Akamai attack underscores DNS risks

An attack earlier this month aimed at DNS services for high-profile Akamai Technologies customers should be a wakeup call for enterprise users to ensure they have contingency plans to deal with a growing number of Internet threats, analysts say.

"This really isn't a [content delivery network] story as much as it is a DNS story," says Lydia Leong, principal analyst at Gartner. "The customers impacted happened to be Akamai customers, but the real question has to do with DNS technologies. I don't think this is any reason to get gun-shy with CDNs, but my advice to clients regardless of whether they outsource their DNS is that they should have a contingency plan."

For example, Google, which was hurt by the June 15 attack, redirected requests from Akamai's servers to its own to keep its site up, Leong says.

In addition to creating an alternate set of DNS records, companies also could deploy excess Web server capacity to handle requests should DNS-based global load balancing fail and could demand service-level agreements with their service providers in the case of non- performance, among other things, Leong says.

Paul Mockapetris, who invented DNS and is chairman and chief scientist at IP address infrastructure software vendor Nominum, says companies should put filters at the edge of their networks to try to address distributed denial-of-service (DoS) attacks. He says hackers are targeting DNS servers more often because DNS is key to most Internet services.

"We expected [the use of] DNS to grow through new applications and a bunch of other things, but viruses and spam and these attacks have been providing a lot of the growth," he says.

Despite the "sophisticated and large-scale" nature of the attack, just 1%, or fewer than a dozen, of about 1,100 Akamai customers were affected significantly, meaning that more than 20% of their users had trouble accessing their sites, says Tom Leighton, chief scientist at Akamai.

The distributed DoS attack, apparently propagated by "zombie" servers set up via viruses and used to flood the DNS servers with requests, was first detected at 8:30 a.m. EST. DNS servers translate common URLs into numerical IP addresses, which a client computer uses to access Web sites.

Leighton says only about 4% of Akamai's customers were affected and only half had any noticeable problems. The attack was thwarted and service returned to normal by 10:45 a.m. EST, Leighton says.

Akamai, which hosts some of the Internet's largest sites, including Yahoo, Google and Microsoft.com, is no stranger to attacks, but Leighton says in the past the service provider has been successful in defending against them.

"It was discouraging to see one get through in the limited way it did," Leighton says. "It makes us more educated and makes us redouble our efforts to try to prevent that from happening again."

In response to this incident and an unrelated outage in May that Akamai blamed on an internal glitch in its content management software, Akamai customers have mixed reviews.