Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DNS Root Servers Attacked

kdawson posted more than 7 years ago | from the flexing-muscles dept.

Security 311

liquidat and others wrote in with the news that the DNS Root Servers were attacked overnight. It looks like the F, I, and M servers felt the attack and recovered, whereas G (US Department of Defense) and L (ICANN) did less well. Some new botnet flexing its muscle perhaps? AP coverage is here.

Sorry! There are no comments related to the filter you selected.

asdfadsf (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17912810)

asdfadshj

Thank goodness... (4, Interesting)

NerveGas (168686) | more than 7 years ago | (#17912852)

... for resolving caches.

Thank goodness... (5, Funny)

kevin_conaway (585204) | more than 7 years ago | (#17913122)

... for resolving caches.

Thank goodness... (4, Funny)

ZiZ (564727) | more than 7 years ago | (#17913448)

... for resolving caches that never fnord give any sort of bogus or out of date new coke results!

Ban all Microsoft Users from the Internet... (2, Insightful)

Marcion (876801) | more than 7 years ago | (#17914030)

...Botnet disabled, job done!

Re:Ban all Microsoft Users from the Internet... (4, Insightful)

NerveGas (168686) | more than 7 years ago | (#17914406)

It's nice to think that, but I don't *entirely* agree with it.

Microsoft is an easy target, given the insanely large user-base. However, if those users suddenly switched to Linux, it's doubtful that their practices would stop - they'd still install whichever distribution looked the best, installed 134 unneeded services and enabled them all by default, open unsafe attachments, and never update their computer.

In every operating system I've seen yet, security is an inconvenience. While you and I think that the tradeoff is worth it, we will always be outnumbered by people who think that it isn't. People who log in as "Administrator" would just as quickly read their email and browse porn sites as "root". Sad, but true.

Spam (1, Funny)

eviloverlordx (99809) | more than 7 years ago | (#17912870)

Some new botnet flexing its muscle perhaps?
Nah, someone just sent some spam. All those lookups, since everyone is on the list about a hundred times.

Re:Spam (2, Insightful)

TheRaven64 (641858) | more than 7 years ago | (#17913274)

Spam would only cause it if the addresses didn't end with commonly cached TLDs. On the other hand, I keep logging in to phishing sites with the email address yeah@nice.try, so maybe a lot of other people had similar ideas and someone tried to spam the list of harvested address without any sanity checking...

Re:Spam (1)

John Hasler (414242) | more than 7 years ago | (#17913714)

> ...I keep logging in to phishing sites with the email address yeah@nice.try...

Please use either .invalid or example.com.

Re:Spam (1)

Tanktalus (794810) | more than 7 years ago | (#17914178)

I get why that's a preference - those domains are reserved for use in examples such that they will never actually be available for real, live, production use. On the other hand, I'm pretty sure that any programmer worth his salt would have checks against that, fingering your email address as bogus and try again - or just discard it, wasting no resource on it. Which entirely defeats the purpose that the GP post has: to waste phishing site resources.

Re:Spam (1)

fireman sam (662213) | more than 7 years ago | (#17914288)

YOU BASTARD. That is my email address. Now you're in trouble. I know where you live.

*just kidding* (I don't know where you live yet)

More likely (1, Funny)

srodden (949473) | more than 7 years ago | (#17913364)

More likely, someone posted something interesting on a root server and they got slashdotted :)

Oh (5, Funny)

Anonymous Coward | more than 7 years ago | (#17912876)

Oh!!! So that's what that button does.

so a lot of it was from South Korea.... (4, Funny)

Ralph Spoilsport (673134) | more than 7 years ago | (#17912878)

OK you South Korean Hackers... What say we let the Dear Leader north of your border come down and show you a little something about responsibility...hmmmm???

Stupid little freaks.

RS

Re:so a lot of it was from South Korea.... (1)

Yaksha42 (856623) | more than 7 years ago | (#17912920)

kekekekekekeke

Re:so a lot of it was from South Korea.... (0)

Anonymous Coward | more than 7 years ago | (#17914038)

You know, somehow this would be funnier if you stuck to "kek."

