BleepingComputer.com: Hackers Target Global Dns Root Servers

This just goes to show how redundant the internet is... no one will ever be able to bring it down...

I just had a question... how do they actually do this? Is it like sending millions of e-mails to the server until it just can't receive anymore?

Most denial of service attacks are done by infecting peoples machine with infections called bots. These bots can then be issued commands all at once to send large amounts of packets to a particular place.

When you have 40K machines all sending packets at one ip address it can bring the server to its knees or use up all of the ISP's available bandwidth.

But don't they have some type of delay, where if more than y requests are sent to a server from the same IP address you'll have to wait x number of seconds? to prevent this?

I know you can do this on small corporate Cisco routers.

This post has been edited by yano: 12 February 2007 - 05:41 PM

If I understood properly...

But this can be overrun by sending example 40 000 packets from 40 000 different computer so 40 000 different IP addresses. It's just like if 40 000 people tried to log onto bleeping computer at the exact same time...

True. But you could create a small 1 second delay for x number of packets coming from each range.

Like
192.168.1.000 - 192.168.1.255 If more than 15 packets are sent at the exact same time wait 2 seconds.
or
192.168.1.000 - 192.168.255.255 If more than 500 packets are sent at the exact same time wait 5 seconds.

The DNS root servers are getting hit with tens of millions of requests per minute. In order to accomplish what you propose (a delay) a tally would need to be kept on each IP that hits the server. If it were only a few million a day, it might be conceivable, but you are talking billions (edit: More probably hundreds of billions) of requests a day. The net effect would be that it would slow down traffic as every packet would have to be checked to see if it was exceeding a quota. Even a simple page might have a dozen outside resources that make up a single page.

Small Cisco routers are not expected to handle that sort of traffic, therefore they can implement flood filtering.

Imagine if someone poured a glass of sugar cubes on your head. You might be able to look at all of the individual cubes and count them. Now imagine if someone dumped a lake on your head... would you be able to count the individual drops? I's a bit hard to imagine, but the scale of information that the root servers handle is unreal.

Ok. I didn't imagine how much data floats around on the internet. It is big, almost too big to control.

So moving on, maybe they should add another router. There are only 13 routers controlling the internet, maybe that is bad luck enough...

Lol your right about that one

But if I am correct there ake 13 DNS Root Servers but are they all in the same physical space. Like 123 DNS Road in Someplace, NY...

Like could terrosrist actualy bomb a building and then suddenly no more .com domains?

Actually there are more than 13 DNS Root Servers. Remember: each one of those servers have a backup-off site location that it transfers data to it almost in real-time. So, I would say that if 1 million people registered domains right now, and if something was to go bad with the server, approximately 10,000 or so domains would be lost. These are precautionary measures that have been in place since their creation. So technically, there are close to 30 DNS Root Servers. Maybe more.

But still, whoever is doing this seems to be misunderstanding something.... and that is..... if they crash the Internet, they, themselves won't be getting back on it either. It the same as playing Russian Rue let, but with this game, they have the gun fully loaded. So they'll lose, no matter how you look at it.

But if someone we're to technically be able to know where all the servers are and bomb them all simultaneously technically the internet would be no more??

Wasn't the internet built by the American Military?? Would that mean that the main internet framework would be in some kind of nuke proof bunker of some sort or something?

http://en.wikipedia.org/wiki/Root_nameserver

Quote

It would be incredibly difficult to crash the Internet. I would say it is impossible, but there is always that slim chance.

@klinkarro, ARPAnet was an endeavor of the Advanced Research Projects Agency, which although a government entity, I don't believe it was a military entity. And yes, technically speaking, if one could manage to bomb all of the root servers at the same time, it might bring down the Internet. I say might because although there are 13 root servers, they are merely the public face of a cluster of computers. It would be a bit like trying to kill a tree by cutting off a few leaves (If a tree could physically span the world). I am not saying it is impossible. There are some inherent issues with the DNS servers that could potentially be exploited.

@walkman, if someone were actually able to crash the Internet, it would demonstrate a remarkable knowledge of how things work..... no doubt certain nefarious nations have been trying to attempt that very thing, and it has not happened yet. Anyway, think of the bragging rights, which is why most people do crap like this anyway.

Some fun reading:
DNS FAQS
Locations of Root servers

From what I've known years ago, the military owns the Internet, either by creating it or buying out the creators. It was first used in 1945 - 1947. The sole purpose was to transmit images and other data quicker than the conventional means that were available. After such time, the soldiers were giving pornographic pictures that came quickly, and then they sent images back just as quick. Since then, the Internet has been coined to be so famous because it was used to send porno/nude pictures world-wide, in a matter of minutes or so. The Internet was then used to send letters, and all other data we know of today, that was back then.

I was reading also on the internet, (I forget the site), but the military (US Government) said that they want the Internet back because they rightfully own it. Those are their words. Also, in case any of you don't know this, the US Government is joined with ICAAN, the main squeeze over domain registrations. But the US Government says they own it. If I can find the post (if I bookmarked it), I'll post it so others can read it.

This is old information though, and from what I learned about the Internet, the US Government has the rights to it. But I don't agree with it either.

So,, the bottom line?...... watch, and you'll all see that the US Government will have some involvement in controlling the Internet because of this incident.... and it wouldn't surprise me if they, themselves are the actual culprits behind this current event of trying to crash the internet.

Maybe they're testing the crashability of it, but when it failed, blamed it on a Patsy (fall guy).

Who knows? Either way it goes, I'm already prepared for it, and mainly because I have always expected it to happen... probably sooner than we think.

This post has been edited by Walkman: 12 February 2007 - 11:12 PM

There are also more than 13 servers. When they say there are 13 root servers, they don't mean 13 individual servers resolving the entire Internet.

Think of each root server as an entity that can consist of many different servers clustered to act as one.