching name servers into the equation (99.999999% of boxes on the internet are behind one) and the statistics becomes even more useless. The records returned by the roots have a lifetime of 2 days. This means it doesn't matter if there's 1 client or 1 million clients behind a particular caching name server, it's only going to ask about .com every 2 days.
>We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
And who's going to run that formalized structure? Hrm, maybe some "good individuals and organizations" would be willing to do it?