Re:so a lot of it was from South Korea.... (4, Insightful)

NerveGas (168686) | more than 7 years ago | (#17912998)

They don't go into a lot of detail, but it's entirely possible that the bots in South Korea were, in fact, being controlled from somewhere else. I'd say that it's even *likely*.

Re:so a lot of it was from South Korea.... (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17913418)

So it could have been a government exercise turned into a convenient "ooh-ahh!" media story?

Re:so a lot of it was from South Korea.... (1)

NerveGas (168686) | more than 7 years ago | (#17914330)

It could, but it's more likely that it's either (a) a profit-driven scoundrel or (b) a bored young male somewhere in the world, testing something out. Cyber-crime isn't just for Nigerian kids in Internet cafes or bored young punks, organized crime from all over the world have moved quite heavily into the scene.

Re:so a lot of it was from South Korea.... (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17913000)

OK you South Korean Hackers...

All that means is the Botnet was mostly infected computers from South Korea, given the penetration of broadband in that nation its not that surprising. And if it leads to the rest of the intrnet cutting off South Korea, that benefits the North.

Stupid little freaks.

You would think Slashdotters would at least understand this basic fact. *sigh*

Re:so a lot of it was from South Korea.... (4, Insightful)

erbmjw (903229) | more than 7 years ago | (#17913090)

Perhaps you and I are reading the article differently, is this the passage you are refering to?

Experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.
That doesn't say to me that the attack originated in South Korea, but rather that many computers in South Korea were being used as botnet zombies.

Only old people in South Korea use... (1)

Wabbit Wabbit (828630) | more than 7 years ago | (#17913408)

oh, wait.

Re:so a lot of it was from South Korea.... (2, Insightful)

Rithiur (736954) | more than 7 years ago | (#17913500)

With the country's software locked to Windows and Internet explorer [slashdot.org] , is this honestly a big surprise?

Re:so a lot of it was from South Korea.... (1)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#17913732)

South Korea has great residential broadband. It must be a premium place to recruit zombies.

Re:so a lot of it was from South Korea.... (2, Funny)

skoaldipper (752281) | more than 7 years ago | (#17914084)

It is. I can't beat a single one of 'em at Starcraft.

Re:so a lot of it was from South Korea.... (2, Interesting)

MadHakish (675408) | more than 7 years ago | (#17913984)

I think the fact that South Korea has something like 99% of connected computers running windows makes them an easy target for infectable machines just based on sheer volume. Combine that with the outstanding penetration of very high-speed internet connectivity and just about everything in the country is running an OS with a poor history of security on a very fast connection..

In order to make a secure transaction over the internet in South Korea you have to be able to run IE, and ActiveX controls to establish your secure link as the result of a deal with M$ in '97 to provide an encryption and authentication mechanism for internet based transactions using the web iirc.. (OpenSSL wasn't a standard yet - that was '98)

This is the same reason the the Ministry of Information and Communication of South Korea urged its citizens not to upgrade to Vista.

http://english.chosun.com/w21data/html/news/200701 /200701240013.html [chosun.com]

Re:so a lot of it was from South Korea.... (1)

cypherz (155664) | more than 7 years ago | (#17914254)

If I had mod points I would mod you up just for the Firesign Theatre reference.

"aw heck no, I'm gonna take off my shoes, climb a tree and learn to play the flute!"

Re:so a lot of it was from South Korea.... (5, Insightful)

Anonymous Coward | more than 7 years ago | (#17914334)

South Korea has :
  1. Almost a 100% windows monoculture (really), because they standardised on an ActiveX control for secure banking etc before SSL was standardised, and everything still needs it
  2. Dirt cheap, fast broadband
  3. Fairly rampant piracy, hence many unpatched machines
Put it together and you get botnet paradise.

