back to article DNS root server attack was not aimed at root servers – infosec bods

The internet's root servers were not the target of a distributed denial-of-service (DDoS) attack in December which for a short time took out four of the 13 pillars of the global network. That's according to two security researchers who will present their findings at a conference in Argentina on Friday. Instead, they conclude …

  1. Herby

    If they can RRL networks... about for spammers. Lots of people would be grateful. Then again, I would like a nice targeted response to them (which mentioning it might land me in the hoosegow).

  2. Mpeler


    I wonder if Duane would (has?) named one or more of his children "Nuclear".

    Then Chekov could stop by and say "can you tell us where (the) Nuclear Wessels are?"...

    (Apologies to Checkov, Kirk, Spock, and everyone else)...

  3. Yes Me Silver badge

    Ingress filtering

    If only ISPs would do what they're supposed to do.

  4. Mark 85 Silver badge

    Was it a test?

    Hitting two basically meaningless domains in China just feels odd like maybe someone (a state actor?) were testing defenses and attack modes. It was obviously well coordinated since it involved 895M IP addys.

    1. Flat Phillip

      Re: Was it a test?

      Not really hard to send stuff from 895M addresses; you can build programs that send it from just over 4 billion addresses. Now; if they were sending it from more than 5 billion addresses and using IPv4 then I'd be impressed.

      I'm surprised source IP filtering is still not in yet (and yes I'm quite aware of some of the pitfalls of it). Doesn't make sense for consumer type lines and for the vast majority of commercial ones too.

  5. Anonymous Coward
    Anonymous Coward

    BillGates Malware?

    Finally the world is wising up to the danger of windows

  6. Anonymous Coward
    Anonymous Coward

    Bad idea

    "to develop a liability model that would penalize network operators that allow attack traffic to flow across their networks"

    This would require ISPs to monitor all Internet traffic within their part of the network - who pays the cost of this (the consumer) and worse, who decides what 'attack traffic' is.

    Is attack traffic using 'hurtful' language, so you lose youe free speech.

    Is it lots of people legitimately using a Web site that has too little bandwidth to cope.

    Who decides?

    1. Anonymous Coward
      Anonymous Coward

      Re: Bad idea

      At a general level it's a bad idea due to the complexities of categorising 'attack traffic' but that traffic clearly associated with non-compliance of BCP38 (which is what permits spoofing) ought to be measurable and subject to penalty. I'm of the impression that comms providers mutually benefit from this so it stands to reason that they ought to be able to collaborate and ostracise those who are non-compliant.

      Good article here -

  7. mythicalduck

    The researchers identify that it was a specific attack (as opposed to a random error) with command and control instructions being identified, and that the attack occurred through a botnet that used the well-known "BillGates" malware.

    Wow, people really don't like Microsoft or Windows any more, do they?!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022