Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Root Servers Attacked

Posted by kdawson on from the flexing-muscles dept.

liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.

17 of 311 comments (clear)

  1. Oh by Anonymous Coward · · Score: 5, Funny

    Oh!!! So that's what that button does.

  2. slashdotted by deopmix · · Score: 5, Funny

    It's fine they are just slashdotted, give it an hour or two and they will be running just fine again.

    1. Re:slashdotted by jrockway · · Score: 5, Funny

      > i didn't want to get bitched at by the grammar Nazi's.

      It's "I", not "i". It's "Nazis" not "Nazi's".

      This has been a public service announcement.

      --
      My other car is first.
  3. does that mean the internet is down? by skynare · · Score: 5, Funny

    i can still visit slashdot. i think my dell pc has a back up of the internet.

    1. Re:does that mean the internet is down? by Cow+Jones · · Score: 5, Funny

      i think my dell pc has a back up of the internet.

      Actually, backing up the internet is a very good idea, and it isn't hard to do at all:

      If you're using Windows, just drag and drop the internet (the blue "e" symbol) from your desktop onto your USB stick. Wait for the copying process to finish (with current Windows installations this will only take a few minutes). Next, confirm that you have successfully stored the internet: double-click the internet on your USB stick, and enter any address. Did it work all right? Congratulations! Now you can carry the whole web in your pocket, or give it to your friends as a gift.
      --

      Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
  4. Actually... by __aaclcg7560 · · Score: 5, Funny

    Some new botnet flexing its muscle perhaps.

    That was a test system for installing Windows Vista that someone forgot to unplug from the wall.

  5. Thank goodness... by kevin_conaway · · Score: 5, Funny

    ... for resolving caches.

  6. Re:Team name spelling their initals in the snow by geedra · · Score: 5, Funny

    In that case, it's GMILF. That's right, DNS is operated by a ring of hot grandmothers.

  7. move along, nothing to care about by Geekboy(Wizard) · · Score: 5, Informative

    the root servers are setup in such a way that *2/3* of them can fail, and noone would notice.

    [RFC2870]
          2.3 At any time, each server MUST be able to handle a load of
                  requests for root data which is three times the measured peak of
                  such requests on the most loaded server in then current normal
                  conditions. This is usually expressed in requests per second.
                  This is intended to ensure continued operation of root services
                  should two thirds of the servers be taken out of operation,
                  whether by intent, accident, or malice.

    1. Re:move along, nothing to care about by Feyr · · Score: 5, Interesting

      and consider that these so called "root servers" are actually several hundreds (thousands?) of servers, in different physical locations. i think i remember mr vixie saying F alone had around 200 machines

  8. Re:Of Course! by WhyDoYouWantToKnow · · Score: 5, Funny
    I'm sorry, I think you got that wrong.

    Try this MILF,G.
    Mom's I'd like to fuck, Giggidy giggidy giggidy.
    This attack was clearly perpetrated by none other than Glen Quagmire.

    --
    "Oh drat these computers, they're so naughty and so complex. I could pinch them."
    Marvin the Martian
  9. That's a pretty bold accusation by Flavio · · Score: 5, Insightful

    You suggest that the Department of Defense's nameserver is badly managed, making an argument by analogy concerning "large governmental organizations". Since you haven't provided a technical argument, your accusation has no merit. Your "distinct impression" is pure speculation.

    But congratulations on getting everyone riled up.

  10. Re:More root servers? by Yaksha42 · · Score: 5, Informative

    http://en.wikipedia.org/wiki/DNS_root_zone

    The root DNS servers are essential to the function of the Internet, as so many protocols use DNS, either directly or indirectly. They are potential points of failure for the entire Internet. For this reason, there are 13 named root servers worldwide. There are no more root servers because a single DNS reply can only be 512 bytes long; while it is possible to fit 15 root servers in a datagram of this size, the variable size of DNS packets makes it prudent to only have 13 root servers.

