Last week's distributed denial-of-service attack against the Internet's root servers underscores that much of the Internet's infrastructure remains vulnerable to these common hacker attacks and more sophisticated assaults that might be on the horizon, experts say.

That an easily preventable distributed DoS attack was successful against so many of the Internet's root servers surprised many network executives, who say they thought more precautions were being taken by the operators of such a key component of the Internet's DNS.

A distributed DoS attack occurs when a hacker hijacks machines across the Internet and uses them to send a flood of requests to a server until it becomes overwhelmed and stops functioning.

In this case, the distributed DoS attack was aimed at the 13 root servers that run as the master directory for lookups that match domain names with their corresponding IP addresses. Below the root servers are the servers that support top-level domains such as .com, .net and .org, and below the top-level domain servers are hosts of individual Web sites.

Click to see:

"Last Monday's attack wasn't very skillful from the point of attacking the DNS root servers with a well-known ping attack," says Paul Mockapetris, an inventor of the DNS and chief scientist at Nominum, a DNS software vendor. "There are going to be some lax administrators who get a big wake-up call."

The root server attack also shows that hackers are becoming more ambitious in choosing targets.

"Two years ago, most of the denial-of-service attacks were on actual Web sites. With this attack, people are going after parts of the infrastructure,'' says Ted Julian, co-founder and chief strategist with Arbor Networks, a start-up that sells an anti-distributed DoS monitoring system to ISPs. "It changes from a local attack to a global attack."

During the root server attack, a hacker sent fake ping requests, which are queries from one host to another to determine if a communications path is available between the two hosts. Ping messages, which are rarely received by the root servers, are sent using the Internet Control Message Protocol (ICMP).

The 13 root servers were flooded with ICMP requests for about an hour, causing several root servers to stop being available to regular Internet traffic. However, the remaining root servers withstood the attack and ensured that it didn't slow down performance across the Internet.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports