Attack targets .info domain system

Attackers flood another domain name system with a deluge of data in an online assault that resembles last month's attempt to cripple DNS root servers.

Robert Lemos Staff Writer, CNET News.com

Robert Lemos

covers viruses, worms and other security threats.

See full bio

Robert Lemos

Nov. 25, 2002 5:02 p.m. PT

2 min read

An Internet attack flooded domain name manager UltraDNS with a deluge of data late last week, causing administrators to scramble to keep the servers that host .info and other domains up and running.

The assault sent nearly 2 million requests per second to each device connecting the network to the Internet--many times greater than normal--during the four hours of peak activity that hit the company early Thursday morning, said Ben Petro, CEO of UltraDNS.

"This is the largest attack that we've seen," Petro said.

He stressed that it didn't affect the company's core domain name system (DNS) services, but administrators had to work fast to get the attack blocked by the backbone Internet companies from which UltraDNS gets its connectivity. "From a network management perspective, it certainly kept us on our toes," he said.

The attack came almost exactly a month after a similar attack targeted the DNS root servers, the databases that hold the critical information computers need to maintain top-level domains. Such domains act as the white pages of the Internet, matching domain names--such as www.cnet.com--with numerical Internet addresses.

Petro said that an investigation is most likely under way. However, the FBI and UltraDNS's own service provider, WorldCom's UUNet, were not immediately available for comment. UltraDNS's other service provider, Verio, would not comment on whether an investigation had been initiated.

Investigators may have an extremely tough time locating the attackers, however. The flooding of networks in what are known as distributed denial-of-service attacks is typically done using forged source addresses. These addresses are sent from servers compromised by the attackers before the actual assault, giving a double level of indirectness that is hard to crack.

But the need to find the attackers has grown in importance, Petro said, given that the recent trend of attacks has shifted from targeting company networks to targeting the infrastructure of the Internet itself.

"When you take down Amazon.com, it hurts Amazon," he said. "When you take down .com, .org and .net, you are affecting the gross domestic product--you are hurting the country."

UltraDNS, a member of the Internet Society, has been chosen to serve as the primary DNS provider for the .org domain starting next year. In addition, UltraDNS acts as the primary provider for .info and for the top-level domains of Ireland, Luxembourg, Norway and nine other domains. The official .info registrar, Afilias, teamed up with UltraDNS in September to speed up the resolution and registration of .info domains.

"The reality is that the attacks keep getting bigger, stronger and faster," Petro said. "Like terrorism, you don't know when they are going to strike and how they are going to strike. Until we are able to dedicate attention to these attacks, until we can follow these attacks to their end, we are all vulnerable."