Expert warns of attacks on DNS servers
By Rene Millman,
The kind of attacks that hit the internet's root servers in February, could be played out in an organisation's infrastructure with devastating effects.
In February, hackers took aim at the root servers of the internet in a distributed denial of service attack that lasted hours. The offensive was thought to be one of the biggest seen in four years.
But Cricket Liu, vice president of Architecture at network appliance vendor Infoblox and an expert on DNS, said that the attack was doomed to failure because 11 of the 13 root servers ran in Anycast groups that prevented them from being swamped with information.
Servers in an Anycast configuration run different servers in different locations but anyone on the internet will only see the nearest box to them. It is used to provide redundancy and load sharing to specific types of network services on the internet.
He said that it would be extremely difficult to hackers to completely overcome a particular set of servers.
"You can't simultaneously attack all 40 servers in the group because you can't see all 40 servers at the same time. They all have the same IP address," said Liu. "You'd have to attack all 40 from 40 different points around the world to be anywhere near successful. That would be a pretty big task for any hacking organisation."
But he warned that companies running DNS servers within their own infrastructure could see the name servers by successfully attacked in the same way.
He said that many organisations had their name servers all on the same subnet and hackers would find the task of taking them offline a trivial one with a dozen broadband-connected boxes.
"In places like South Korea there is a huge penetration of broadband and a lot of bandwidth available to computers. A box with 20Mbps bandwidth to the internet can generate a lot of traffic," said Liu.
He said that companies should consider using Anycast on name servers to prevent them from being a victim of a DoS attack from hackers. But Liu warned that there was a certain amount of fear that prevents organisation from deploying Anycast as they perceived it to be too complicated to roll out.
"In some cases they haven't even heard of it. Some people give you a blank look when you bring up the topic," he said.
advertisement
Latest Security Features
The present and future of IT security
Mobile working and virtualisation could boost security - this and other insights on the past, present and future of IT security from Gartner research vice president Jay Heiser.
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
Latest Security Reviews
Samsung Omnia (i900)
Rating: 
- Fortinet FortiGate-3810A
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?