Distributed denial of service attacks on root nameservers

Distributed denial of service attacks on root nameservers are Internet events in which distributed denial-of-service attacks target one or more of the thirteen Domain Name System root nameservers. The root nameservers are critical infrastructure components of the Internet, mapping domain names to Internet Protocol (IP) addresses and other resource record (RR) data. Attacks against the root nameservers can impact operation of the entire Internet, rather than specific websites.

Attacks

October 21, 2002

On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers.^[1]

This event was the first significant attack directed at disabling the Internet itself instead of specific websites.^{[citation needed]} This was the second significant failure of the root nameservers. The first caused the failure of seven machines in April 1997 due to a technical problem.^[2]

February 6, 2007

On February 6, 2007 an attack began at 10 AM UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly suffered badly while two others (F-ROOT and M-ROOT) experienced heavy traffic. The latter largely contained the damage by distributing requests to other root server instances with anycast addressing. ICANN published a formal analysis shortly after the event.^[3]

Due to a lack of detail, speculation about the incident proliferated in the press until details were released.^[4]

On February 8, 2007 it was announced by Network World that: "If the United States found itself under a major cyberattack aimed at undermining the nation's critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch [...] an actual bombing of an attack source or a cyber counterattack."^[5]

References

1. Vixie, Paul; Gerry Sneeringer, Mark Schleifer (2002-11-24). "Events of 21-Oct-2002". http://www.isc.org/f-root-denial-of-service-21-oct-2002. Retrieved 2008-07-11. 
2. "Router glitch cuts Net access". CNET News.com. 1997-04-25. http://news.com.com/Router+glitch+cuts+Net+access/2100-1033_3-279235.html. Retrieved 2008-07-11. 
3. "Factsheet - Root server attack on 6 February 2007". ICANN. 2007-03-01. http://www.icann.org/announcements/factsheet-dns-attack-08mar07.pdf. Retrieved 2008-07-11. 
4. Kristoff, John (2007-07-27). "Root DDoS Attack Analysis". DNS-OARC. https://www.dns-oarc.net/files/dnsops-2007/Kristoff-Feb07-attacks.pdf. Retrieved 2009-09-09. 
5. Messmer, Ellen (2007-02-08). "U.S. cyber counterattack: Bomb 'em one way or the other". Network World, Inc. http://www.networkworld.com/news/2007/020807-rsa-cyber-attacks.html. Retrieved 2008-07-11. 

External links

• Significant Internet events
• Internet Traffic Report's synopsis
• D Root Server's operational report of the attack
• InformationWeek article on February 2007 attack
• Robert Lemos (October 22, 2002 7:40 PM PDT). "Assault on Net servers fails". CNET news.com. http://news.com.com/2100-1001-963005.html. Retrieved 2012-01-02.