DNS Anxiety Attack

DNS attacks happen every day, and your machine could play a part

February 8, 2007

2 Min Read
Network Computing logo

4:55 PM -- There are plenty of conflicting theories about why attackers launched this week's distributed denial-of-service (DDOS) exploit on the Internet's DNS root servers. But there's one thing everyone seems to agree on: We haven't heard the last of it. (See DNS Attack: Only a Warning Shot?.)(See VeriSign Ups the DNS Ante.).

Some security experts believe the DDOS caper was a trial-run, testing the waters for a larger attack, or several more targeted ones. Others say it may have been a diversion for another attack going on in the background. Either way, it's unsettling. These are key server farms in the Internet infrastructure, and there's plenty at stake. Nobody wants to see the .com top-level domain go dark.

"It doesn't matter what the motivation was," Ken Silva, chief security officer at VeriSign, told me in an interview today. "The fact of the matter is there are people out there with this kind of horsepower -- and they can cause harm, whether it's cyber vandalism by someone who has a political ax to grind, or cyber terrorism."

Silva made no bones about the fact that VeriSign's DNS servers get pounded on a regular basis, although incidents such as last year's attack on 1,500 Websites are rarely made public. "We anticipate them as best we can, and plan for them," he says. "That's what Project Titan [VeriSign's new buildout initiative] is all about."

So, as with most security threats, it becomes a war of escalation -- trying to get one step ahead (or behind, depending on how you look at it) of the attackers by throwing more resources at the problem and adding more layers of defense.

I've gotta say, knowing these kinds of attacks happen on a daily basis doesn't make me feel any better. And what makes one attack more publicity-worthy than another?

If your anxiety level hasn't risen enough, here's a dose of guilt for you, too: SophosLabs today pointed out that any one of us Internet users could unknowingly have contributed an infected machine to the botnet that executed Tuesday's DDOS attack. If the attack had been successful in knocking DNS offline, Sophos says, all (our) Website access and (our) email delivery would have stopped worldwide.

Well, gotta run. My PC and I have a date with Norton and McAfee.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
More Insights