And...??? (4, Insightful)

Anonymous Coward | more than 7 years ago | (#17912886)

Um, so how many times a day do the root servers get attacked? No, wait, an hour, a minute... Like a ba-gillion? These things happen everyday, so what's new? It's not like they haven't figured out the whole failover/fault tolerance thing. You'd have to nuke 'em to get them to stop running.

Re:And...??? (0)

Anonymous Coward | more than 7 years ago | (#17913482)

Even nukes can't stop it! Or at least they shouldn't, since the internet was originally designed to run as a communications network in the event of a nuclear attack.

Re:And...??? (4, Funny)

Dunbal (464142) | more than 7 years ago | (#17914278)

the internet was originally designed to run as a communications network in the event of a nuclear attack.


pH34r enters IRC channel D4 3nD 0 d4 W3r1d

pH34r: dude, like, they just totally nuked chicago
d4 b0s5: wtf?
pH34r: I ain't shittin you man, I can see teh mushyroom cloud
d4 b0s5: OMG! w3 gots to lunch our nuxzors now!
m1551l3 5i10 d00d: nuxzors ftw!
pH34r: woot!
d4 b0s5:wooot!

etc...?

nuke 'em (1)

nurb432 (527695) | more than 7 years ago | (#17913586)

Hey.. thats not a bad idea.

Re:nuke 'em (3, Funny)

Tumbleweed (3706) | more than 7 years ago | (#17913830)

It's the only way to be sure.

From orbit! (1)

skymt (968075) | more than 7 years ago | (#17913880)

It's the only way to be sure...

Re:And...??? (1)

winomonkey (983062) | more than 7 years ago | (#17914206)

That will happen when the attacks are traced to North Korea.

slashdotted (5, Funny)

deopmix (965178) | more than 7 years ago | (#17912916)

It's fine they are just slashdotted, give it an hour or two and they will be running just fine again.

Re:slashdotted (1)

Basehart (633304) | more than 7 years ago | (#17913522)

Are you an AI? There's something not quite human about the delivery of your joke.

Re:slashdotted (1)

deopmix (965178) | more than 7 years ago | (#17914022)

haha, it's the lack of contractions. I was to lazy to spend the half second to figure out if it was their, or there, or they're, and i didn't want to get bitched at by the grammar Nazi's.

Re:slashdotted (5, Funny)

jrockway (229604) | more than 7 years ago | (#17914372)

> i didn't want to get bitched at by the grammar Nazi's.

It's "I", not "i". It's "Nazis" not "Nazi's".

This has been a public service announcement.

Re:slashdotted (1)

Basehart (633304) | more than 7 years ago | (#17914454)

:-) just checking.

Why am I not surprised that Defense did poorly... (2, Interesting)

Panaqqa (927615) | more than 7 years ago | (#17912926)

Perhaps it is unfair of me to say so, but I get the distinct impression that large governmental organizations do not do very well in terms of security until the attack vector is pointed out to them. After that, sometimes they do very well (often using overkill methods), sometimes they do less well - but something usually has to kick the learning curve process into gear.

Proactive (1)

Yaksha42 (856623) | more than 7 years ago | (#17912980)

Proactive really isn't in the government's vocabulary.

The same usually applies to IT in general.

Re:Why am I not surprised that Defense did poorly. (4, Insightful)

timeOday (582209) | more than 7 years ago | (#17913288)

Don't make the assumption that all DNS servers were attacked equally though.

Re:Why am I not surprised that Defense did poorly. (1)

Panaqqa (927615) | more than 7 years ago | (#17913392)

Very good point. ut is Defense was in fact targeted and attacked more heavily, then that has potentially ominous undertones beyond the basic fact of a partially successful attack.

That's a pretty bold accusation (5, Insightful)

Flavio (12072) | more than 7 years ago | (#17913650)

You suggest that the Department of Defense's nameserver is badly managed, making an argument by analogy concerning "large governmental organizations". Since you haven't provided a technical argument, your accusation has no merit. Your "distinct impression" is pure speculation.

But congratulations on getting everyone riled up.

