Internet Root Servers Attacked
February 6th, 2007In a very significant attack, cybercriminals launched a large Denial of Service attack against the internet’s 13 root servers, and briefly disabled 3 of them, including one that handles the US Defense Department network.
This is not the first time the 13 root servers have been targeted. In October 2002, a hour-long ping-flooding DDoS attack temporarily crippled 9 of the root servers.
The root servers are part of the Domain Name System (DNS), a worldwide distributed database that is used to translate worldwide unique domain names such as www.google.com to other identifiers. The DNS is an important part of the Internet because it is used by almost all Internet applications. The root name servers publish the root zone file to other DNS servers and clients on the Internet. The root zone file describes where the authoritative servers for the DNS top-level domains (TLD) are located; in other words: which server one has to ask for names ending in one of the TLDs, such as ORG, NET, CA, etc.
The attack is significant because the domain name system comprises one of the few logical single points of failure within the Internet. The root of the Internet namespace is held in 13 geographically distributed root name servers operated by nine independent organizations. In a worst case scenario, loss of all 13 of the root name servers would result in significant disruption to Internet operation as name to address translation (and vice versa) would no longer function