[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] PCWorld über die DOS-Attacken auf das IDNS
FBI Finds Source of Internet Attacks
Last month's denial of service attacks against Internet's core servers
have been traced to computers in U.S. and Korea.
Paul Roberts, IDG News Service
Monday, November 04, 2002
The distributed denial of service attacks against 13 of the Internet's
core servers has been traced to computers in the U.S. and Korea,
according to statements made by U.S. Federal Bureau of Investigation
director Robert Mueller.
The FBI director, who made the statements while speaking at a conference
in Falls Church, Virginia, would not elaborate on what information his
agency has obtained, saying that the investigation was ongoing.
"I can't give you a brief on where the investigation has led us,"
Mueller said, according to a transcript of his comments provided by the FBI.
The attack, which began on October 21
<http://www.pcworld.com/news/article/0,aid,106239,00.asp>, flooded all
13 of the root servers of the Internet Domain Name System, a network of
computer servers that communicate by matching up Internet domains used
by people with numeric equivalents used by computers.
All 13 of the root servers were flooded with Internet traffic
<http://www.pcworld.com/news/article/0,aid,106266,00.asp> using ICMP
(Internet Control Message Protocol) at more than 10 times the normal
rate of traffic, said Brian O'Shaughnessy, a spokesperson at VeriSign
after the DDOS attack happened. VeriSign manages the "A" and "J" root
Roughly two thirds of those servers were temporarily disabled or
severely hampered in serving legitimate user requests by the attack,
according to O'Shaugnessy and others. However, four or five of the 13
servers remained online throughout the attack and the majority of
Internet users did not experience any interruption in service.
South Korea, along with the U.S. is a frequent source of cyberattacks
because of the large number of computer users in that country and the
widespread availability of broadband Internet access such as a DSL or
Unlike machines that connect to the Internet using dial-up modems,
machines with broadband connections maintain a constant, high-capacity
connection to the Internet when they are turned on. As a result,
attackers, viruses, and e-mail worms can compromise these computers
often without the knowledge of the computer's owner. Those machines then
act as "zombies" in a distributed denial of service attack, controlled
remotely by the attacker and used to send a steady stream of information
packets to the targeted Web site or server.
Allan Paller of the nonprofit SANS Institute said Friday that
investigators may be able to use billing logs from the Internet service
providers involved to trace the attacks back to their source.
Seeking the Source
However, Paller noted that lists of machines that are known to have been
compromised by hackers or worms such as Code Red and Nimda
<http://www.pcworld.com/news/article/0,aid,104957,00.asp> are frequently
traded on the Internet. Investigations into the source of the October 21
attack will likely lead back to those compromised machines in the U.S.,
Korea and elsewhere.
From there, the job of identifying the actual perpetrators gets more
The fact that computers in Korea took part in the attack does not mean
that the attackers were Korean, Paller said. Attackers frequently
compromise and control such machines from afar using one or more
intermediate machines to cover their tracks.
Mueller did not say whether any progress had been made in locating the
actual perpetrators behind the attack and an FBI spokesperson would not
comment on whether the agency is close to identifying the individuals
responsible for the DNS attacks.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.