Researchers Warn of Powerful New DoS Attacks
First detected late last year, the new attacks – using a technique known
as distributed reflector denial of service -- direct such massive amounts of
spurious data against victim computers that even flagship technology companies
could not cope. In one of the early cases examined, the unknown assailant apparently
seized control of an Internet name server in South Africa and deliberately corrupted
The attacker then sent falsified requests to the compromised directory computer,
which unleashed overwhelming floods of amplified data aimed wherever the attacker
Experts traced at least 1,500 attacks that briefly shut down commercial Web
sites, large Internet providers and leading Internet infrastructure companies
during a period of weeks. The attacks were so targeted that most Internet users
did not notice widespread effects.
Ken Silva, the chief security officer for VeriSign Inc., compared the scale
of attacks to the damage caused in October 2002 when nine of the 13 root servers
that manage global Internet traffic were crippled by a powerful electronic attack.
VeriSign operates two of the 13 root server computers, but its machines were
"This is significantly larger than what we saw in 2002, by an order of
magnitude," Silva said.
Silva said attacks earlier this year used only about 6 percent of the more
than 1 million name servers across the Internet to flood victim networks. Still,
the attacks in some cases exceeded 8 gigabits per second, indicating a remarkably
powerful electronic assault.
"This would be the Katrina of Internet storms," Silva said.
The U.S. Computer Emergency Readiness Team, a partnership with the Homeland
Security Department, warned network engineers in December to properly configure
their name servers to prevent hackers from using them in attacks. It called
the attacks "troublesome" because name servers must operate to help
direct Internet traffic.