Posted on 12/09/2015 7:32:50 PM PST by dayglored
The internet's root servers came under a concerted distributed denial of service (DDoS) attack last week that effectively knocked three of the 13 critical pillars of the internet offline for several hours.
The attack came just days before the Janet academic network received a similar DDoS attack.
According to a first analysis of the root server attack, published by the root server operators on Tuesday, the attack occurred on November 30, 2015 between 06:50 and 09:30 UTC and then again the next day for an hour.
Many, but not all, of the root servers received roughly five million queries per second, which was enough to flood network connections and cause timeouts on the B, C, G, and H root servers. The queries were valid DNS messages for a single domain name; the second day's attack used a different domain name than the first.
Ultimately, the operators affected by the attack used counter-measures, with some degree of success, but a proper analysis is now underway to discover exactly what form the attack took and where it originated.
Of perhaps most concern is the fact that even with the implementation of Anycast technology designed to help deal with such an attack, a number of the servers were still swamped.
The root servers themselves make up the pillars on which the internet's domain name system sits. They act as a sort of global directory for all the other parts of the internet.
Any attack on the DNS' infrastructure is taken very seriously and if the root servers went down for longer than a day, it would start causing significant problems globally.
(Excerpt) Read more at theregister.co.uk ...
GayMuzzie doesn’t like the Samizdat, wants the MSM monopoly back.
Guys, consider pinging, this might be somewhat esoteric for some users, but it has huge (”YUUUGE!”) potential consequences for all of us.
This is nothing compared to what’s going to happen when Obama gives the Internet to the United Nations
‘So something needs attention, and soon. ‘
Yeah, the perps.
This is no different than blowing up a ‘brick and mortar’ utility.
Yup. It is a big deal. 3 of out 13 is too many. We need to add more roots servers.
It's kinda funny, because it wasn't really all that many years ago that some of the root servers were just sitting under someone's desk. I'd be interested in seeing what kind of hardware they are running most of the root domain servers on these days, and how big a network connection they have incoming.
From that article:
A large botnet of infected computers or other Internet-connected devices is the most plausible explanation for such an attack. That would explain how the attack occurred, but it doesn't shed any light on why it was carried out. It has also renewed calls for networks to implement BCP 38, an Internet Engineering Task Force standard for defeating IP address spoofing. Many networks enforce it, but some still don't, and they're the ones making such attacks possible.
From that article's comments:
For anybody who was wondering, BCP 38 is a 15 year old proposal, and it's pretty straightforward to implement - in most cases it'd be a single firewall rule on an ISP's customer-facing router(s).There's no justification for not implementing it basically everywhere.
Oh, this is bad. We should turn control of the internet over to the UN so it can be more secure. /s
Where are the root servers and who controls them?
I blame climatey changey.
What's scary, Jim, is that an awful lot of people DO think that way, and they are gonna vote next November.
Most seem to be in the United States.
There is a map on the article I linked above showing some of the 13 root servers. They are labeled A to M.
A list of the organizations that manage the servers is here:
http://www.iana.org/domains/root/servers
This complicates the answer to your question:
(from https://www.apnic.net/community/support/root-servers)
The 13 root nameservers each have an identifying letter, from A-M. However, while only 13 names are used for the root namesevers, there are many more physical servers. Some exist in only one instance while others, such as C, F, I, J, K, L, and M servers all exist in multiple locations on different continents. These duplicates use anycast address announcements to provide a completely decentralized service.Having multiple servers distributed around the world provides high performance DNS lookup independent of the user's location as the request does not have to be dealt with by a single remote instance of the nameserver.
I hadn’t heard about this. I’m no expert but I have had some professional networking training. I agree this is very serious but not at all unexpected. America is very, very dependent on the Internet these days.
People have legitimate, non-malicious reasons for wanting to spoof an IP address.
What would a legitimate use for IP spoofing be? Spoofing <> anonymity.
Privacy.
Ability to log into servers that block certain IPs.
That’s not what IP spoofing is - IP spoofing forges the return address, so you can send info (to crash servers) but it never comes back to you. It is a one way path, so you can’t use it, in your example, to anonymously log into a website. Basically not a useful mechanism for people who care about privacy. Tor or VPN is the solution for that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.