Re:Why am I not surprised that Defense did poorly. (0)

Anonymous Coward | more than 7 years ago | (#17914452)

OR maybe the DoD doesn't really need such a large server as the entire rest of the internet combined, and really *anyone* shuts down under a large enough DDoS attack?

and? (2, Insightful)

ReTay (164994) | more than 7 years ago | (#17912930)

Is it just me or is going after servers that people expect up to 3 business days to update not the best way to go? You would have to sustain the attack for a long time for the average joe to notice.
Not that I am complaining, one less bot net to worry about.
Good thing that they apparently never heard of routers though.

Re:and? (4, Insightful)

NerveGas (168686) | more than 7 years ago | (#17913114)

While it's not exactly an entirely effective attack - resolving caches will, for the most part, insulate end-users from the effects for anywhere from a few hours to a few days - it could be simply an experiment. If you suppose that this was perpetrated by someone who is intent on causing mayhem, they could have been testing how well their attack would work, in order to plan a much larger one which would bring down *all* of the root name servers, and for long enough to really make people feel the squeeze.

It's a dumb, brute-force type of approach. A much, MUCH more effective way would be to simply find an appropriate flaw in IOS to exploit...

steve

Re:and? (1)

TooMuchToDo (882796) | more than 7 years ago | (#17913630)

Not all of the root servers may sit behind Cisco equipment

Re:and? (2, Interesting)

NerveGas (168686) | more than 7 years ago | (#17914162)

It doesn't matter, it's virtually guaranteed that the path between your resolver and the root name servers involves at least *one* Cisco router.

And in the unlikely event that it doesn't, it's just as likely that the path between you and where you want your traffic to go involves at least one Cisco router. Between the two, if someone were clever, capable, and dedicated, they could disrupt enough of the Internet to make it 99% unusable.

Motive? (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#17913900)

>they could have been testing how well their attack would work

Good insight, but why attack the root servers in the first place?

The days when people tried to burn down the Internet just to watch the flames dancing ended a few years ago. It's about profit now. If a crook launches a DDoS on a gambling site the day before the Super Bowl, that crook can extort money. Crooks can also make crooked money from click fraud or spam runs.

Where's the money in taking down the root DNS servers? Why would a crook throw away the black market value of a botnet to do something that wouldn't bring in loot?

Re:Motive? (1)

catmistake (814204) | more than 7 years ago | (#17914208)

Exactly. I think this is key in understand what's happened here -- that the attack doesn't make sense, either for testing or otherwise. Maybe the origins of the attack are extra-terrestrial (in the form of a malicious but idiotic A.I.) Rogue botnet? Skynet Jr Jr?

Re:Motive? (1)

NerveGas (168686) | more than 7 years ago | (#17914268)

> Good insight, but why attack the root servers in the first place?

There are still people who see the Internet as being one of the roots of all evil, or as it being one large American/Western institution, and there are still people who just like to be jerks.

The first two haven't (so far) really had the right combination of resources to do something terribly bad to the Internet, and as time goes on, the last one has definitely faded away - but that's not to say that they're not out there.

We seem to agree that for any of the motives we've guessed at, there would have been other attacks which would have been more useful at achieving their goals. Still, even if it doesn't make sense, someone just did it - proving that there are still folks out there who are looking to throw a wrench in the works, and their motives don't really matter a whole lot to the people and businesses who suffer when there are problems with the Internet. It only takes a few jerks to inconvenience a whooooole lot of people...

It's also possible that the root servers were just a test target, that once they're ready, they'll go after their *real* target.

steve

Re:and? (3, Interesting)

timeOday (582209) | more than 7 years ago | (#17913250)

Not that I am complaining, one less bot net to worry about.
No kidding. I'm always impressed how I never even notice these things until they hit the news afterwards. I don't think there's been anything you could reasonably call a general Internet outage in the last 15 years. I guess you could say of course not, because the Internet isn't "a thing," it's a bunch of separate things that just happen to be willing to talk to each other. To which my answer is, I'm sure glad they planned it that way.

