Someone tried to take down the Internet by attacking the 13 root DNS servers Just before Halloween this year, someone tried to take down the Internet by attacking the 13 root DNS servers, the computers that translate names like www.blahblah.com into their true numerical addresses. The attack failed, or, put another way, the architecture of DNS succeeded in staving off the attack.The attacker used a brusque kind of distributed-denial-of-service attack called an ICMP flood that drowned the servers with 10 times the amount of traffic they normally handle. Only seven of the 13 servers were severely affected. At the height of the two-hour attack, packet loss reached 10 percent (it’s normally less than 1 percent). At worst you got sluggish Web performance. Probably you didn’t even notice.That’s because of how DNS works. Instead of just leaving these word-to-number translations on the root server, copies of them are cached all over the Internet on routers. That way you’re not banging on the door of a DNS server every time you type in www.blahblah.com. It also means when these root DNS servers are down most of us can still navigate by accessing a cached copy of the DNS information. It’s only when these cached copies expireeach one has a preset time to livethat real problems will start. Experts say that would take eight or nine hours. “First and foremost, this is a success story,” says Bruce Schneier, founder and CTO of Counterpane Internet Security. “The attack failed. The architecture worked.” In effect, we won!Even so, the attack generated a buzz in both security circles and the mainstream media. Some posited that this was a practice run by terrorists. Others suggested it represented a new level of sophistication among hackers. Not so on either count, others say. It was, after all, a relatively elementary type of attack easily dealt with. And many, including Schneier, laugh at the idea that this was a precursor to terrorist activities. “We know what the motive was,” he says. “There can only be one: vandalism.”While Henny Penny is wrongthe sky is not fallingthe attack should generate discussion. For example, right now the 13 root DNS servers are managed in a collegial, volunteer manner. Does this need to change? Should there be more root DNS servers, and if so, where? Are there ways to fortify the defenses of DNS and other architectures and protocols? (Border Gateway Protocol routing, or BGP, is another that’s widely known to be vulnerable.)Anyway, it’s good to be able to apply 20/20 hindsight after a failed attack instead of a successful one. Chalk one up for the good guys. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe