Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers Target Global Dns Root Servers


  • Please log in to reply
16 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:06 AM

Posted 07 February 2007 - 08:19 AM

On Tuesday, hackers targetted 3 of the 13 DNS root servers in an effort to disrupt global Internet traffic. DNS root servers manage the traffic for the various domain extensions like org, com, net etc. If these servers are brought offline then people would not be able to access domains that end with the suffix managed by the affected servers. It appears that the hackers targeted UltraDNS, the company that manages the servers for the .org domain. Though the hackers disguised their origin, a large amount of the attack traffic appears to be originating from south Korea.

BC AdBot (Login to Remove)

 


#2 Klinkaroo

Klinkaroo

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:06 AM

Posted 09 February 2007 - 06:34 PM

This just goes to show how redundant the internet is... no one will ever be able to bring it down...

I just had a question... how do they actually do this? Is it like sending millions of e-mails to the server until it just can't receive anymore?

#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:06 AM

Posted 09 February 2007 - 09:40 PM

Most denial of service attacks are done by infecting peoples machine with infections called bots. These bots can then be issued commands all at once to send large amounts of packets to a particular place.

When you have 40K machines all sending packets at one ip address it can bring the server to its knees or use up all of the ISP's available bandwidth.

#4 yano

yano

    I can see what you post!


  • Members
  • 6,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 05:41 PM

But don't they have some type of delay, where if more than y requests are sent to a server from the same IP address you'll have to wait x number of seconds? to prevent this?

I know you can do this on small corporate Cisco routers.

Edited by yano, 12 February 2007 - 05:41 PM.


#5 Klinkaroo

Klinkaroo

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:06 AM

Posted 12 February 2007 - 05:48 PM

If I understood properly...

But this can be overrun by sending example 40 000 packets from 40 000 different computer so 40 000 different IP addresses. It's just like if 40 000 people tried to log onto bleeping computer at the exact same time...

#6 yano

yano

    I can see what you post!


  • Members
  • 6,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 05:51 PM

True. But you could create a small 1 second delay for x number of packets coming from each range.

Like
192.168.1.000 - 192.168.1.255 If more than 15 packets are sent at the exact same time wait 2 seconds.
or
192.168.1.000 - 192.168.255.255 If more than 500 packets are sent at the exact same time wait 5 seconds.

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:06 AM

Posted 12 February 2007 - 05:54 PM

The DNS root servers are getting hit with tens of millions of requests per minute. In order to accomplish what you propose (a delay) a tally would need to be kept on each IP that hits the server. If it were only a few million a day, it might be conceivable, but you are talking billions (edit: More probably hundreds of billions) of requests a day. The net effect would be that it would slow down traffic as every packet would have to be checked to see if it was exceeding a quota. Even a simple page might have a dozen outside resources that make up a single page.

Small Cisco routers are not expected to handle that sort of traffic, therefore they can implement flood filtering.

Imagine if someone poured a glass of sugar cubes on your head. You might be able to look at all of the individual cubes and count them. Now imagine if someone dumped a lake on your head... would you be able to count the individual drops? I's a bit hard to imagine, but the scale of information that the root servers handle is unreal.

#8 yano

yano

    I can see what you post!


  • Members
  • 6,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 05:57 PM

Ok. I didn't imagine how much data floats around on the internet. It is big, almost too big to control.

So moving on, maybe they should add another router. There are only 13 routers controlling the internet, maybe that is bad luck enough... :thumbsup:

#9 Klinkaroo

Klinkaroo

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:06 AM

Posted 12 February 2007 - 07:53 PM

Lol your right about that one :thumbsup:

But if I am correct there ake 13 DNS Root Servers but are they all in the same physical space. Like 123 DNS Road in Someplace, NY...

Like could terrosrist actualy bomb a building and then suddenly no more .com domains?

