The Internet withstood what appears to have been a major assault on its core infrastructure late Monday when all 13 of its root servers were attacked, according to a spokesman for VeriSign Inc., which operates two of the servers.
The distributed denial of service (DDOS) attack started at about 5 p.m. EDT Monday and lasted for about an hour, said Brian O’Shaughnessy, a spokesman at VeriSign, the largest Internet domain name registrar.
The U.S. Federal Bureau of Investigation’s (FBI’s) National Infrastructure Protection Center “is aware of the matter” and is “addressing” it, said Steven Berry, a supervisory special agent with the FBI’s press office.
Root servers are used by the Internet’s DNS (domain name system), which takes easy-to-remember domain names used by people and converts them into the numerical IP addresses used by computers.
Four or five of the Internet’s 13 root servers kept working during the attack and so Internet traffic kept moving, because the DNS is structured so that eight or more of the servers have to stop working before slowdowns occur, according to a report Tuesday evening in the online edition of the Washington Post, which was among the first to report the incident.
In fact, no major outages occurred as a result of the attack, according to the Post, meaning Internet users were unaware of what had happened. Nevertheless, one source quoted in the report characterized the incident as one of the largest attacks ever against the Internet.
“This was the largest and most complex DDOS attack ever against the root server system,” an anonymous source at an organization responsible for the system told the Post.
Matrix NetSystems Inc., which tracks the status of Internet traffic, said Tuesday that the DDOS actually lasted for as long as six hours and may have slowed down Web traffic and the delivery of e-mails for some users late Monday night.
“What happened was dramatic,” said Tom Ohlsson, vice president of marketing for Matrix NetSystems, which compiles reports that detail how much traffic goes through the Internet backbone at any given time. “In terms of damage, the worst is probably behind us as of (Tuesday).”
DDOS attacks blast servers with more data than they can handle, which can cause servers to overload or crash and networks to clog with traffic. They are typically very simple to carry out, Ohlsson said.
Officials at organizations that operate the Internet backbone told the Post that they did not know yet who is responsible for the attack.
Matrix NetSystems traced the attacks to a number of U.S. Internet hosting service providers, as well as one in Europe, which likely acted as “unwitting hosts” to the perpetrators, Ohlsson said. He said the attack could have originated anywhere.
VeriSign said its two root servers kept working during the incident. “VeriSign expects that these sort of attacks will happen, and VeriSign was prepared,” O’Shaughnessy said.
Other root server operators include NASA Ames Research Center, the U.S. Army Research Lab, the Internet Corporation for Assigned Names and Numbers and the Internet Software Consortium.