Besides, DNS is for wussies anyways. Real men don't need user-friendly names for their ip addresses :) But seriously, I can imagine the Web still being useful without DNS if search engines linked to IP addresses instead of hostnames. And now that email is largely a WWW service (hotmail, gmail...) a big chunk of it could survive too.

Re:and? (4, Interesting)

Feyr (449684) | more than 7 years ago | (#17913430)

actually, there was one.

i dont remember the actual day/month/year, but maybe 3 years ago: MCI updated a bunch of routers, all at the same time, and screwed it up. a lot of people in north america were without internet for up to a day. i think this qualifies as major :)

Re:and? (0)

Anonymous Coward | more than 7 years ago | (#17914008)

The nice thing about the Internet is that even a major screw up like this affected only "a lot of people in north america". That is actually still just a tiny fraction of this whole Internet you speak of.

Re:and? (1)

Watson Ladd (955755) | more than 7 years ago | (#17914074)

That would be a Bad Thing. The reason we have DNS is so that server IP's can change. With the coming of IPv6, IP addresses would be tied to geography, so when your server moved, the search engine would lose track of your site.

Re:and? (1)

NittanyTuring (936113) | more than 7 years ago | (#17914458)

Besides, DNS is for wussies anyways. Real men don't need user-friendly names for their ip addresses :) But seriously, I can imagine the Web still being useful without DNS if search engines linked to IP addresses instead of hostnames. And now that email is largely a WWW service (hotmail, gmail...) a big chunk of it could survive too.
Let's take Google as an example. Google generates search results by looking at links. Links include URLs. URLs include domain names. So, Google depends on the existence of DNS to calculate PageRank. If we drop DNS altogether, all URLs on the WWW will need to be switched to IP addresses. Unless, Google wants to server a viable replacement mechanism for DNS that is driven by the search engine. For example, instead of linking to bmw.com, you would link to some-google-static-ip-address/feeling-lucky/q=bmw.

Insightful? (2, Informative)

xyphor (151066) | more than 7 years ago | (#17914322)

The root servers are the authoritative DNS servers for the top level domains (TLDs) - i.e. .com, .net, .edu, etc.... This has nothing to do with the "3 business day" thing you're talking about. Even the TLD servers aren't responsible for that delay. You're referring to the time it takes for non-authoritative DNS servers to clear their caches. Big difference....certainly not "insightful". /x

Team name spelling their initals in the snow (-1, Offtopic)

DarkLegacy (1027316) | more than 7 years ago | (#17912932)

EFIMGL... LIFE GM. (Grandmaster) Apparently some group isn't 'flexing their muscle' as you so put it but probably spreading their initals in the form of taking down DNS servers corresponding with their team name.

Re:Team name spelling their initals in the snow (1)

milamber3 (173273) | more than 7 years ago | (#17913132)

Look at the graphs and the article I don't see anything indicating that E was attacked. Did you just add whatever letter you needed to make your theory work?

Re:Team name spelling their initals in the snow (5, Funny)

geedra (1009933) | more than 7 years ago | (#17913168)

In that case, it's GMILF. That's right, DNS is operated by a ring of hot grandmothers.

Re:Team name spelling their initals in the snow (0)

Anonymous Coward | more than 7 years ago | (#17913442)

mod parent up as insightful you fucking troll mods

does that mean the internet is down? (5, Funny)

skynare (777361) | more than 7 years ago | (#17912982)

i can still visit slashdot. i think my dell pc has a back up of the internet.

Re:does that mean the internet is down? (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17913066)

lol

Re:does that mean the internet is down? (1)

MTgeekgirl (901747) | more than 7 years ago | (#17914146)

i can still visit slashdot
That just shows that our series of tubes are big enough to dump enormous amounts of material in.

RIPE DNS monitoring (0, Redundant)

whathappenedtomonday (581634) | more than 7 years ago | (#17913020)

graphs here [ripe.net]

Re:RIPE DNS monitoring (-1, Redundant)

OverlordQ (264228) | more than 7 years ago | (#17913080)

Thank you for pointing out the same URL that is in the fraking submission.

