Security News

October 23rd, 2002 - Root Servers Attacked

On Monday, October 21st, a major Distributed Denial of Service attack was mounted against the thirteen root servers of the internet. The attack lasted one hour and crashed or crippled seven of the servers.

The attack was done using a large number of remotely controlled machines, which attacked the root servers with floods of ICMP requests (this is known as ping-flooding).  Normally, a ping request sends one 64-byte packet per second; in ping-flooding the attacking system sends these requests at the highest possible rate.

The overall threat was dismissed by some experts as "minimal", in that there was no noticeable effect to the internet. Paul Vixie (the chairman of the Internet Software Consortium) confirmed the attack but added it "was only visible to people who monitor root servers or whose backbones feed root servers."

He added, "DDoS attacks often end up hurting intermediate links in the path more than the destination of the flow... The average person who just wanted to use DNS to get work done didn't seem to notice it at all".

The Internet Software Consortium reported traffic of 80mps to the root server that it manages, which is more than ten times the normal load. Other root servers managers (including Verisign and ICANN) noticed increases in traffic as well.

The domain name system of the internet is highly distributed and thus was not damaged or even inconvenienced by this attack. The thirteen servers that were targeted are the root servers, meaning they are used as the source for all domain name definitions. There has been much discussion over the years about the security of these systems, which are vital to the operation of the internet. In fact, one of the primary missions of ICANN is to investigate and ensure that this security exists and works.