The DDOS (distributed denial of service ) attack launched on Monday against all 13 of the internet DNS (domain name system) root servers failed to bring down the internet. But that doesn't mean that more attacks won't follow and succeed where this week's attack failed according to experts, some of whom feel that the US federal government needs to step in to secure the net infrastructure.
Monday's attack was targeted at 13 key servers that translate easy-to-remember web addresses into the numeric IP (internet protocol) addresses used by computers to communicate.
Attackers flooded the DNS servers with internet traffic using ICMP (internet control message protocol) at more than 10 times the normal rate of traffic, according to Brian O'Shaughnessy, a spokesman at VeriSign, which manages the 'A' and 'J' root servers.
Such events are nothing new, with high-profile attacks in past years against internet service providers and companies such as Microsoft and online auction site, eBay. But experts say that Monday's incident opens a new chapter in the history of internet-based attacks.
"Monday's attack was an example of people not targeting enterprises, but going against the internet itself by attacking the architecture and protocols on which the internet was built," said Ted Julian, chief strategist at Arbor Networks.
Factors contributing to such attacks are well known, according to experts. Worms such as Code Red, Nimda and Slapper have left hundreds — if not thousands — of compromised computers on the internet, Julian said. Such systems can be used as 'zombies' in a DDOS attack. Zombies are machines controlled remotely and used to launch an attack.
Reports from Matrix NetSystems traced the attacks to internet hosting service providers in the US and Europe.
Gerry Brady, chief technology officer for Guardent said that sophisticated software programs make leveraging those compromised machines a simple matter, even for novice attackers.
"With automated attack tools, even inexperienced people can get control of a large number of hosts. The IP addresses and access passwords for those systems are traded on the internet," Brady said.
While the FBI's National Infrastructure Protection Centre is investigating the attacks, Brady pointed out that some of the most frequent sources of such attacks are teenagers, not terrorists.
"The big drivers we're seeing [in DDOS attacks] are juvenile rivalries — revenge for incidents that might have happened during online gaming. These attacks are not professional or financial in nature. They're random and non-directed," Brady said.
Fortunately, Monday's attacks were not sophisticated, relying on a simple "packet flood" approach in which information packets are sent in high volumes to a server, and using a protocol — ICMP — that is typically not seen in very high volumes, Brady and Julian said.
But future attacks could be much more sophisticated, they fear.
Instead of sending a flood of packets all using the same protocol, attackers might disguise a DDOS attack as normal traffic — what Julian referred to as a "bandwidth anomaly". In such an attack, nothing about the protocols used or packets sent would appear unusual, but the volume of traffic would be enough to overwhelm the targeted server.
Even more pernicious, Brady and Julian agreed, would be attacks that target the routing infrastructure, as opposed to the DNS infrastructure of the internet. That infrastructure of roadways over which internet traffic passes is more "brittle" than the flexible architecture of DNS, Brady said.
"When one backbone goes down, the traffic has to go somewhere," said Brady, recalling that the recent outage on the UUNet internet backbone operated by WorldCom was felt instantly worldwide.
The US government should take more responsibility for management of key components of the internet infrastructure, Julian and Brady agreed. That could include tax incentives or direct government funding for private companies and public organisations managing key DNS servers to secure their systems, all of which are currently operated as a free service by companies, government entities and non-profit organisations.
"This showcases a specific vulnerability that requires the government to get involved," Julian said. "If you run a DNS server what is your monetary incentive to secure it? There is none. This is the number one area of focus that the government should have."
As for the backbone providers, Brady said that because of the dire financial condition of most companies that manage the internet backbone, there is little private money available to ensure the extra capacity should one or more parts of the backbone be attacked. US government investment could help create and secure a more robust infrastructure.
In the meantime, Brady said that the pattern of past DDOS attacks make more of them likely in the near future.
"I would be worried that we're in a short-term countdown to more infrastructure attacks because they're just so easy to do," Brady warned.