CW 10/20: Internet Software Consortium opens global Internet crisis coordination center -- Operations, Analysis and Research Center (OARC

["H. Morrow Long" <morrow.long () YALE EDU>]

[This appears to be setup primarily to protect the global root DNS servers from attack - Morrow]

[http://www.computerworld.com/printthis/2003/0,4814,86271,00.html]
 You may retrieve this story by entering QuickLink# 42247

ISC opens Internet crisis center

By TODD R. WEISS
OCTOBER 20, 2003

               Last October's hacker attack on the global root servers that run the core addressing system of the 
Internet knocked out seven of the 13 servers for a time, but caused nary a problem for most Internet users (see story).

But that massive attack and its implications haven't been forgotten by many of the people behind the scenes who help 
keep the Internet functioning. And to try to prevent a larger attack from possibly taking down the whole Internet in the 
future, a new group is being launched by the nonprofit Internet Software Consortium (ISC) to help protect the security of 
the system.

The ISC today announced the Operations, Analysis and Research Center (OARC), a global Internet crisis coordination 
center that will be used to study and monitor traffic on the Internet so that technicians will be able to differentiate 
high-demand traffic spikes from high-intensity attacks on root servers.

"That [attack last year] did open our eyes," said Paul Vixie, chairman of the Redwood City, Calif.-based ISC, which provides services for the Internet's Domain 
Name System (DNS). "In our application, it's very difficult to determine what 'normal' [Internet traffic conditions are]. So we're going to have to 
define 'normal' and go from there."

Before the root server attacks, when all 13 of the Internet's root DNS servers were hit by intruders in a massive distributed 
denial-of-service attack, there was no group set up to protect the DNS system globally, Vixie said. "It's like having a child and 
seeing them grow up and suddenly they go to college, then wondering how it happened so fast."

Last year's attack was apparently designed to disrupt the Internet by clogging root DNS servers with useless traffic. 
The root DNS servers provide the vital translation services needed for converting a Web name such as www.computerworld.com 
into a corresponding numerical IP address.

Now that the new group has been launched, the OARC is seeking members to work on the problem by bringing together the 
resources of the IT community.

What will be created is essentially a virtual research center that will link together top-level domain operators, 
corporate network data centers, large commercial name servers, DNS technology vendors, researchers and government and 
law enforcement officials to study and monitor the meaning of Web traffic. By connecting some of their servers and 
equipment together in a global grid computing system, the group hopes to cull information that can be used to stop 
future attacks.

"Any entity that depends on DNS on a minute-by-minute basis is a potential member of the group," Vixie said.

ISC hopes to draw together a critical mass of between 100 and 500 members by the beginning of next year, when the group 
hopes to begin research for its mission, he said. For now, an incident reporting system has been set up on the group's 
Web site for members and major network operators to coordinate responses to threats and attacks on the DNS.

So far, members of the OARC include The Internet Society, Cisco Systems Inc., MCI (still operating as WorldCom Inc.), 
XO Communications Inc., UltraDNS Corp., TLD operator Afilias Inc. and Verio Inc., as well as many of the operators of 
the global root DNS name servers.

Ram Mohan, chief technology officer for Afilias in Horsham, Pa., which is participating in the project, said the OARC 
will also establish a testing laboratory where researchers will be able to safely simulate massive Internet DNS attacks 
and then find ways to fight them off.

Until now, there has been no direct way for root server operators and other domain operators to communicate in times of attack or 
problems, he said. "There was no organized, central way to do this," he said.

Hackers try to go for the kill by attacking the top of the Internet organizational chain -- the DNS root servers -- under which 
everything else operates, he said. "The root is at the heart of the Internet and if you can make that heart stop, no traffic 
flows," he said.

The new group could help change all that, Mohan said. "It will help us coordinate a response to that attack that isn't possible 
today. What we're looking for is an early warning system."

Source: Computerworld
                                       # # #

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.