back to article Internet's root servers take hit in DDoS attack

The internet's root servers came under a concerted distributed denial of service (DDoS) attack last week that effectively knocked three of the 13 critical pillars of the internet offline for several hours. The attack came just days before the Janet academic network received a similar DDoS attack. According to a first analysis …

  1. Anonymous Coward
    Anonymous Coward

    Or, possibly,

    "Usually, DDoS attacks are carried out in order to extract money from companies, or to make a political point. But there is no obvious political point to be made in attacking the very foundations that the global internet relies upon. Although it is worth noting that all but two of the root servers are run by US entities and three are run by the US government.

    It is also notable that the duration and timing of these most recent attacks are very similar to the one in 2007, possibly suggesting the same modus operanda, or possibly just highlighting the window of time it takes for network operators to understand and mitigate an ongoing attack."

    they might be doing one of two unlisted things:

    A) cause chaos by bringing down the root servers, the results of which may allow for greater (known or commonly unknown) attacks, or

    B) probing for weaknesses in the system to allow future implementations of Plan (A)

    1. Steven Roper

      Re: Or, possibly,

      I can think of a few more:

      Luddites that hate the way the internet has changed the world and want to destroy it in an attempt to "bring the world back the way it was";

      Religious fanatics trying to find ways to bring about the apocalypse;

      Anti-NWO activists who see the internet as an illuminati tool to bring about the one world government and want to fight off the alien reptiloid invasion;

      Anti-corporation or Anti-American groups who see the internet as a means by which America and/or its big corporations are trying to dominate the world and want to prevent them;

      Crime syndicates testing a system whereby they can hold the world to ransom for billions of dollars;

      Military/intelligence forces testing means of shutting the internet down in the event of world war or martial law;

      A disaffected group of anti-social basement-dwelling hackers who hate the world and just want to see it burn.

      I can't think of any others off-hand but given the things I've read online, all of the above are distinct possibilities!

    2. Anonymous Coward
      Anonymous Coward

      Re: Or, possibly,

      But there is no obvious political point to be made in attacking the very foundations that the global internet relies upon

      You are joking, right? the whole thrust of modern hard post Trotsky-ite Left is to destroy civilisation, in order that a perfect capitalist free communist society will 'naturally' emerge.

      The same way that radical Islam hopes that a naturally god fearing Islamic society will take over when the West goes down.

      Gentlemen, we are at war, and we are hated. Because we can do stuff that they can't. Industrial society developed faster than the humans who now rely on it, and they think its both fearful, hateful and unnecessary, although none of them have ever tried to exist without it.

      Anti-science, anti-capital, anti-technology, anti-shaving.

      1. Anonymous Coward
        Anonymous Coward

        Re: Or, possibly,

        You'll be voting Trump, I assume?

  2. Will Godfrey Silver badge

    I don't think this is the biggie

    I can't help thinking that someone is demonstrating his attack software to potential 'customers'.

  3. Anonymous Coward
    Anonymous Coward

    Got to wonder, what where the two names they've attacked so far?

    1. Anonymous Coward
      Anonymous Coward

      Attacked ?

      You mean advertised / highlighted / queried, shirly?

      Though I could see a cascade attack where a organization large enough, would accept only root queries... in 1990.

      Anyhoo. Me too.

    2. Anonymous Coward
      Anonymous Coward

      Script kiddie misinterpreted the syntax of the dig command on a domain name? Got the wrong servers?

      Someone testing fault tolerance?

  4. Anonymous Coward
    Anonymous Coward

    Agree with Vixie

    Been operating a network for 17 years and we have egress filtered from day one. Make laws to hold the creators of shite like windows responsible, let them reap what they sow.

    1. robidy

      Re: Agree with Vixie

      Strangely some of the most respected companies didn't back in the 90's and some have still not learned...oh and they're not all using windows!

      Not to mention on your BGP peering sessions you need to manage carefully what traffic you send where...the Chinese um BGP "accident" of a few years ago is one...though there were some more serious ones in the (g)olden days when almost no one had filters on their BGP sessions coz the Internet was geek and niche so crime and spying was limited.

      A number of other very odd routing issues that occur from time to time where traffic seems to get hijacked/re-routed but still arrives just with a strange additional latency.

  5. Crazy Operations Guy

    Add more root servers

    I figure that they can put out a regulation where if you want to run a TLD, you also have to host a root server (and have it verifiable through DNSsec that you haven't tampered with the root zone file). I figure that if you want a piece of the internet, you should be required to also support the rest of it.

    Its not like the root zone is really all that expensive to host anyway. Its a simple 1.1 MB file and it only sees a few queries anyway (the zone only contains NS records for the various TLDs out there, and each has a TTL of either 24 or 144 hours) so any client DNS server would only create, at most, 1.1 MB worth of queries every 1-6 days (And that's assuming that that DNS server is trying to find names in every single TLD out there). And the fact that they are distributed would only reduce that load even further.

    It bothers me that so much of the Internet's basic infrastructure is hosted in a single country that hasn't really shown that its should be trusted with such things. Every country hosting a root DNS server would then add a bit of accountability to world governments.

    In my opinion, we should really move to a distributed DNS type system where a DNS server operator can host the zone files for as much of the internet as they want with each zone being distributed in a signed torrent/diff-file like system. Changes would would be signed by the Authority for each particular TLD (and the root would be authorized by ICANN). Such a system wouldn't need that much engineering to put together. It'd take a while to get it full implemented, but the benefits would be more than worth it.

    A copy of all zone records would be less than 100 GB (Just guessing based off of an estimate that an NS record and an A record for each domain would be about 128 Bytes and .com has 122 Million such domain pairs for 14.5 GB for .com and assuming that .com takes up less than 10% of all domains). Even if all 1172 domains were the size of .com, that'd only be 16.6 TB of DNS data total, so with current storage technology, a DNS server hosting every single 2nd level DNS record in the world for only a few thousand dollars in the worst case.

    1. Tom Samplonius

      Re: Add more root servers

      "It bothers me that so much of the Internet's basic infrastructure is hosted in a single country that hasn't really shown that its should be trusted with such things. "

      Except neither of those things is true. Each root server is not a single server, but just a single IP. Those single IPs represent many, many servers. The article is simply wrong when it says that all but two are in the US. There are root servers on every continent.

      1. Anonymous Coward
        Anonymous Coward

        Re: Add more root servers

        And this appears true to me, at least 2 minutes of google-foo shows that the people who run the root servers show precisely where the root servers are. and there looks to be hundreds of them. When I zoom in on their map it also appears that they are placed (appropriately?) in centres of high population which i guess would also align to high internet populations.

        The article seems on the money to suggest that filtering forged traffic is what is needed as the real fix.

        The BCP Standard quoted looks to be 15 years old. Why has it taken operators this long to adhere to it?

        1. SImon Hobson

          Re: Add more root servers

          > The BCP Standard quoted looks to be 15 years old. Why has it taken operators this long to adhere to it?

          Because it costs to implement it, and it costs nothing to stick your fingers in your ears and go "la la la la".

    2. Medixstiff

      Re: Add more root servers

      "It bothers me that so much of the Internet's basic infrastructure is hosted in a single country that hasn't really shown that its should be trusted with such things. Every country hosting a root DNS server would then add a bit of accountability to world governments."

      Excepting a few countries like China, who have shown to be fiddling around with re-routing, such as with their nice little BGP hijack of a few years ago.

  6. Winkypop Silver badge

    Donald and Bill ?

    Maybe they were just trying to shut down parts of the inter-webs?

  7. Anonymous Coward
    Anonymous Coward

    Enforce filtering

    Isn't it about time Egress filtering was enforced. Surely it is possible to set a reasonable deadline and once that has passed enforce restrictions on those who haven't. Without a big stick providers won't do it - look at ipv6 adoption it's still impossible to get a lot of providers to provide it as they don't see any positive impact on their profits. I guess google could do it as they have with other things by simply stating that they will lower the page rank of any page from a network identified as allowing spoofed traffic.

  8. Anonymous Coward
    Anonymous Coward


    World war 3 kicks off, the internet will need to be taken down or at least "handled",

    They can't have the people on the ground exchanging information and certainly not anything factual or real-time.

    There will probably be some level of residual "Internet" service as that will help the planning, if you know what people are concerned about you can tailor events to suit.

    1. chivo243 Silver badge

      Re: When


      we have been fighting WW III for quite some time now. It just doesn't have a label.

    2. Flywheel

      Re: When

      You (they) will probably take down the Internet, but with so many developments in mesh computing and small-board computing developments, you'll probably find there'll still be a useful amount of communication taking using Internet technologies/protocols.

  9. Anonymous Coward
    Anonymous Coward

    Nah, it's probably just a bug in Windows where the hosts file is being ignored.

    Now everyone's machines are trying to resolve ad sites.

    1. Flywheel

      S'funny - all the ad sites I know of are at - who needs adblockers :)

      1. Anonymous Coward
        Anonymous Coward

        Hey! That's my IP address!

        (I bet you haven't heard that one before...)

        1. robidy

          Anyone one remember David Evnull?

  10. Nick Davey

    But I thought...

    after watching the second Avengers movie that all Internet traffic was routed through a magical building in Oslo.... you mean to tell me that Scandinavia isn't the centre of the Internet?

    Can we not send Tony Stark in to sort it all out?

    1. The March Hare

      Re: But I thought...

      Actually the internet is located in a black box on Jen's desk - here:

      I think you hack it with a can opener or something.

  11. Anonymous Coward
    Anonymous Coward

    Why do they need a reason for doing this other than the bragging rights of being able to say "I was the person that broken the Internet". Ok, they are probably / hopefully clever enough to not start telling people but if you were into this sort of thing wouldn't that be the ultimate prize?

    Another possibility is that this is an attack by a nation state, probably the US, to test the resilience of the root servers / basic structure of the Internet. In the great scheme of things the attack was sort of pointless. The basic design of the DNS system is to be distributed and anyone attacking it will know that and would know that taking out a few root servers isn't going to have any effect. If you were a nation that wanted to find out how hard it was to take out the Internet though this is a very interesting experiment. You know how much traffic is needed and you know how well they can respond to the attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like