[Air-l] [Fwd from CSL]: FBI probes attack on net

Adrian S. Petrescu apetrescu at ONLINE.EMICH.EDU
Thu Oct 24 08:14:26 PDT 2002 

Did everyone get this already?  I found it interesting and addressing
some questions posed in Maastricht.

Adrian S. Petrescu

-------- Original Message --------
Subject: [CSL]: FBI probes attack on net
Date: Thu, 24 Oct 2002 15:41:04 +0100
From: J Armitage <j.armitage at UNN.AC.UK>
Reply-To: Interdisciplinary academic study of Cyber
Society<CYBER-SOCIETY-LIVE at JISCMAIL.AC.UK>
To: CYBER-SOCIETY-LIVE at JISCMAIL.AC.UK

Wednesday, 23 October, 2002, 11:02 GMT 12:02 UK
FBI probes attack on net

http://news.bbc.co.uk/1/hi/technology/2352667.stm

The FBI has launched an investigation into a failed attempt to cripple
the
internet by attacking its central address books.
Steven Berry, a supervisory special agent at the FBI's National
Infrastructure Protection Center said it was "aware of the issue and was
addressing it".

Experts said the net coped so well with the attack that the vast
majority of
users would be unaware it had taken place.
The attack happened at 2200 BST on Monday evening and attempted to
cripple
the key servers by deluging them with many times more data than they
usually
receive.

But the fact that the servers are spread around the world, have fast
connections to the net and ordinarily cope with lots of requests for
data
stopped them succumbing to the flood of traffic.

Seven down

Although few users felt the effects of this barrage, known as a
distributed
denial-of-service attack (DDos), it did temporarily disable seven of the
net's 13 root servers.

The servers were bombarded with 30-40 times the usual amount of traffic
they
receive from hundreds of different computers.

Despite this statistics from Matrix Netsystems, which monitors average
net
response times, said the ability of net users to reach these servers
only
dropped to 94% of its usual 100% reachability.

As a result few people will have noticed anything unusual.

"As best we can tell, no user noticed and the attack was dealt with and
life
goes on," said Louis Touton, vice president for the Internet Corporation
for
Assigned Names and Numbers, which oversees the running of the root
servers
and the net's addressing system.

Although humans navigate the net with words, computers direct traffic
with
numbers known as IP addresses which broadly signify the location of a
particular network, computer, domain or site.

When you type the name of a website into a web browser it looks up the
location of that site by consulting a name server.
Popular and widely used domains, such as www.bbc.co.uk, are often held
in a
store, or cache, on a computer or network closely connected to the one
looking up the address.

If these servers do not know where to find the site they pass the query
upwards and ultimately will get information from one of the 13 root
servers
- the master address books.

Survivor

The fact that these servers are not regularly consulted by users could
have
been another reason that few people felt the effects of the attack.

"What we learned yesterday is ... it is hard to kill this system," said
Paul
Vixie of the Internet Software Consortium which makes software widely
used
to carry out domain queries.

"The Internet is sort of the cockroach of the modern age," he said, "It
survives."

The Internet Software Consortium operates the 'F' root server which
typically handles more than 272 million requests for information per
day.

Sites such as Yahoo have suffered DDos attacks

The 'F' server uses 4 processors and has 8gigabytes of Ram, short-term
memory, to cope with this number of requests. It was one of the root
servers
that survived the attack unscathed.

"It seems a strange target for attack because they have very fat pipes
and
are able to deal with a large number of requests per second in the
normal
course of business," said Gary Milo, founder and chairman of anti-DDos
technology maker Webscreen Technology.

He said if the root attack was redirected to a company's server it could
have been much more effective.

Mr Milo said Webscreen was seeing the numbers of DDos attacks growing by
the
month and now it believes that, on average, 4,000 take place every week.

"They can be started by anything from a bored teenager to a disgruntled
employee," he said.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated
discussion
list made up of people who are interested in the interdisciplinary
academic
study of Cyber Society in all its manifestations.To join the list please
visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************

More information about the Air-L mailing list