Kudos to you!

Re:RIPE DNS monitoring (0, Redundant)

whathappenedtomonday (581634) | more than 7 years ago | (#17913322)

tehe, that explains why the site is so damned slow.

Proudly posting without having RTFA or even the summary :)

Actually... (5, Funny)

creimer (824291) | more than 7 years ago | (#17913082)

Some new botnet flexing its muscle perhaps.

That was a test system [youtube.com] for installing Windows Vista that someone forgot to unplug from the wall.

G and L still having problems (1, Funny)

Anonymous Coward | more than 7 years ago | (#17913342)

oogle.com searches are coming up empty and lashdot.org (the news blog for nerdy optometrists) remains unreachable.

Of Course! (1)

Lithdren (605362) | more than 7 years ago | (#17913344)

F, I, M, G, and L?

Hmm...

LIG FM.

Clearly this attack was started by a terrorist radio station. Heck of a marketing ploy, that one! Quick! Where is LIG FM?! I believe i've seen things like this before [slashdot.org] .

Re:Of Course! (5, Funny)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17913502)

I'm sorry, I think you got that wrong.

Try this MILF,G.
Mom's I'd like to fuck, Giggidy giggidy giggidy.
This attack was clearly perpetrated by none other than Glen Quagmire.

Re:Of Course! (1)

BAKup (40339) | more than 7 years ago | (#17914044)

You're both wrong, it's a WoW player.

IM LFG

I'M Looking For Group(For those people who don't know what WoW is)

Re:Of Course! (2, Funny)

forkazoo (138186) | more than 7 years ago | (#17914222)

I'm sorry, I think you got that wrong.

Try this MILF,G.
Mom's I'd like to fuck, Giggidy giggidy giggidy.
This attack was clearly perpetrated by none other than Glen Quagmire.
Oh. I was wondering why the hacker was pointing out
I Like Milking Grand Fathers...

move along, nothing to care about (5, Informative)

Geekboy(Wizard) (87906) | more than 7 years ago | (#17913400)

the root servers are setup in such a way that *2/3* of them can fail, and noone would notice.

[RFC2870]
      2.3 At any time, each server MUST be able to handle a load of
              requests for root data which is three times the measured peak of
              such requests on the most loaded server in then current normal
              conditions. This is usually expressed in requests per second.
              This is intended to ensure continued operation of root services
              should two thirds of the servers be taken out of operation,
              whether by intent, accident, or malice.

Re:move along, nothing to care about (5, Interesting)

Feyr (449684) | more than 7 years ago | (#17913468)

and consider that these so called "root servers" are actually several hundreds (thousands?) of servers, in different physical locations. i think i remember mr vixie saying F alone had around 200 machines

Re:move along, nothing to care about (1)

Ruvim (889012) | more than 7 years ago | (#17914238)

so, wouldn't the (temporary) demise of G server just underline the scope and severity of attack then?

Re:move along, nothing to care about (1)

sebc_deepspace (944759) | more than 7 years ago | (#17913616)

Aww that means me and my 1.5mb adsl connection cannot take an entire root cluster out :( Thanks for ruining my day!

No big deal (1)

madsheep (984404) | more than 7 years ago | (#17913514)

No big deal folks. Who doesn't remember the IPs for all the websites they visit anyway. I don't know about you guys but I surf the web by IP and provide the hostname myself!

Re:No big deal (1)

gardyloo (512791) | more than 7 years ago | (#17914274)

Right! I visit 127.0.0.1 all the time.

Media: tie attack to likely Windows botnets (2, Informative)

kad77 (805601) | more than 7 years ago | (#17913618)

Mr. Bill recently said this:

"We made it way harder for guys to do exploits," said Mr. Gates. "The number [of exploits] will be way less because we've done some dramatic things [to improve security] in the code base. Apple hasn't done any of those things."

In another portion of the interview, he added, "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."

