Hackers attack heart of the net

[marcode]

Hackers have attempted to topple key parts of the internet's backbone, in one of the most significant attacks of recent years.

The target was servers that help to direct global internet traffic.

In the early hours of Tuesday three key servers were hit by a barrage of data in what is known as a distributed denial-of-service attack.

There is no evidence so far of damage, which experts are saying is testament to the robust nature of the internet.

Websites unreachable

The so-called root servers involved in the attack act as a kind of global address book for the internet by translating website name information into IP addresses to enable computers to visit particular sites.

The servers involved were each operated by a separate body - the US Defense Department, the net's oversight body ICANN (Internet Corporation for Assigned Names and Numbers) and UltraDNS, which manages traffic for websites ending in "org" and some other suffixes.

"Last night we were seeing attacks which lasted for a couple of hours. There were probably hundreds of root server operators co-operating around the globe to make sure that the average user wouldn't notice," said Paul Levins, executive officer of Icann.

The fact that the attack remained invisible to users is being hailed as a success.

"The most interesting element of this concerted attack is that the system demonstrated the benefits of being dispersed and interoperable. There was no one point of failure," said Mr Levins.

The type of attack favoured in this case involves floods of data being sent to a machine in an effort to knock it over.

"A denial-of-service attack is a bit like fourteen fat men trying to get into an elevator - nothing can move," explained Graham Cluley, senior consultant at security firm Sophos.

If a part of the DNS system went down it would mean websites could be unreachable and e-mail undeliverable.

Research last year suggested that holes in the net's addressing system could leave 85% of the net vulnerable to take over if hackers combined simple attacks with denial-of-service attacks.

Mischief or money?

The fact that the attack remained invisible to users will be seen as evidence that the heart of the net can be kept healthy.

It was, said Mr Levin, too early to analyse exactly what happened or why; although there is speculation that zombie computers - the machines of innocent users which are recruited by hackers - were involved in the attack.

Whether the motive was mischief or money - in the form of blackmail - remains to be seen but Mr Cluley believes it is more likely to be the former.

"If money is involved there is a trail for investigators to follow. Attacking a target like this is just asking for trouble - like letting a huge bomb off in a building," he said.

http://news.bbc.co.uk/1/hi/technology/6338261.stm

[marcode]

Hackers Attack Root Servers

By Raju Shanbhag
TMCnet Contributing Editor

In what is being termed as the worst hacker attack since the October 2002 distributed denial of service (DDOS) attack, hackers had a field day as they launched an unusually powerful attack and disrupted service on at least three of the 13 “root” servers that are used to direct traffic on the Internet. The attack began on Tuesday at about 5:30 a.m. Eastern Time and lasted as long as 12 hours.

Although hackers tried to disguise their origin, vast amounts of rogue data in the attacks have been traced to South Korea. The attack appeared to have been launched by a group of compromised PCs, which is called botnet.

Even though the attack lasted for more than 12 hours, average Internet users barely noticed any changes. But the attack made an impact at the deeper level as leading Internet security experts battled online to save some of the Internet’s most vital pipelines as the enormous volumes of data sent by the hackers threatened to saturate these pipelines. This resulted in two of the root servers suffering badly although they did not crash completely. Some other servers too experienced heavy traffic. The two hardest hit servers belong to the U.S. Department of Defense and ICANN. These servers were jammed with useless requests, causing them to hang occasionally. By 10:30 a.m. Eastern Time, Internet service providers successfully filtered enough of the traffic from the infected machines and the traffic was back to normal.

The attacks also targeted UltraDNS, the company that manages the servers, which manage traffic for Web sites ending in “org” and some other suffixes. In general, DNS servers locate Internet domain names and translate them into Internet Protocol (IP) addresses.

Compared to the previous DDOS attacks, this attack wasn’t as serious. While the bandwidth of the previous attacks had to be measured in gigabytes, bandwidth of this attack can be measured in megabytes, indicating that the volume of requests is not large. Also, the technology innovations in recent years have managed to distribute excessive workloads on the servers to other servers and prevent crashing. It was a small attack, but focused mainly on root servers.

The motive of the attack was not very clear. In the past servers have been ‘hijacked’ or attacked and demands have been made for money. Some hackers attacked servers for political reasons. But this attack seems to have no such purpose. Some experts feel that the purpose of this attack was just show off.

http://www.tmcnet.com/news/2007/02/07/2322115.htm

[ian_jedi]

"A denial-of-service attack is a bit like fourteen fat men trying to get into an elevator - nothing can move," explained Graham Cluley, senior consultant at security firm Sophos.

there just going to have to eat more pies next time, or be like Homer Simpson when he got stuck in the water slide

[CzarJunkie]

I quite like the anarchic nature of these kind of DDoS attacks, although it seems to have failed miserably. It's the fucking East European and Russian mobsters who do it to blackmail banks and payment providers that makes my piss boil.........