[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] es gab am Montag _zwei_ große DoS-Attacken

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] es gab am Montag _zwei_ große DoS-Attacken
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Sun, 27 Oct 2002 23:05:26 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

http://www.washingtonpost.com/wp-dyn/articles/A6894-2002Oct23.html

More Than One Internet Attack Occurred Monday

By Brian Krebs and David McGuire
washingtonpost.com Staff Writers
Wednesday, October 23, 2002; 7:06 PM 

Monday's attack on the 13 computer servers that manage the world's
Internet traffic was the first of two assaults, according to officials
at the companies that were affected.

Just after 5 p.m. EDT on Monday, a "distributed denial of service"  
(DDOS) attack struck the 13 "root servers" that provide the primary
roadmap for the Internet. The second attack started several hours
later and targeted a different kind of Internet server.

DDOS attacks are intended to overwhelm networks with data until they
fail.

The first attack, which lasted an hour, targeted all 13 of the root
servers that form the core of the worldwide Domain Name System, which
converts numeric codes into the words and names that form e-mail and
Web addresses. Some of the servers failed intermittently, but Internet
users were largely unaffected due to redundant nature of the
root-server system, experts said.

The second attack, say sources familiar with the incident, targeted
"name" servers that direct Internet users to more specific online
locations. Those servers house Internet domains such as dot-com,
dot-biz and dot-info, and country code domains such as Great Britain's
dot-uk and Canada's dot-ca.

"At around 11 (p.m. EDT), the whole thing started over again, this
time switching to the global (name) servers," said Chris Morrow, a
network security engineer for UUNET, in an interview Tuesday. A unit
of WorldCom Inc., UUNET handles roughly half of the global Internet
traffic and is the service provider for two of the 13 root servers.

VeriSign, which manages the servers for the dot-com, dot-net and
dot-org domains, tracked attacks against all of its name servers
beginning around 10 p.m. Monday, company spokesman Brian O'Shaughnessy
said.

VeriSign also operates two of the 13 root servers that were targeted
in the first attack. Neither VeriSign's root servers nor its name
servers were taken down in the attacks, O'Shaughnessy said.

"We experienced an attack on our name-server constellation and we
dealt with it the same way we dealt with the previous attack on our
root servers," he said.

Dublin-based Afilias Ltd. also reported having its "dot-info" name
servers struck late Monday, but Afilias spokeswoman Heather Carle said
the company was able to easily repel the attack. "We're able to
internally balance the load from any hits our DNS server takes," she
said.

Afilias operates dot-info, one of seven newer domains created to ease
crowding in the popular dot-com, dot-net and dot-org domains.

If all of the name servers for any domain were crippled long enough,
users would start having difficulty reaching addresses within those
domains. Most name and root servers are designed with enough back-up
capacity that such an attack would be very difficult to execute.

The White House's Office of Homeland Security and the FBI are
investigating Monday's cyber attacks, but have declined to speculate
on who might have been responsible. It is also not clear whether the
same source was to blame for the separate attacks on root and name
servers.

At a press conference today, White House Press Secretary Ari Fleischer
sought to downplay speculation that the strikes were carried out by
terrorists.

"I'm not aware there's anything that would lead anybody to that
direction," Fleischer said. "History has shown that many of these
attacks actually come from the hacker community."

It is difficult to discover the identities of DDOS hackers because the
computers they use to mount the assaults usually are commandeered --
either manually or remotely -- and programmed to carry out the
attacks. These computers often belong to unsuspecting home users.

Experts say the only way to trace the attacks to their true source is
to deconstruct the data packets used in the assault as it is
happening. According to Gordon Johndroe, spokesman for the Office of
Homeland Security, the FBI was able to "monitor the attack while in
progress."

UUNET's Morrow said a successful investigation ultimately could hinge
on boasts made in the hacker community.

"I don't think anyone knows who's responsible for this yet," Morrow
said. "Somebody might blather about it in a couple months, and that's
probably the only chance have of finding out who did it."

The reporters can be e-mailed at brian -
 krebs -!
- washingtonpost -
 com and
david -
 mcguire -!
- washingtonpost -
 com

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] noch vor Moskauer Stürmung: Kavkaz.org vom Netz genommen
Next by Date: [infowar.de] Re: noch vor Moskauer Stürmung: Kavkaz.org vom Netz genommen
Previous by thread: [infowar.de] Re: noch vor Moskauer Stürmung: Kavkaz.org vom Netz genommen
Next by thread: [infowar.de] Government, Business Must Share Responsibility on Cybersecurity Opening Remarks for the U.S.-EU Information Security Forum
Index(es):
- Date
- Thread