#10 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 08:56 PM

Actually there are more than 13 DNS Root Servers. Remember: each one of those servers have a backup-off site location that it transfers data to it almost in real-time. So, I would say that if 1 million people registered domains right now, and if something was to go bad with the server, approximately 10,000 or so domains would be lost. These are precautionary measures that have been in place since their creation. So technically, there are close to 30 DNS Root Servers. Maybe more.

But still, whoever is doing this seems to be misunderstanding something.... and that is..... if they crash the Internet, they, themselves won't be getting back on it either. It the same as playing Russian Rue let, but with this game, they have the gun fully loaded. So they'll lose, no matter how you look at it.

#11 Klinkaroo

Klinkaroo

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:03:06 AM

Posted 12 February 2007 - 09:04 PM

But if someone we're to technically be able to know where all the servers are and bomb them all simultaneously technically the internet would be no more??

Wasn't the internet built by the American Military?? Would that mean that the main internet framework would be in some kind of nuke proof bunker of some sort or something?

#12 yano

yano

    I can see what you post!


  • Members
  • 6,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 09:27 PM

http://en.wikipedia.org/wiki/Root_nameserver

No more names can be used because of protocol limitations - UDP packet can only carry 512 bytes reliably and a hint file with more than 13 servers would be larger than 512 bytes - but the C, F, I, J, K and M servers now exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States.



#13 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:05:06 AM

Posted 12 February 2007 - 09:40 PM

It would be incredibly difficult to crash the Internet. I would say it is impossible, but there is always that slim chance.

@klinkarro, ARPAnet was an endeavor of the Advanced Research Projects Agency, which although a government entity, I don't believe it was a military entity. And yes, technically speaking, if one could manage to bomb all of the root servers at the same time, it might bring down the Internet. I say might because although there are 13 root servers, they are merely the public face of a cluster of computers. It would be a bit like trying to kill a tree by cutting off a few leaves (If a tree could physically span the world). I am not saying it is impossible. There are some inherent issues with the DNS servers that could potentially be exploited.

@walkman, if someone were actually able to crash the Internet, it would demonstrate a remarkable knowledge of how things work..... no doubt certain nefarious nations have been trying to attempt that very thing, and it has not happened yet. Anyway, think of the bragging rights, which is why most people do crap like this anyway.

Some fun reading:
DNS FAQS
Locations of Root servers

#14 Walkman

Walkman

  • Banned
  • 1,327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:06 AM

Posted 12 February 2007 - 11:05 PM

From what I've known years ago, the military owns the Internet, either by creating it or buying out the creators. It was first used in 1945 - 1947. The sole purpose was to transmit images and other data quicker than the conventional means that were available. After such time, the soldiers were giving pornographic pictures that came quickly, and then they sent images back just as quick. Since then, the Internet has been coined to be so famous because it was used to send porno/nude pictures world-wide, in a matter of minutes or so. The Internet was then used to send letters, and all other data we know of today, that was back then.

I was reading also on the internet, (I forget the site), but the military (US Government) said that they want the Internet back because they rightfully own it. Those are their words. Also, in case any of you don't know this, the US Government is joined with ICAAN, the main squeeze over domain registrations. But the US Government says they own it. If I can find the post (if I bookmarked it), I'll post it so others can read it.

This is old information though, and from what I learned about the Internet, the US Government has the rights to it. But I don't agree with it either.

So,, the bottom line?...... watch, and you'll all see that the US Government will have some involvement in controlling the Internet because of this incident.... and it wouldn't surprise me if they, themselves are the actual culprits behind this current event of trying to crash the internet.

Maybe they're testing the crashability of it, but when it failed, blamed it on a Patsy (fall guy).

Who knows? Either way it goes, I'm already prepared for it, and mainly because I have always expected it to happen... probably sooner than we think.

Edited by Walkman, 12 February 2007 - 11:12 PM.


#15 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:06 AM

Posted 13 February 2007 - 10:53 AM

There are also more than 13 servers. When they say there are 13 root servers, they don't mean 13 individual servers resolving the entire Internet.

Think of each root server as an entity that can consist of many different servers clustered to act as one.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users