Aucklander Nevil Brownlee found he was the holder of vital information about Monday's major hacker assault on the core infrastructure of the internet.
Brownlee, who spends six months of the year in San Diego working for the CAIDA (Cooperative Association for Internet Data Analysis) organisation, monitors the performance of the 13 root servers, which were hit by a distributed denial of service attack. Not long after, all but two of the 13 GTLD (generic top-level domain) servers were also struck.
The root servers hold the IP addresses for the world's country domains. The GTLD servers control top level domains such as .com, .net and .org.
The attacks, which lasted an hour, are being investigated by the US FBI's National Infrastructure Protection Center.
Four or five of the root servers kept working during the attack and internet traffic kept moving, because the DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to The Washington Post, which was the first to report the incident.
Following the attacks, Brownlee's phone ran hot with inquiries from North American network operators and root server operators wanting to know whether they had shown up in his data.
"You can see that on Monday the 21st there's a big blip on the servers, which was the effect of that attack, and there's a similar blip on most of the GTLD servers a few hours later."
Brownlee says he's not surprised the attack happened and that most root server operators responded quickly. For example, Paul Vixie, a recent visitor to New Zealand's Uniforum who operates the F .root server, put a filter in place immediately, says Brownlee.
"It was a very big DDoS attack, and I wouldn't want to be complacent, but this sort of thing has been capable of happening for a very long time," he says.
CAIDA, based at the University of California's supercomputer centre, provides internet infrastructure tools and analysis. "We have been working with root server operators for two to three years to provide more instrumentation. We look at questions like, are the servers located in the best possible places, and do simulations of what would happen if they were shifted."
Brownlee, who spends the other six months of his year working for the IT department of Auckland University, is halfway through a three-year contract with CAIDA.
"It's nice to be in the middle of the Internet community but equally it's very nice to come home, and I'm very committed to staying in touch with what's happening in New Zealand."
Brownlee puts up the information he collects at http://www.caida.org/cgi-bin/dns_perf/main.pl . It is updated once a day.