Skip Links

Network World

  • Social Web 
  • Email 
  • Close

UPDATE: Lessons learned from Internet root server attack

By Carolyn Duffy Marsan , Network World , 02/08/2007

There’s some good news and some bad news for corporate network managers about the latest Internet root server attack.

The good news is that the Internet demonstrated once again that it is the most resilient network infrastructure ever built. Companies shouldn’t be afraid to put mission-critical applications such as voice and streaming video on the `Net because of these attacks, security experts say.

Don't Miss!Read the latest WhitePaper - Troubleshooting Remote Site Networks - Best Practices

The bad news is that that the Internet continues to be a target for vandals and criminals, particularly those looking to make money through extortion, fraud or theft. Experts say that most corporate Web sites and IP networks couldn’t withstand the ferocity of the latest attacks.

Five tips for preventing DNS attacks
The Internet's DNS system uses several techniques to stay up and running in face of distributed denial-of-service (DoS) attacks such as those launched last week. DNS experts offer the following suggestions of what you can do to improve the resilience of your corporate DNS infrastructure:
Use multiple DNS servers distributed around the globe. Some root servers use a technique called Anycast to distribute their content across dozens of servers around the world. If you increase the number of DNS servers you have, your DNS infrastructure will be less vulnerable to attack in any one location or region.
Keep current copies of your DNS records. If you keep current copies of your DNS records on one or more secondary servers, you will still have access to that information if your primary DNS server is attacked.
Use the latest version of BIND. Make sure you are using the current version of Berkeley Internet Name Domain, the open source software that runs most DNS servers. Older versions of BIND have known security issues. The current release of BIND is 9.3.4.
Ask your ISP about distributed DoS prevention. Ask your ISP what steps it is taking to prevent, minimize and isolate distributed DoS attacks. Find out if your ISP is deploying Anycast DNS server, distributed DoS filtering and trace-back technologies used to isolate botnet attacks. Ask if service levels are guaranteed or statistical.
Multihome your Internet applications across two carriers. Your Web site and IP network are more likely to withstand an attack if they have access to two IP infrastructures run by separate carriers.
Click to see: Five tips for preventing DNS attacks

"These attacks weren’t that substantial," says Danny McPherson, chief research officer for Arbor Networks, which provides detection services for these types of attacks. "They’ve gotten a lot of attention, but they’re not as significant as the attacks we see every day against our customers, which are much more targeted and more damaging."

Related Content
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comments (1)
Login
Forgot your account info?

UPDATE: Lessons learned from Internet root server attackBy Anonymous on February 9, 2007, 11:56 am"We worked closely with those in the organization to minimize that attack," I wonder how it would work if all other communication between the organization would...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.