See article: http://www.toptechnews.com/story.xhtml?story_id=49 854 [toptechnews.com]

Microsoft needs a public shaming for the sorry state of Windows security that allows millions of these zombie machines to exist. I don't blame Joe User, sorry. No holy wars about security; statements that user should do x, y, z and be as smart as me, etc.

Windows: Defective By Design

Sad to see him spin it that way... (0)

Anonymous Coward | more than 7 years ago | (#17914460)

> In another portion of the interview, he added, "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."

Yeah, the Month of Apple Bugs--it's not like Microsoft hasn't ever had something like that. Hell, I wouldn't think it was that much of a challenge. True, Apple could use some improvements, but the exploits presented were dangerous, but not that bad if you want to compare them to the worst, i.e. Windows. There may have been quite a few exploits, but what was the exposure window like?

I mean, when you have all the XP machines running IE 6 0wnable for 9 months of 2006 [washingtonpost.com] , is it any surprise that Windows is the botnet drone of choice? Bill is not one who should be talking here. Hopefully they *are* improving, but they have a LONG way to go...

South Korea, eh? (4, Interesting)

Quantam (870027) | more than 7 years ago | (#17913624)

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.

Somehow that doesn't surprise me. This is the same country that uses insane amounts of ActiveX, and has the effect of conditioning people to click "Yes" whenever any site tries to install something, right? Wouldn't be any surprise if South Korea was one big botnet.

Re:South Korea, eh? (1)

Dunbal (464142) | more than 7 years ago | (#17914156)

Wouldn't be any surprise if South Korea was one big botnet.


      Run by the one internet machine in N Korea?

Re:South Korea, eh? (2, Interesting)

element-o.p. (939033) | more than 7 years ago | (#17914294)

Wouldn't be any surprise if South Korea was one big botnet.

Have you ever looked in the log files of a mail server? S. Korea is one big botnet. Any time I find an IP address that reverses to a Korean ISP, I blacklist the entire class C--especially if it's a kornet.net or hanaro.com IP address.

130+ root servers (3, Interesting)

karl.auerbach (157250) | more than 7 years ago | (#17913678)

A few years ago the root server operators (on their own initiative and without asking for, or obtaining, permission from ICANN) took the wise step of deploying replica servers using a routing technique called "anycast". Thus under the name of, for example, f.root-servers.net there are many distinct servers geographically dispersed.

Consequently today we have more than 130 root servers scattered around the world.

That's good. It tends to localize the damage caused by attacks.

What is not good is that these root server operators, although they today operate to the highest of standards and with the highest degree of integrity, are not required to do so in the future.

For example, several root servers are operated by the US military establishment or by other branches of the US government and are thus subject to being "adjusted" according to military, political, or Atty General Alberto Gonzolez's latest desire to do data mining.

Nor are the root servers required to play fair and respond to all queries with equal dispatch or equal accuracy no matter the source or the name being queried for.

Nor are the root servers off limits for sale to companies like Microsoft or Google who could use them for commercial data mining.

Many people believe that ICANN serves as a kind of fire marshall, overseeing that the root servers are operated responsibly and that the root server operators have access to the resources they might need to recover from a natural or human disaster.

But that is not the case. ICANN has abrogated that role and has engaged itself as a protector of trademarks and US cultural values.

Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.

Re:130+ root servers (2, Insightful)

Thundersnatch (671481) | more than 7 years ago | (#17914448)

Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.

Wow, you have that entirely backwards. The last few thousand years have tought us that institutions generally suck at fulfilling the needs of the people. Monarchies, Feudalism, the Inquisition-era Catholic church, and Soviet Russia were all the biggest, most far-reaching institutions of their day.

Thomas Jefferson and his cronies decided there was a better way. I agree with him, so I'll take a handful of determined, skilled, like-minded individuals over an "institution" a any day. I can guarantee you if all the root servers were in the control of an "institution", that institution would still be doing feasibility studies on anycast routing and crying for more money from the UN as they only way to prevent DDoS attacks.

