Distributed denial-of-service attacks on root nameservers
   HOME

TheInfoList



Click Here for Items Related To - Distributed denial-of-service attacks on root nameservers
OR:
Distributed denial-of-service attacks on root nameservers on:   [Wikipedia]   [Google]   [Amazon]

Distributed denial-of-service attacks on root nameservers are
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
events in which distributed
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
s target one or more of the thirteen
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
root nameserver A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers f ...
clusters. The root nameservers are critical infrastructure components of the Internet, mapping
domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...
s to
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
es and other resource record (RR) data. Attacks against the root nameservers could, in theory, impact operation of the entire global Domain Name System, and thus all Internet services that use the global DNS, rather than just specific websites. However, in practice, the root nameserver infrastructure is highly resilient and distributed, using both the inherent features of DNS (result caching, retries, and multiple servers for the same zone with fallback if one or more fail), and, in recent years, a combination of
anycast Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sen ...
and
load balancer In computing, load balancing is the process of distributing a set of tasks over a set of resources (computing units), with the aim of making their overall processing more efficient. Load balancing can optimize the response time and avoid unevenl ...
techniques used to implement most of the thirteen nominal individual root servers as globally distributed clusters of servers in multiple data centers. In particular, the caching and redundancy features of DNS mean that it would require a sustained outage of all the major root servers for many days before any serious problems were created for most Internet users, and even then there are still numerous ways in which ISPs could set their systems up during that period to mitigate even a total loss of all root servers for an extended period of time: for example by installing their own copies of the global DNS root zone data on nameservers within their network, and redirecting traffic to the root server IP addresses to those servers. Nevertheless, DDoS attacks on the root zone are taken seriously as a risk by the operators of the root nameservers, and they continue to upgrade the capacity and DDoS mitigation capabilities of their infrastructure to resist any future attacks. An effective attack against DNS might involve targeting
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
servers (such as those servicing the
.com The domain name .com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Added at the beginning of 1985, its name is derived from the word ''commercial'', indicating its original intended purpose for domains registere ...
domain) instead of root name servers. Alternatively, a
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
or DNS poisoning attack could be used, though they would be more difficult to carry out.


Attacks


October 21, 2002

On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers. The attackers sent many ICMP ping packets using a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
to each of the servers. However, because the servers were protected by packet filters which were configured to block all incoming ICMP ping packets, they did not sustain much damage and there was little to no impact on Internet users.


February 6, 2007

On February 6, 2007 an attack began at 10:00  UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly "suffered badly" while two others (F-ROOT and M-ROOT) "experienced heavy traffic". The latter two servers largely mitigated the damage by distributing requests to other root server instances with
anycast Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sen ...
addressing. ICANN published a formal analysis shortly after the event. Due to a lack of detail, speculation about the incident proliferated in the press until details were released.


November 30, 2015

During two intervals on November 30, 2015 and December 1, 2015, several of the root name servers received up to 5 million queries per second each, receiving valid queries for a single undisclosed domain name and then a different domain the next day. Source addresses were spread throughout IPv4 space, however these may have been spoofed. Some root server networks became saturated, resulting in timeouts, however redundancy among the root servers prevented
downstream Downstream may refer to: * Downstream (bioprocess) * Downstream (manufacturing) * Downstream (networking) * Downstream (software development) * Downstream (petroleum industry) * Upstream and downstream (DNA), determining relative positions on DNA ...
issues from occurring during this incident.


Threats


Operation Global Blackout 2012

On February 12, 2012, a statement was posted on
Pastebin A pastebin or text storage site is a type of online content-hosting service where users can store plain text (e.g. source code snippets for code review via Internet Relay Chat (IRC)). The first pastebin was the eponymous pastebin.com. Other ...
cited to be from Anonymous, threatening an attack on the root servers on March 31, 2012. "To protest
SOPA Sopa or SOPA may refer to: * Sopa (tribe), an Albanian tribe of the Sharr Mountains * Lake Sopa, Albania * School of Performing Arts Seoul, an arts high school in Seoul, South Korea * Senior Officer Present Afloat, a term used in the U.S. Navy ...
, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down," reads the statement. "Remember, this is a protest, we are not trying to ‘kill' the Internet, we are only temporarily shutting it down where it hurts the most…It may only last one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known."


References


External links


Significant Internet events



InformationWeek article on February 2007 attack
* {{cite news, title=Assault on Net servers fails, url=http://news.cnet.com/2100-1001-963005.html, date=October 22, 2002, author=Robert Lemos, publisher=CNET news.com, accessdate=2012-01-02 DNS Backbone DDoS DNS Backbone DDoS Domain Name System Denial-of-service attacks