 Hackers Target Global Dns Root Servers |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post. - BleepingComputer Management |
  |
 Feb 7 2007, 08:19 AM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3  |
 On Tuesday, hackers targetted 3 of the 13 DNS root servers in an effort to disrupt global Internet traffic.DNS root servers manage the traffic for the various domain extensions like org, com, net etc. If these servers are brought offline then people would not be able to access domains that end with the suffix managed by the affected servers. It appears that the hackers targeted UltraDNS, the company that manages the servers for the .org domain. Though the hackers disguised their origin, a large amount of the attack traffic appears to be originating from south Korea. -------------------- Lawrence
|
 |
 
|
Link: |
Feb 9 2007, 06:34 PM
Post
#2
|
|
 Forum Addict Group: Members Posts: 1,137 Joined: 20-February 05 From: Quebec, Canada Member No.: 12,556 |
This just goes to show how redundant the internet is... no one will ever be able to bring it down...
I just had a question... how do they actually do this? Is it like sending millions of e-mails to the server until it just can't receive anymore? -------------------- "A kiss is just a kiss until you find the one you love. A hug is just a hug until you find the one your always thinking of. A dream is just a dream until it comes true. Love is just a word until its proven to you."
|
|
|
|
|
Feb 9 2007, 09:40 PM
Post
#3
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
Most denial of service attacks are done by infecting peoples machine with infections called bots. These bots can then be issued commands all at once to send large amounts of packets to a particular place.
When you have 40K machines all sending packets at one ip address it can bring the server to its knees or use up all of the ISP's available bandwidth. -------------------- Lawrence
|
|
|
|
|
Feb 12 2007, 05:41 PM
Post
#4
|
|
 I can see what you post! Group: Members Posts: 6,374 Joined: 14-February 05 Member No.: 12,053 |
But don't they have some type of delay, where if more than y requests are sent to a server from the same IP address you'll have to wait x number of seconds? to prevent this?
I know you can do this on small corporate Cisco routers. This post has been edited by yano: Feb 12 2007, 05:41 PM -------------------- |
|
|
|
|
Feb 12 2007, 05:48 PM
Post
#5
|
|
|
Forum Addict Group: Members Posts: 1,137 Joined: 20-February 05 From: Quebec, Canada Member No.: 12,556 |
If I understood properly...
But this can be overrun by sending example 40 000 packets from 40 000 different computer so 40 000 different IP addresses. It's just like if 40 000 people tried to log onto bleeping computer at the exact same time... -------------------- "A kiss is just a kiss until you find the one you love. A hug is just a hug until you find the one your always thinking of. A dream is just a dream until it comes true. Love is just a word until its proven to you."
|
|
|
|
|
Feb 12 2007, 05:51 PM
Post
#6
|
|
|
I can see what you post! Group: Members Posts: 6,374 Joined: 14-February 05 Member No.: 12,053 |
True. But you could create a small 1 second delay for x number of packets coming from each range.
Like 192.168.1.000 - 192.168.1.255 If more than 15 packets are sent at the exact same time wait 2 seconds. or 192.168.1.000 - 192.168.255.255 If more than 500 packets are sent at the exact same time wait 5 seconds. -------------------- |
|
|
|
|
Feb 12 2007, 05:54 PM
Post
#7
|
|
 Hail Groovicus! Group: Site Admin Posts: 6,215 Joined: 5-June 04 From: Vermillion, SD Member No.: 689 |
The DNS root servers are getting hit with tens of millions of requests per minute. In order to accomplish what you propose (a delay) a tally would need to be kept on each IP that hits the server. If it were only a few million a day, it might be conceivable, but you are talking billions (edit: More probably hundreds of billions) of requests a day. The net effect would be that it would slow down traffic as every packet would have to be checked to see if it was exceeding a quota. Even a simple page might have a dozen outside resources that make up a single page.
Small Cisco routers are not expected to handle that sort of traffic, therefore they can implement flood filtering. Imagine if someone poured a glass of sugar cubes on your head. You might be able to look at all of the individual cubes and count them. Now imagine if someone dumped a lake on your head... would you be able to count the individual drops? I's a bit hard to imagine, but the scale of information that the root servers handle is unreal. -------------------- |
|
|
|
|
Feb 12 2007, 05:57 PM
Post
#8
|
|
|
I can see what you post! Group: Members Posts: 6,374 Joined: 14-February 05 Member No.: 12,053 |
Ok. I didn't imagine how much data floats around on the internet. It is big, almost too big to control.
So moving on, maybe they should add another router. There are only 13 routers controlling the internet, maybe that is bad luck enough... 
-------------------- |
|
|
|
|
Feb 12 2007, 07:53 PM
Post
#9
|
|
|
Forum Addict Group: Members Posts: 1,137 Joined: 20-February 05 From: Quebec, Canada Member No.: 12,556 |
Lol your right about that one
But if I am correct there ake 13 DNS Root Servers but are they all in the same physical space. Like 123 DNS Road in Someplace, NY... Like could terrosrist actualy bomb a building and then suddenly no more .com domains? -------------------- "A kiss is just a kiss until you find the one you love. A hug is just a hug until you find the one your always thinking of. A dream is just a dream until it comes true. Love is just a word until its proven to you."
|
|
|
|
|
Feb 12 2007, 08:56 PM
Post
#10
|
|
 Forum Addict  Group: Banned Posts: 1,327 Joined: 18-October 06 From: Planet Earth Member No.: 90,873 |
Actually there are more than 13 DNS Root Servers. Remember: each one of those servers have a backup-off site location that it transfers data to it almost in real-time. So, I would say that if 1 million people registered domains right now, and if something was to go bad with the server, approximately 10,000 or so domains would be lost. These are precautionary measures that have been in place since their creation. So technically, there are close to 30 DNS Root Servers. Maybe more.