Send the repair bill to Microsoft (0, Flamebait)

Marcos Eliziario (969923) | more than 7 years ago | (#17913762)

Some years ago, the South Koreans standardized their on-line experience on ActiveX. Everything, from online banking, to school websites has some kind of a friggin ActiveX applet. Because of that, most south Koreans are used to allow activex controls to be installed on IE. This explains why so much of the attacks, according to TFA, came from there. So, nothing more fair than sending the bill to Microsoft (no pum intended). Seriously, if the attack has succeeded, it would have changed life as we know it.

It was like the lost chord.... (1)

postbigbang (761081) | more than 7 years ago | (#17913770)

Someone did a query

53 security.microsoft.com ptr

The record that cannot be resolved.

interesting timing re: DNS things (1)

Tumbleweed (3706) | more than 7 years ago | (#17913788)

I just installed a caching-only nameserver on my home machine last night. Nice speed boost. Not that has anything to do with this other than being DNS. I'm just sayin'. I hope my install didn't mess up the root servers. :)

More root servers? (4, Insightful)

TooMuchToDo (882796) | more than 7 years ago | (#17913886)

Silly question. Why aren't there more root servers put into operation? (Honest question! I seriously don't know. Is it a technical limitation?)

Re:More root servers? (5, Informative)

Yaksha42 (856623) | more than 7 years ago | (#17914060)

http://en.wikipedia.org/wiki/DNS_root_zone [wikipedia.org]

The root DNS servers are essential to the function of the Internet, as so many protocols use DNS, either directly or indirectly. They are potential points of failure for the entire Internet. For this reason, there are 13 named root servers worldwide. There are no more root servers because a single DNS reply can only be 512 bytes long; while it is possible to fit 15 root servers in a datagram of this size, the variable size of DNS packets makes it prudent to only have 13 root servers.

Re:More root servers? (1)

TooMuchToDo (882796) | more than 7 years ago | (#17914276)

Thanks for the info. I should've known better to go look at Wikipedia first.

Re:More root servers? (4, Informative)

Tim the Gecko (745081) | more than 7 years ago | (#17914438)

Although there are only 13 IP addresses some of them are used by multiple physical servers. Wikipedia again...

the C, F, I, J, K and M servers now exist in multiple locations on different continents, using anycast announcements to provide a decentralized service. As a result most of the physical, rather than nominal, root servers are now outside the United States
Last year the K server alone was present in 17 places. Examples are Delhi, Novosibirsk and Miami. Another poster above says the total for A through M is 130 servers, which is impressive!

laugh (1)

Danzigism (881294) | more than 7 years ago | (#17913992)

this kind of shit just makes me laugh.. malicious hackers, korean and romanian and all the rest, are so god damn retarded.. one day they will surely succeed in taking down the internet.. they'll be sittin' on IRC with all their little stupid hacker friends.. the convo will probably go a little something like this:

[`h4x0r15`] K R U REDDIE !?!?

[MinGaw14f] LOLZ YEE.. DOIT!!!

[`h4x0r15`] OKIES HERE I GO!!

* `h4x0r15` takes down internet

** Disconnected: []

`h4x0r15` IRL: "shit.. why the hell did i do that again?? there goes my night of watching videos on youtube and talking with my IRC buddies.."

An article on a DDoS attack (2, Funny)

kestasjk (933987) | more than 7 years ago | (#17914012)

... gets slashdotted, what an irony.

Does Anybody Still Distrubute Hosts Files? (1)

xquercus (801916) | more than 7 years ago | (#17914054)

I wonder if it's worthwhile to auto generate a hosts file that covers the larger ISPs, corporations and government agencies? Would it be useful in the event of an extended root nameserver outage? It's use would be limited I guess as I don't know of a way to include, for example, the equivalent of MX records in a hosts file. Host to host email would certainly work.

Perhaps auto generating DNS zone files for certain networks. Pop it into your local DNS server and you are up and running (with limitations of course). Perhaps extract the data in the DNS cache and create incomplete zone files. Should an extended outage occur, wouldn't it be useful to easily use certain communication services such as IRC? email?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?