  11. Re:so a lot of it was from South Korea.... by Anonymous Coward · · Score: 5, Insightful
    South Korea has :
    1. Almost a 100% windows monoculture (really), because they standardised on an ActiveX control for secure banking etc before SSL was standardised, and everything still needs it
    2. Dirt cheap, fast broadband
    3. Fairly rampant piracy, hence many unpatched machines
    Put it together and you get botnet paradise.
  12. Re:130+ root servers by Rufus211 · · Score: 5, Insightful

    Sorry to burst your conspiracy theory, but data mining the root name servers would be next to useless. These are the Root name servers and as such all they know about are TLD (top level domains). You ask one of the roots "who is in charge of .com" or .edu or .uk, and they respond. The only data you could ever get from them is distribution among TLDs. Now add caching name servers into the equation (99.999999% of boxes on the internet are behind one) and the statistics becomes even more useless. The records returned by the roots have a lifetime of 2 days. This means it doesn't matter if there's 1 client or 1 million clients behind a particular caching name server, it's only going to ask about .com every 2 days.

    >We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
    And who's going to run that formalized structure? Hrm, maybe some "good individuals and organizations" would be willing to do it?

  13. Re:Ban all Microsoft Users from the Internet... by scatters · · Score: 5, Interesting

    Are you kidding? I've been using Vista since RTM on my main work system and the UAC prompts are enough to either:

    1: Drive one completely insane.
    2: Insensitize one to the point where one clicks 'Yes' on any dialog that pops up.
    3: Cause one to disable UAC prompting.

    Examples:
    You want to look at the event log... well you're gonna need some extra admin priviledges. Are you sure you want to look at the event log?

    You want to run visual studio 2005... that complains too. Would someone please explain to me WTF running an IDE requires admin fucking rights!

    Microsoft's approach of security by nagging the user to death is fundamentally flawed.

    I swear, if I hadn't turned of UAC prompting, there would be a craig's list posting right now for a slighty shot-gunned compy.

    --
    A One that isn't cold, is scarcely a One at all.
  14. Not anymore by Ungrounded+Lightning · · Score: 5, Informative

    Even nukes can't stop it! Or at least they shouldn't, since the internet was originally designed to run as a communications network in the event of a nuclear attack.

    And the primary design feature that enabled that was removed during the rise of the ISPs.

    The early internet was a NET. Redundant links everywhere. Routers all potentially knew the whole topology and could find a connection if it existed.

    As the net went commercial that caused a table explosion in the routers. So BGP replaced RIP and things became less robust. Usable routes became a subset of all possible routes. Within the backbone there was still a lot of redundancy - but it wasn't quite up to the former "find a path if it exists" level.

    Meanwhile, the typical host went from being something ad-hock connected to sever neighbors to being something connected solely to a single ISP - typically by a single link. The big guys might have redundant paths into their ISP's Network Operations Center. But if something took out the NOC (and often there was only one - or only one of some critical component) you were hosed. Ditto if something corrupted their databases. Even with redundant links there would only be a few, perhaps going through several single-points-of-failure - and if fully redundant still allowing a double-failure to take you down. The little guys would typically have one line (say DSL) to one box. Cut the line or crash the box - or the typically two links from it to the NOC - and you're hosed.

    (Perhaps you have a dialup-backup for your DSL. Did YOU configure it to come up automagically if your main link goes down? Is it on the same phone line with the DSL? If not, does it take a different path to the central office? Or is it right up the same cable bundle on the same poles next to the same road full of the same drunk drivers or in the same underground cable running past the same backhoe...)

    So the internet evolved from a nuclear-strike-survivable net to a less-robust net rooting a bunch of trees. Oops!

    (And that's just for routing the packets once you've GOT the IP number. Translating names to IP numbers is a whole separate can of worms: It's what the root servers are about - which is why there are so many of them, most of them are clusters, and some are clusters that are geographically diverse. You only need to hit ONE operational root server to get started on your translation - if your answer isn't cached somewhere between you and the root, and the list is small enough to keep handy on every machine that wants to do its own nameservice.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way