Net Backbone Withstands Major Attack

The Internet withstood what appears to have been a major attack on its core infrastructure late Monday when all 13 of its root servers were struck, according to a spokesman for VeriSign, which operates two of the servers.

The distributed denial of service (DDOS) attack started at about 5 pm EDT Monday and lasted about an hour, said VeriSign spokesman Brian O'Shaughnessy, the largest Internet domain name registrar.

The US Federal Bureau of Investigation's (FBI's) National Infrastructure Protection Center “is aware of the matter” and is “addressing” it, said Steven Berry, a supervisory special agent with the FBI's press office.

Root servers are used by the Internet's DNS (domain name system), which takes domain names that can easily be remembered by people, such as, and converts them into the numerical IP addresses used by computers.

Four or five of the Internet's 13 root servers kept working during the attack and so Internet traffic kept moving, because the DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to a report Tuesday evening in the online edition of the Washington Post, which was among the first to report the incident.

In fact no major outages occurred as a result of the attack, according to the Post, meaning Internet users were blissfully unaware of what had happened. Nevertheless, one source quoted in the report characterised the incident as one of the largest attacks ever against the Internet.

“This was the largest and most complex DDOS attack ever against the root server system,” an anonymous source at an organisation responsible for the system told the Post.

Matrix NetSystems, which tracks the status of Internet traffic, said Tuesday that the DDOS actually lasted for as long as six hours and may have slowed down Web traffic and the delivery of e-mails for some users late Monday night.

“What happened was dramatic,” said Tom Ohlsson, vice president of marketing for Matrix NetSystems, which compiles reports that detail how much traffic goes through the Internet backbone at any given time. “In terms of damage, the worst is probably behind us as of (Tuesday).”

DDOS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic. They are typically very simple to carry out, Ohlsson said.

Officials at organisations that operate the Internet backbone told the Post that they do not know yet who is responsible for the attack or if it suggests that a more serious attack is likely to come.

Matrix NetSystems traced the attacks to a number of US Internet hosting service providers, as well as one in Europe, which likely acted as “unwitting hosts” to the perpetrators, Ohlsson said. He said the attack could have originated anywhere.

A spokeswoman for Microsoft's MSN Internet service Tuesday said it had not noticed any slowdown in traffic.

VeriSign said its two root servers kept working during the incident. “VeriSign expects that these sort of attacks will happen, and VeriSign was prepared,” O'Shaughnessy said.

Other root server operators include NASA Ames Research Center, the US Army Research Lab, the Internet Corporation for Assigned Names and Numbers and the Internet Software Consortium.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by IDG News Service staff

Latest Videos

More videos

Blog Posts