But still, whoever is doing this seems to be misunderstanding something.... and that is..... if they crash the Internet, they, themselves won't be getting back on it either. It the same as playing Russian Rue let, but with this game, they have the gun fully loaded. So they'll lose, no matter how you look at it. -------------------- Walkman
One Man's Opinion "What I didn't know yesterday, I know today, and I'll remember it tomorrow" by Walkman |
|
|
|
|
Feb 12 2007, 09:04 PM
Post
#11
|
|
|
Forum Addict Group: Members Posts: 1,137 Joined: 20-February 05 From: Quebec, Canada Member No.: 12,556 |
But if someone we're to technically be able to know where all the servers are and bomb them all simultaneously technically the internet would be no more??
Wasn't the internet built by the American Military?? Would that mean that the main internet framework would be in some kind of nuke proof bunker of some sort or something? -------------------- "A kiss is just a kiss until you find the one you love. A hug is just a hug until you find the one your always thinking of. A dream is just a dream until it comes true. Love is just a word until its proven to you."
|
|
|
|
|
Feb 12 2007, 09:27 PM
Post
#12
|
|
|
I can see what you post! Group: Members Posts: 6,374 Joined: 14-February 05 Member No.: 12,053 |
http://en.wikipedia.org/wiki/Root_nameserver
QUOTE No more names can be used because of protocol limitations - UDP packet can only carry 512 bytes reliably and a hint file with more than 13 servers would be larger than 512 bytes - but the C, F, I, J, K and M servers now exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States.
-------------------- |
|
|
|
|
Feb 12 2007, 09:40 PM
Post
#13
|
|
|
Hail Groovicus! Group: Site Admin Posts: 6,215 Joined: 5-June 04 From: Vermillion, SD Member No.: 689 |
It would be incredibly difficult to crash the Internet. I would say it is impossible, but there is always that slim chance.
@klinkarro, ARPAnet was an endeavor of the Advanced Research Projects Agency, which although a government entity, I don't believe it was a military entity. And yes, technically speaking, if one could manage to bomb all of the root servers at the same time, it might bring down the Internet. I say might because although there are 13 root servers, they are merely the public face of a cluster of computers. It would be a bit like trying to kill a tree by cutting off a few leaves (If a tree could physically span the world). I am not saying it is impossible. There are some inherent issues with the DNS servers that could potentially be exploited. @walkman, if someone were actually able to crash the Internet, it would demonstrate a remarkable knowledge of how things work..... no doubt certain nefarious nations have been trying to attempt that very thing, and it has not happened yet. Anyway, think of the bragging rights, which is why most people do crap like this anyway. Some fun reading: DNS FAQS Locations of Root servers -------------------- |
|
|
|
|
Feb 12 2007, 11:05 PM
Post
#14
|
|
|
Forum Addict Group: Banned Posts: 1,327 Joined: 18-October 06 From: Planet Earth Member No.: 90,873 |
From what I've known years ago, the military owns the Internet, either by creating it or buying out the creators. It was first used in 1945 - 1947. The sole purpose was to transmit images and other data quicker than the conventional means that were available. After such time, the soldiers were giving pornographic pictures that came quickly, and then they sent images back just as quick. Since then, the Internet has been coined to be so famous because it was used to send porno/nude pictures world-wide, in a matter of minutes or so. The Internet was then used to send letters, and all other data we know of today, that was back then.
I was reading also on the internet, (I forget the site), but the military (US Government) said that they want the Internet back because they rightfully own it. Those are their words. Also, in case any of you don't know this, the US Government is joined with ICAAN, the main squeeze over domain registrations. But the US Government says they own it. If I can find the post (if I bookmarked it), I'll post it so others can read it. This is old information though, and from what I learned about the Internet, the US Government has the rights to it. But I don't agree with it either. So,, the bottom line?...... watch, and you'll all see that the US Government will have some involvement in controlling the Internet because of this incident.... and it wouldn't surprise me if they, themselves are the actual culprits behind this current event of trying to crash the internet. Maybe they're testing the crashability of it, but when it failed, blamed it on a Patsy (fall guy). Who knows? Either way it goes, I'm already prepared for it, and mainly because I have always expected it to happen... probably sooner than we think. This post has been edited by Walkman: Feb 12 2007, 11:12 PM -------------------- Walkman
One Man's Opinion "What I didn't know yesterday, I know today, and I'll remember it tomorrow" by Walkman |
|
|
|
|
Feb 13 2007, 10:53 AM
Post
#15
|
|
|
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3 |
There are also more than 13 servers. When they say there are 13 root servers, they don't mean 13 individual servers resolving the entire Internet.
Think of each root server as an entity that can consist of many different servers clustered to act as one. -------------------- Lawrence
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2008 - 08:34 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.