Joined
·
1,611 Posts
During the evening of Monday, 21 October 2002, 13 vital pieces of Internet infrastructure suffered an hour-long attack that almost brought them to their virtual knees.
The domain name system, or DNS, allows users to type mnemonic names (such as "www.extremetech.com") instead of cryptic IP addresses (such as 63.111.13.100). It's structured as a distributed database. Each level of the name -- from the ".com" backward to the "www" -- may be determined by a different server in a different part of the world.
The 13 DNS "root servers" lie at the top of the hierarchy, and are the first stop when your ISP's equipment looks up the name preceding the ".com" for you. For example, your ISP might go to the root servers to find the address of the name server responsible for the domain "extremetech.com". It then goes to that name server to find out the address of the host "www" within the domain "extremetech.com". Your ISP saves, or caches, the addresses associated with names that were recently looked up, so you might not even notice a brief outage in the root servers. But if those servers were to stop running for more than a short while, the Internet would grind nearly to a halt.
A Washington Post article gives a general description of the attacks. Other sources say that the attack consisted of ICMP packets -- the kind used by the "ping" network utility. (An attack that overwhelms a machine with such packets is called a ping flood). However, the article does not mention whether the root server operators were able to identify the Trojan horse or worm that infected and controlled the attacking machines.
The domain name system, or DNS, allows users to type mnemonic names (such as "www.extremetech.com") instead of cryptic IP addresses (such as 63.111.13.100). It's structured as a distributed database. Each level of the name -- from the ".com" backward to the "www" -- may be determined by a different server in a different part of the world.
The 13 DNS "root servers" lie at the top of the hierarchy, and are the first stop when your ISP's equipment looks up the name preceding the ".com" for you. For example, your ISP might go to the root servers to find the address of the name server responsible for the domain "extremetech.com". It then goes to that name server to find out the address of the host "www" within the domain "extremetech.com". Your ISP saves, or caches, the addresses associated with names that were recently looked up, so you might not even notice a brief outage in the root servers. But if those servers were to stop running for more than a short while, the Internet would grind nearly to a halt.
A Washington Post article gives a general description of the attacks. Other sources say that the attack consisted of ICMP packets -- the kind used by the "ping" network utility. (An attack that overwhelms a machine with such packets is called a ping flood). However, the article does not mention whether the root server operators were able to identify the Trojan horse or worm that infected and controlled the attacking machines.