Last week, Akamai's DNS servers were DDoS targets that slowed large customer sites. The attacks are still being investigated and reveal a higher degree of sophistication than seen in the past.
Akamai Attack Reveals Increased Sophisticationhttp://www.computerworld.com/printthis/200...4,93977,00.html
An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause. The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said. Several major customers of Akamai's DNS hosting services, including Microsoft Corp., Yahoo Inc. and Google Inc., suffered brief but severe Web performance slowdowns on June 15 as a result of a large-scale attack on Akamai's DNS servers. Keynote Systems Inc., a San Mateo, Calif.-based third-party Web site performance measurement firm, said that in some cases, availability of affected sites dropped to nearly zero for a brief period.
"Akamai is not a two-bit operation. These guys are designed to stay up. They are huge and well distributed, so it doesn't add up," said Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. in Mountain View, Calif. "My guess is that it [was] some kind of an internal failure within Akamai or maybe a targeted attack against them by someone with insider knowledge and access."
Moreover, there was no suspicious Internet traffic or DNS patterns to suggest that such a massive and distributed attack had taken place, said Craig Labovitz, director of network architecture at Arbor Networks Inc., a Lexington, Mass., provider of DoS mitigation technologies. Arbor's network monitoring tools are installed on several carrier networks around the world. In any case, the event was marked by being a step beyond "simple bandwidth attacks" on individual Web sites to more sophisticated targeting of core upstream Internet routers, DNS servers and bandwidth bottlenecks, according to Labovitz.
"It's a fairly scary escalation," Labovitz said. "What we are seeing is a shift away from completely brain-dead attackers to folks who know a little bit about the network topology, trace routes and about where the DNS might live" on a network, he said.