Net backbone withstands major attack

The Internet withstood what appears to have been a major assault on its core infrastructure on Monday, when all 13 of its root...

The Internet withstood what appears to have been a major assault on its core infrastructure on Monday, when all 13 of its root servers were attacked.

A spokesman for VeriSign, which operates two of the servers, said the distributed denial of service (DDOS) attack started at about 10pm on Monday night and lasted for about an hour.

The US Federal Bureau of Investigation's National Infrastructure Protection Centre "is aware of the matter" and is "addressing" it, said Steven Berry, a supervisory special agent with the FBI's press office.

Root servers are used by the Internet's domain name system (DNS), which takes easy-to-remember domain names used by people and converts them into the numerical IP addresses used by computers.

Four or five of the Internet's 13 root servers kept working during the attack and so Internet traffic kept moving, because the DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to a report yesterday in the online edition of the Washington Post.

No major outages occurred as a result of the attack, meaning Internet users were unaware of what had happened. Nevertheless, one source quoted in the report characterised the incident as one of the largest attacks launched on the Internet.

"This was the largest and most complex DDOS attack ever against the root server system," an anonymous source told the Washington Post.

Matrix NetSystems, which tracks the status of Internet traffic, said yesterday that the DDOS lasted for as long as six hours and may have slowed down Web traffic and the delivery of e-mails for some users on Monday night.

"What happened was dramatic," said Tom Ohlsson, vice-president of marketing for Matrix NetSystems, which compiles reports that detail how much traffic uses the Internet backbone at any given time. "In terms of damage, the worst is probably behind us as of [Tuesday]."

DDOS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic. They are typically very simple to carry out, Ohlsson said.

Officials at organisations responsible for the Internet backbone said they did not yet know who was responsible for the attack.

Matrix NetSystems traced the attacks to a number of US Internet hosting service providers, as well as one in Europe, which probably acted as "unwitting hosts" to the perpetrators, Ohlsson said. He added that the attack could have originated anywhere.

A spokeswoman for Microsoft's MSN Internet service said it had not noticed any slowdown in traffic.

VeriSign said its two root servers kept working during the incident. "VeriSign expects that these sort of attacks will happen, and VeriSign was prepared," a spokesman for the company said.

Other root server operators include NASA Ames Research Centre, the US Army Research Lab, the Internet Corporation for Assigned Names and Numbers and the Internet Software Consortium.

Read more on IT risk management